A user reported being prompted for a name and password after connecting to the corporate wireless SSID and is now facing unauthorized transactions. What attack vector was MOST likely used?

In this scenario, the situation described aligns closely with the characteristics of an evil twin attack. When a user connects to the corporate wireless SSID and is immediately prompted for login credentials, this behavior suggests that they may have connected to a malicious access point that mimics the legitimate network but is controlled by an attacker.

An evil twin consists of a rogue access point that imitates a legitimate Wi-Fi network, offering an identical SSID. Users are often unaware of the difference and may enter their credentials, which the attacker can then capture. The unauthorized transactions reported by the user further imply that the attacker could have gained access to their account or sensitive information after obtaining their login details.

While rogue access points can refer to any unauthorized access points set up on a network, the specific context of mimicking an existing SSID and prompting for a password aligns more closely with the characteristics of an evil twin attack. Therefore, the situation indicates that an evil twin attack was the most likely attack vector in this case.