20 Mar, 2021

Evil Twin and T.C. ID Number Capture

It shows how easily personal information can be stolen by pretending to offer a fake free wireless internet service.
This video aims to raise awareness about the environments where personal data is shared.

Phase-1: Offensive preparation phase
The attacker is running the utility to perform his attack.
The attacker chooses the interface, SSID, and channel to be used to activate the broadcast.
The attacker said he would provide secure internet to increase the credibility of the victim's T.C. it creates a login page that says to enter the id number.

Phase-2: Attacker waiting for victim to connect to network

Phase-3: The victim gains access to the network
The victim here is T.C. He enters the ID number and the attacker sees this information and saves it saved.credentials.txt so that it can be recorded.

Lessons Learned:
Use WIPS in your institution's network.
Block deauth flood with IDS.
Prefer wired networks where possible.
Only connect to wireless networks that you are sure are safe.
If you are asked for personal data, be cautious.
Do not connect if the SSID name does not make sense.
Be cautious after sudden disconnections.
Be cautious if free links are promised.
Be skeptical if you are directed to portal pages.
If you are redirected to sites without valid SSL certificates, close the connection.


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram