An evil twin attack is a hacking method in which an attacker purposely sets-up a Wi-Fi network that has the same name or SSID (sometimes even the same MAC address) as a legitimate one in order to trick victims into connecting to it. It is the wireless network equivalent of the phishing scam.
Once the victim connects to the fraudulent Wi-Fi, the attacker can eavesdrop and monitor all of the internet traffic that goes to the victim’s device, such as a laptop or mobile phone. They can also carry out phishing attacks, steal login credentials and other sensitive data, inject malware and even install a backdoor to the user’s device.
Often, victims are not aware that they have fallen for an evil twin attack because, from their perspective, it feels no different than connecting to any other Wi-Fi network. The main difference is that once connected, everything that they do online can be tracked and even controlled by the hacker. If the victim were to log into an unsecured bank or email account, for instance, the hacker is able to intercept login details as well as transactions as all the traffic is sent through the hacker’s device.
How does a hacker typically perform an evil twin attack?
Once the hacker has chosen the Wi-Fi network or hotspot to spoof, he/she will create a counterfeit wireless access point (AP) with the same name, one that closely resembles it or a name that could really tempt users (“Free Wi-Fi”, for example). Open networks are a prime target as users can connect to it automatically without requiring a password.
To avoid falling victim to such attacks, you have to always practise caution when using public Wi-Fi and not log in to unknown and suspicious networks. When possible, try to verify with the owner of the establishment whether the Wi-Fi you’re going to connect to is indeed legitimate. You can take precautionary measures such as only visiting HTTPs sites or use a VPN which encrypts your traffic to avoid sniffing and snooping attempts and even by utilising multi-factor authentication to protect your accounts, even if your login credentials are stolen.
But at the end of the day, the best way to prevent such attacks is to not connect to public networks.