You're right, this is a big security issue. Although people caught doing it can get into a lot of trouble as it is illegal in some places. Most people will try this with a program called AirSnarf. You can experiment yourself to see how it works. As Wil said, it isn't easily avoidable for the average inexperienced user, but there are precautions you can take to avoid it.

There isn't really any good way of avoiding it - If there is a network with the same SSID, your machine will simply connect to whichever one either gets found first or has the strongest signal.

I know this because there are some environments I have set up where we have overlapping SSIDs for good reasons - to cover a huge area.

As for not connecting to bogus points, I guess you just need to make sure that the key doesn't get out or if in a corporate environment, use a certificate infrastructure - however, this is one of the biggest weaknesses of wireless networks.

You are right in identifying this as a possible problem (and posably a practical attack vector).

If you are particularly paranoid, then you could setup a VPN through which all your wireless connections run. This could be run on either the router/AP directly (some Linux based routers run OpenVON like a charm) or another machine on your network. That way if your wireless machines end up connecting to a different network they will either get through to your network securely (bit probably much more slowly) as the VPN will protect the traffic or (if the VPN isn't publically connecable) they won't get through but you will at least know there is a problem and still no information (beyond "this guy is trying to connect to a VPN") will be exposed. For extra securitry set your network routing such that machine can only see the network over wireless through the VPN (so if someone else hits your network accidentally or otherwise they won't get beyond the firefall without a valid set of VPN authenticaion credentials) and that any services on the wireless machines are only available on the VPN (so they can't be probed if you accidentally join an alien network).

With all of the above in place you could actally turn the wireless security off and just rely on the VPN, firewall and routing rules to protect you. Though there is little harm having the second level of protection.

The only major hole left here is that an attacker could setup a VPN end point on their network that mimicked yours, but this would require insider knowledge or other access to your network (i.e. they would need to have access to your server's private keys or your certificate/key signing keys) by which point they don't need to mimic the VPN anyway.

Caveat: I've not yet been paranoid enough about the traffic that is sent over my home wireless network or others I have any responsability for (the few things we are that paranoid about, such as client data or authentication to access the same, simply don't go anywhere near a wireless connection without being wrapped in a VPN tunnel or other encryption), so I have not yet got around to setting this up myself. It is on my "when I have time to play" list though!