How to avoid becoming a victim of an evil twin attack

It’s natural for you to turn to public WiFi if it’s available when you are out. Many coffee shops, restaurants, airports, and shopping malls have access points for public WiFi networks everywhere. That’s why it’s often tempting to check your email, pay for your subscriptions, and shop online while sipping your hot chocolate. But the problem is that you can lose sensitive information to cybercriminals through those access points. Given the widespread use of wireless connectivity, it has become a nest for hackers and cybercriminals. They target Internet users who’re not too keen on protecting their privacy in many ways. One such tactic that always seems to work for these criminals is what we know as an “evil twin attack.”

This article will explore what this attack is, how to identify it, and how to protect yourself from it. So, keep reading!

how do evil twin attacks work

What is an evil twin attack?

The evil twin is a rogue or dubious clone of a legitimate wireless access point aimed at deceiving people. Hackers create this WiFi access point to look exactly like the real one and deceive users into connecting to the Internet through it. Once anyone connects to the network, the criminals will eavesdrop on their activities and steal all their data for illegitimate purposes.

Internet users often fall victim to the evil twin tactics because the access points usually seem like legitimate ones. The criminals behind the fake access point clone the MAC address and the SSID (service set identifier) of a legitimate network to confuse both the users and their devices.

That’s why users who don’t know anything about WiFi configurations will connect to the evil twin as the real hotspot. Once they use the clone, hackers will be intercepting the traffic that flows between them and the host. That’s why many people have fallen victim to financial scams, identity thefts, and other cyberattacks. Criminals use the evil twin to steal user’s data for many dubious and criminal activities.

Evil twin attacks are many times successful because most users don’t understand WIFI updating and configurations. Another reason is that most devices can’t differentiate between two networks that have the same name.

All they know is the SSID, and hackers usually have a field day manipulating it to confuse your devices. Moreover, most of the networks that provide public WiFi usually have many access points with one name. So, swapping from one access point to the other is often confusing for users but enables the criminals to add their clones as well.

Protect against evil twin attacks featured image

How do evil twin attacks work?

Cybercriminals usually carry out an evil twin attack to trickily collect a WiFi network’s authentication details. Once they have the admin credentials to an access point, they can easily read, view, or change every unencrypted data traffic to their advantage. So, to get that access, they usually create what we know as a “captive portal.”

If you’ve ever used the Internet in an airport or a restaurant, you must have landed on the captive portal. It is a screen with lots of information that no one bothers to.

On that same screen, users are usually asked to add specific information, and they usually do it without bother because it’s the usual thing. But if the cybercriminals created the captive portal, the users have unknowingly brought them into the network.

So, to gain that access easily, cybercriminals perpetrate the evil twin attack in these steps.

Step 1: Creating a fake hotspot

The cybercriminals behind an evil twin attack will start by setting up a fake WiFi access point with the name of their target network. To do this, they can use their own WiFi router and run through the network card on their computer or even use a WiFi pineapple for more range.

Step 2: Flooding the network

After creating the access point, they’ll need to push users off the legitimate access points into their deadly ones. To achieve that, they’ll make it hard for users to connect to the network by flooding it with “de-authentication packets.” Once they do that, it’ll be easy to push out the few devices already connected to the network. When users notice that they can no longer access a particular network, they’ll quickly open the network menu to search for a functional network.

The network menu will contain a network list, including a particular one with the same name as the malfunctioning one. But many users don’t see such replication as suspicious or harmful. Instead, they may relate it to connection problems and connect to it without any idea that they’ve just landed on the hackers’ turf.

Step 3: Redirecting the user

Now that the unsuspecting users have unknowingly connected to the malicious network, they’ll be redirected to the fake captive portal. The screen will typically contain many technical sentences but ask the users to provide the login credentials to the WiFi network. Once the users add the login details, the hackers have all they want to manipulate everything in the network.

How can you identify evil twin attacks?

We should say that the easiest way to identify an evil twin attack is by using sniffing tools such as Kismet or WiGLE WiFi. However, it is usually difficult for an average user to differentiate between a fake and a real network.

Some of the reasons behind that include:

  • Many devices we use to connect to public networks don’t have the sniffing tools to separate these networks.
  • Using the same service set identifier (SSID) name makes it difficult for you and your devices to know that the network is fake.
  • The attackers replicate the MAC address of the popular and trusted networks to deceive users further.
  • Evil twin perpetrators don’t usually need to be close to their target network to compromise it.
  • Sometimes, their network usually offers a stronger signal than the legitimate network.

How to protect yourself against evil twin attacks

Many people can’t detect an attack due to the sophisticated antics of the criminals. So, if you want to protect yourself against such attacks, do the following things:

1. Keep away from public WiFi


wifi network

It’s usually easy to fall prey to these predators if you’re an active user of a public network. We can’t stop you from using the free Internet in your community entirely, but if you must, try to be careful when using them.

Unsecured WiFi connections can lead to irreparable losses far higher than what you would spend on a secured network. So, if you can, don’t use a free network without any form of login restrictions, especially if it has the same name as a secured network.

2. Check warning notifications

Whenever you try connecting to a network and your devices start alerting you of something suspicious, please, check it out. Many users don’t bother, and it usually ends up badly. So, instead of dismissing those seemingly annoying warnings, pay attention because your device is trying to protect you from a hacker somewhere.

3. Disable auto-connect features in your devices

Don’t allow your devices to push you into the waiting arms of evil twin attackers by connecting easily to every open WiFi. Instead, disable that feature and let your device ask for permission first before connecting. That way, you can check the network and approve or disapprove.

4. Limit your activities

Let’s say you’re pressed for time and have to use the public WiFi network; make sure you don’t log in to your sensitive accounts. We don’t have to tell you that your financial details, such as bank details, credit card information, social security number, etc., must not appear on an unsecured network. So, please don’t use it on such networks.

5. Always use a VPN

From all indications, it’s difficult for average users to identify a clone access point. That’s why many people have fallen victim to evil twin attacks. Sometimes too, you may be too busy to think about the legitimacy of a particular network while using it. That’s why a VPN is the next best thing to simplify your life.

A VPN protects your identity and encrypts your data on the Internet no matter the network you’re using. The service is so effective that even the attackers cannot access whatsoever information you input on the Internet. Even if they hijack your data, it will be completely useless because they can’t decrypt it.

But remember, not all virtual private networks are reliable. If you go ahead to use the free services, you’re as good as compromised. So, make sure you subscribe to a secure VPN service with servers worldwide and use military-grade encryption protocols. That’s the only way to be sure of your privacy and safety.

Final words on evil twin attacks

Evil twin attacks are a dangerous and common form of cyberattack that can affect anyone, especially on unsecured networks. As long as you’re using the Internet, you’re susceptible to every kind of malicious intent.

But if you want to be free from all that, avoid public networks if you can. Also, try to verify your connections before doing anything on them. Finally, no matter how busy you are, check the warning alerts on your devices to be on the safe side.

Finally, use a reliable VPN service to hide your details from evil twin attackers. No matter what they try on those public WiFi networks, they can’t touch you even if you use them.

Featured image: Shutterstock

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top