Evil Twin Attacks: What They Are and How to Protect Yourself From Them

Learn how to recognize an unsecured network

Public Wi-Fi connections make it possible to take devices anywhere and still stay connected to others via the internet. Unfortunately, they can also present serious security issues that many people are unaware of. One of those is the aptly-named evil twin attack.

What Is an Evil Twin Attack?

An evil twin attack is a scam that hackers use to trick you into logging into a fake public Wi-Fi network so they can steal your information.

It's called an evil twin attack because hackers create a fake wireless access point that mimics a legitimate public, free Wi-Fi hotspot. The average person can't easily tell the difference between the two and ends up logging into the fake network known as the 'evil twin'.

This happens when a hacker uses the same or similar Service Set Identifier (SSID) name as the legitimate hotspot. Most people know SSIDs as the Wi-Fi name provided by the public location, such as "Joe's Coffee Shop" or another friendly phrase.

A conceptual illustration of an Evil Twin Attacker.
 Lifewire / Theresa Chiechi

How Does an Evil Twin Attack Work?

This type of attack typically occurs when people are attempting to use a free public network. There are two approaches: The first involves mimicking a captive portal page. These are free Wi-Fi computer networks that require users to enter login information onto a special web page before they will connect a user to the internet. Hotels tend to use these the most, but eating establishments also use them; hackers simple recreate the page that mimics the log-in page to trick users into logging on to their fake version.

The second approach hackers use is to set up a completely fake Wi-Fi hotspot that looks exactly like the real one. As people search for "Joe's Coffee Shop" they will see two connection options with the same or very similar names and select one. If someone chooses the wrong one and logs in to the fake Wi-Fi network with their laptop, smartphone, or another device, hackers are instantly in control. They then intercept any information a person types into their computer and sometimes even redirect users to fake websites (called phishing sites) to request more information.

Hackers are looking for sensitive information, such as banking usernames and passwords, but they'll take any information they can uncover about a person including home addresses, phone numbers, and general passwords.

How Do Evil Twin Scammers Find Victims?

Evil twin hackers can find victims anywhere there is a free public Wi-Fi network. This can include public Wi-Fi at places like McDonald's or Starbucks but also can happen at other less obvious public locations, such as a hotel's complimentary wireless internet option.

Often, the victim is in a hurry and isn't paying close attention to the warning signs that their public connection has been compromised. Other times, however, the signs are so minimal that the victim has no chance against the hacker.

How Do I Avoid Getting Involved in an Attack Like This?

The most important thing to do when using any public Wi-Fi hotspot is to exercise caution when establishing the connection. If you're attempting to log into a public network and have any trouble at all in connecting, it could be a sign there is an evil twin attack underway.

In particular, watch for these warning signs:

  • Wording that states the connection might not be secure
  • Sudden redirects to the (apparently) same captive portal page after you have already logged in with a hotel or restaurant's login information
  • Connection breaks that require you to log back into the hotspot instead of automatically reconnecting you

If any of these occur, they are clues that your connection might not be safe and secure.

I'm Already a Victim. What Should I Do?

If you believe your personal or sensitive information has landed in the hands of scammers, there are damage control actions you can take. For example, you can immediately update your passwords to newer, stronger ones. You can also put security freezes on credit cards and contact your bank to get their help if you believe your financial accounts have already been compromised.

You can also report internet scams and fraud to the authorities.

How Do I Avoid Being Targeted in an Evil Twin Attack?

The easiest way to avoid becoming a target is to never use public Wi-Fi hotspots. One way to do that is to set up your smartphone as its own Wi-Fi hotspot. This lets you set up your own network names, passwords and even security protocols.

If you can't or don't want to do that, follow these tips to help avoid hackers who are intent on finding you.

  • Use a VPN to connect to a public hotspot. There both free VPN services and paid VPN services that encrypt your keystrokes and traffic before it leaves your device so hackers can't ever see it.
  • Never connect to a public Wi-Fi hotspot that says 'Unsecure'. Even if you have used the hotspot previously.
  • Only use secure HTTPS websites. HTTPS sites provide end-to-end encryption that can help you avoid sites hackers might be trying to push you to.
  • Don't ignore the warning signs. If your connection has dropped and your device is requiring you to sign back in as if the hotspot were a new network, do not use that hotspot again.
  • Never autosave public Wi-Fi hotspots. That process can transmit information about you, including your home address.
  • Use two-factor authentication (2FA). If you ever enter any kind of banking or other sensitive information, two-factor authentication is critical. These are the seven most critical types of accounts that should always have 2FA enabled.

In addition, practice basic computer safety tips and keep your antivirus software updated to thwart hackers from doing any damage to your device.