What Is an Evil Twin WiFi Attack?

Evil Twin Attack is a fraud WiFi access point that seems legitimate, but it’s set up to eavesdrop on wireless communications. This type of attack is also known as the man-in-the-middle attack. It is often used to steal passwords from unsuspecting users through network monitoring or phishing. 

This guide covers all you need to know about Evil Twin WiFi attacks, how Evil Twin WiFi works, and Evil Twin attack prevention. 

What Is an Evil Twin WiFi Attack?

An Evil Twin WiFi attack is a WiFi scam where the hacker sets up a fake wireless access point that imitates a legitimate network to steal data or login credentials. Simply put, it’s a phishing website, but for WiFi.

How Evil Twin WiFi Attack Works

The fake Wi-Fi network is identical in appearance to the real one.  The rogue version requires the same password as the legitimate network requires it. The moment you enter it, the attacker captures your credentials. Yet you still connect to the internet normally, leaving you completely unaware.

Here’s a breakdown of how Evil TwinWi-Fi works:

• Setup: For instance, you head to a hotel, and their real WiFi is “Hotel_Guest.”
• The Fake Network: A hacker creates a fake network, named “Hotel_Guest.” Their antenna is stronger, which helps this network name appear on top of your list. 
• Trap: You connect to the WiFi. The hacker sits in the middle and captures your passwords, credit card numbers, and other sensitive information. 

The main risk is that the Evil Twin attack makes you think you’re on a safe and encrypted connection, while you’re not, from this fake WiFi hotspot attack.

What Is an Evil Twin WiFi Attack Example

Here are a few real-world style examples of the Evil Twin attack, and how they can happen: 

1. The Hotel

Hackers might set up a duplicate WiFi network of the hotel and ensure that the fake WiFi network has stronger antennas. This makes sure that the fake WiFi name comes on top, and you connect to it thinking it’s legitimate. Once connected, the hacker can steal all personal information you access on your device. 

2. The Coffee Shop

Here’s another Evil Twin attack example: you go to a local coffee shop, and the official WiFi is named “CoffeeShop_Guest”, and it requires you to click Accept on a login page. The hacker sits in the corner with a laptop and creates a hotspot named CoffeeShop_Guest. And, this network will have stronger signals than the real router. 

3. The Airport

You can be at an airport, for instance, JFK airport. You see Free Airport WiFi and connect. The network, similar to the previous Evil Twin attack example, is a trap. The network is actually a hacker’s laptop, and everyone assumes it’s official. And, everything you access on your device is visible to the hacker.

What Are the Best Evil Twin Attack Prevention Tips

Here are the best Evil Twin attack prevention tips to protect yourself from an Evil Twin attack:

1. Use a VPN

A VPN encrypts all your network traffic before it leaves your device. Moreover, the hacker only sees scrambled, unreadable data even if you’re connected to an Evil Twin. We recommend only trusting a premium VPN that offers features like Internet Kill Switch, robust encryption protocols, and more. 

2. Disable Auto-Connect

Evil Twins often rely on your device automatically connecting to a network. You can avoid auto-connecting to a fake WiFi network by disabling auto-join. 

• iPhone: Settings > WiFi > Disable Auto-Join Hotspot. 
• Android: Settings > Network & Internet > WiFi > Disable Connect to open networks.
• Windows: Settings > Network & Internet > WiFi > Manage known networks > Turn off auto-connect for public networks.

3. Use Cellular Data for Sensitive Tasks

4G and 5G are direct, encrypted connections to your carrier. There’s no middleman WiFi router for the hacker to spoof. Logging into banking, email, or work systems with mobile data is safer than any public network. 

4. Use HTTPS Sites

Modern browsers show a padlock for the HTTPs sites. This means that the connection to the website is encrypted. However, some hackers can perform SSL Stripping, which downgrades your HTTPS connection without you noticing. 

5. Forget Networks After Use

Always forget the networks after use. Once done, go to Settings > WiFi and select Forget Network for the WiFi network you don’t need to use anymore. This avoids your device from constantly asking you to connect to a network.

6. Use WiFi Security Apps

Apps can detect duplicate network names or suspicious access points. For example, Wireless Network Watcher on Windows, or WiFiphisher’s detection mode, can help avoid an Evil Twin WiFi attack.

7. Verify the WiFi Network With Staff

It’s best to ask an employee and verify the WiFi network rather than guessing it. Confirm which network name is real, and connect to it. 

What to Do if You Connect to an Evil Twin WiFi?

Here’s what to do if you suspect or confirm that you’ve connected to an Evil Twin WiFi network: 

1. Disconnect From the Network

Here are the immediate steps you must take: 

• Click the WiFi icon and select Disconnect or turn off the WiFi. 
• Forget the network if your device is set to auto-join. 

Follow these steps to disconnect from the network on a smartphone or a desktop: 

• Android/iPhone: Settings > WiFi > Tap the gear icon beside Network > Forget this network. 
• Windows: Settings > Network & Internet > WiFi > Manage known networks > select the network > Forget.
• Mac: System Preferences > Network > WiFi > Advanced > Select the network > Remote. 

2. Turn Off WiFi and Switch to Cellular Data

After you disconnect from the network, turn off WiFi and enable cellular data. This ensures that all network traffic bypasses the rogue access point. However, if you don’t have cellular service, then enable Airplane mode and then turn it off. Do not reconnect to WiFi until you find a trusted network. 

3. Immediately Change All Sensitive Account Passwords

Ensure that you followed the previous steps. Once done, immediately change passwords of all critical accounts. For example, start with changing the password for your email account ➡️baking apps ➡️ social media ➡️ work accounts ➡️ any other saved logins.

4. Log Out of All Active Sessions

Websites often keep you logged in even after you change your password on another device. Go to your device’s account security settings and select Sign Out of All Devices. For Google: myaccount.google.com > security > manage devices > sign out all. 

5. Run an Antivirus Scan

Evil Twin attacks can be combined with malware delivery. The hacker might try to push a fake update or certificate onto your device. And, we recommend running an antivirus scan to prevent any data theft attempts. 

6. Check for Fake Security Certificates

Advanced Evil Twin attacks often install rogue SSL certificates to intercept HTTPS certificates. Here’s how to check for fake security certificates on your smartphone or Windows device: 

• iPhone: Settings > General > VPN and Device Management > Profiles. Delete the profile that you didn’t install. 
• Android: Settings > Security > Encryption & Credentials > Trusted credentials. Check if there are any unfamiliar system certificates. Do not delete any system certificates.
• Windows: Press Win + R > type certmgr.msc > Trust Root Certification Authorities. Check if there’s anything suspicious or dated today. 

7. Report It

Tell an employee if this happened at a business. They might not know that someone is spoofing their network. Tell them you see two networks with the same name, and verify which one is correct. 

Frequently Asked Questions (FAQs)

Final Note

An Evil Twin WiFi attack is a WiFi phishing attempt in which a hacker replicates an original Wi-Fi network and names it the same, confusing people and leading them to connect to it. 

The replicated network offers stronger signals, and its name appears at the top of the list, making it more visible to users when connecting. However, Evil Twin WiFi attacks are avoidable. Or, if you believe you’ve already fallen prey to it, then follow the steps covered in this article to avoid data theft.

Moreover, using a password manager ensures that your account credentials remain safe even if your device is compromised by malware. FastestPass offers an encrypted password vault, ensuring your credentials are safe as long as you never share the vault’s Master Key with strangers.