When we think of phishing, most of us imagine a conventional phishing attack that begins with a legitimate-looking email. It might appear to come from an e-commerce site with which you happen to do business. “We’ve lost your credit card number. Please follow the link to re-enter it,” the email says. But the link leads to a malicious site where you enter your credit card number, press submit, and you have just been phished by hoody-clad hackers.
Even more likely in modern phishing attacks, the email may trick you into giving up your digital identity—for example your Gmail account. Many legitimate sites give you the option to log in using social login. What’s to stop a criminal site from asking for your credentials in the same way? The answer: nothing. (Best to be sure that you only use social login on sites that you’re sure you can trust.)
Not every phishing attack starts with a spam email, though. Wi-Fi phishing is analogous to conventional phishing, and the stakes are just as high—or even higher. To understand how this works, let’s begin at the beginning.