From Yahoo
Hop into Starbucks or an airport terminal and you may find yourself tempted by the inexpensive Wi-Fi service offered. Fire up your computer, browse the wireless networks available, and maybe you'll jump on a network named "tmobile" or "wayport" or some other common name among Wi-Fi service providers. Sure enough, your browser pulls up a page asking for your credit card information... or maybe you'll find yourself with "free" access to the internet. Surprise: You might have just been punk'd by a hacker.

Such is the case of the "evil twin" hotspot, a rising danger for users who rely on public hotspots for internet access. The trick is simple: A hacker just creates a hotspot with the same name (or a very similar one) as a legitimate hotspot nearby, hoping to dupe web surfers into connecting to the hacker hotspot instead of the legitimate one. The goal is the usual fare: Collect user names, passwords, credit card numbers. All the good stuff.

The Los Angeles Times notes that such lookalike networks are on the rise, and though this scam has been around for many years, it seems to be rising in popularity. My hunch? Wireless routers have better range than ever before, and it's practically child's play to set up a harvesting web site to dupe people into giving up their personal information. And since your laptop will automatically connect to any network you've connected to in the past (Windows thinks any network named "linksys" is the same network no matter where you go), people can be duped by evil twin hotspots without ever knowing it.

So what can you do about it? Sadly, not a lot, and all that security software on your laptop won't help you one bit if you willingly connect to one of these hotspots. As with most scams, diligence is your best ally: Learn what legitimate hotspot web pages look like. Hackers rarely make a perfect copy. If you encounter anything out of the ordinary, disconnect from the hotspot immediately. Tell the manager of the establishment you're trying to connect to that something funny is going on. They may not do anything about it, but hopefully they'll call the cops and encourage them to track down the signal.

Or if your really that worried, you could like just not give any private info over a hotspot you don't know... and if you must, encrypt the hell out of any private data you are forced to send. TOR will effectively encrypt anything past most hackers amount of will for example. Or you may decide it would be safer and faster to send any data through something like ssh to your homebox. Really, too much is given to this kind of exploit, especially concidering with any given hotspot, you can arp poison the connection, and probably would be able to man in the middle anyone at any of these places.

The problem isn't more of a hotspot issue then any other one really, so it all comes down to "If your connecting to anything you aren't responsible for the security for, you can pretty well expect someone can get unencrypted information from you with only as much trouble as it took for you to get the account anyway."

This "rising danger" really isn't
A. New
B. Any more dangerous then sharing the same information over any hotspot with multiple people having access to it.
C. Unpreventable, If you properly encrypt something, crackers are going to move on to easier targets... plus how windows handles hotspots isn't exactly too hard to change. I guess setting up phishing hotspots wouldn't be that hard to do, but I don't think I would pay for hotspot internet access, especially since you can pick up dozens of hotspots on any given US block that won't give you the same access for free.