Be Careful When Connecting to Guest WIFI Networks

How Wi-Fi Spoofing Works:

  1. Creating a Fake Network
    : An attacker sets up a rogue Wi-Fi network that mimics a legitimate one (e.g., “Office Wi-Fi”). This can be done using software and hardware that allow them to broadcast a signal with the same name (SSID) as the real network.
  2. Attracting Users: Unsuspecting users may connect to this fake network, thinking it’s the legitimate one. Attackers often position themselves in places where people are likely to connect, like cafes or office buildings.
  3. Intercepting Data: Once connected, the attacker can monitor all traffic between the user’s device and the internet. This includes any data sent over the network, such as login credentials for services like Office 365.
  4. Phishing Techniques: Attackers may redirect users to fake login pages that look identical to the real Office 365 login page. If users enter their credentials, the attacker captures them.

Using Tokens to Obtain Credentials:

  1. Session Hijacking: If a user logs into Office 365 while connected to the rogue network, the attacker can capture session tokens. These tokens are used to authenticate the user without needing to re-enter credentials.
  2. Token Theft: Attackers can use tools to intercept these tokens as they are transmitted over the network. Once they have the token, they can impersonate the user and gain access to their account without needing the actual username and password.
  3. Accessing MFA Tokens: If the user has MFA enabled, attackers may also capture the MFA token if it’s sent over the network. For example, if the user receives a code via SMS or an authenticator app while connected to the rogue network, the attacker can intercept this code and use it to log in.

Inserting Their Own MFA:

  1. Account Takeover: If an attacker successfully obtains your Office 365 credentials or session tokens, they can log in to your account. If MFA is already set up, they may not be able to access the account immediately.
  2. Changing MFA Settings: Once logged in, the attacker can change the MFA settings. They might:
    • Add Their Own Device: Register a new phone number or authentication app to receive MFA codes.
    • Disable Existing MFA: If they have access to your account settings, they might disable MFA altogether, making it easier for them to access your account without additional verification.
  3. Using Social Engineering: Attackers may also use social engineering tactics to convince IT support or service providers to reset MFA settings, allowing them to gain full control over the account.

Preventive Measures:

  • Use VPNs: A Virtual Private Network encrypts your internet traffic, making it harder for attackers to intercept data.
  • Verify Networks: Always double-check the network name and ask IT if unsure.
  • Enable Strong MFA: Use MFA methods that are less susceptible to interception, such as hardware tokens.
  • Monitor Account Activity: Regularly check your account for any unauthorized changes or logins.

Conclusion:

Being aware of these tactics can help you stay vigilant. If you suspect your credentials have been compromised, change your password immediately and notify your IT department.

Scroll to Top