An evil twin attack uses a fake Wi-Fi access point that seems legitimate but is actually meant to eavesdrop on wireless communications. It is a phishing scam targeting wireless local area networks (WLANs). It lets attackers steal the passwords of unsuspecting WLAN users by monitoring their connections or through phishing. The latter requires threat actors to set up fraudulent websites to lure people to.
Physically, an evil twin attack can be compared to the following scenario: The attackers set up a booth in a conference. They ask attendees to leave their business cards in a fishbowl in exchange for freebies. Little do the people who unknowingly give out their personal details know that they are being targeted for scams.
Other interesting terms…
Read More about an “Evil Twin Attack”
Many Internet users fall for evil twin attacks because when we are in public spaces and need data access, we don’t really care much about privacy and security. Out of necessity, we connect to any available Wi-Fi access point. That’s how attackers intercept our communications.
How Does an Evil Twin Attack Work?
Evil twin attacks trick victims into thinking they are connecting to a reliable public Wi-Fi network when they’re actually not. To make attacks believable, hackers take these steps:
1. Select a Location Where Free Wi-Fi Networks Are Typically Found
To make an evil twin attack work, threat actors need a busy location where they can remain inconspicuous. Popular places include airports, malls, or coffee shops, as these usually offer free Wi-Fi access, and their access points bear the same name. Hackers can thus easily create a fake network indistinguishable from those the locations offer.
2. Set Up a Wi-Fi Access Point
Hackers then need to create a new hotspot using the same Service Set Identifier (SSID) name as the legitimate network.
3. Make a Fake Captive Portal Page
Public Wi-Fi networks typically have a captive portal page, which requires users to enter a password and other basic information for network access. The hackers can replicate them to trick users into handing over personal information. Here’s an example of a fake captive portal page mimicking the Dunkin Donuts network:
4. Get Closer to Potential Victims
When the hackers finish setting up the evil twin access point and fake captive portal page, they can move their devices or routers closer to potential victims to strengthen their signal. Why? Keep in mind that it’s only logical for people to choose the network that offers the strongest signal when accessing a network.
5. Monitor and Steal User Data
Connecting to an evil twin network allows hackers to monitor everything users do online. If they log in to any account while connected to the network, the attackers can collect their login credentials.
How Can Users Avoid Becoming Evil Twin Attack Victims?
While evil twin attacks can be hard to identify, you can protect yourself when connecting to public Wi-Fi networks.
1. Don’t Connect to Unsecured Wi-Fi Hotspots
The easiest way to avoid becoming an evil twin attack victim is to use a personal hotspot instead of public Wi-Fi when possible. Make sure you set a password to keep your access point private. But if you need to connect to a public network, avoid access points marked “Unsecure.” That is a telltale sign the network is an evil twin.
2. Disable Auto-Connect
Auto-connect-enabled devices automatically access networks you’ve used before when you’re in their range. That can be dangerous if you have unknowingly connected to an evil twin network before. That said, disable auto-connect when you’re in public.
3. Don’t Log in to Private Accounts on Public Wi-Fi
Avoid logging into private accounts (e.g., bank accounts) when using public Wi-Fi. Hackers can only steal your login credentials if you use them while you’re connected to their evil twin network.
4. Use a VPN to Encrypt Traffic
Companies require their employees to use a virtual private network (VPN) to log into their accounts when they’re off the premises. VPNs encrypt all the data your devices transmit and protect against evil twin attacks.
5. Use Two-Factor Authentication
Accounts that use two-factor authentication (2FA) offer an additional layer of protection against evil twin attacks. Even if hackers steal your login credentials, they still won’t be able to access your account without your device and personal identification number (PIN).
Evil twin attacks, as you’ve seen, are dangerous. They can put unknowing victims at significant risk of losing their hard-earned money in their bank accounts. If the victims give out their corporate account credentials, their organizations stand to lose confidential data and more.