What Is an Evil Twin Attack and Why Are You at Risk?

October 17, 2023 • Zachary Amos


Public wifi is already dangerous enough without the threat of an evil twin attack. If you’ve ever used it, you might be the victim of such a cyber attack. Here’s a look into how it works and what it can do to you.

What Is an Evil Twin Attack?

An evil twin attack is a type of man-in-the-middle cyber attack. A fake public wifi connection looks exactly like a legitimate one, tricking users into thinking they’re connecting to the real thing. In reality, they’re offering their information to a hacker on a silver platter. It uses very similar tactics to phishing. 

Once you log in to the fraudulent network, they monitor network communications and collect your data. Any passwords you enter or accounts you sign into likely become forfeit. Since they’re hiding in plain sight, you might not even realize what’s happened until it’s too late.

Imagine you sit down in a coffee shop to get some work done on a project. You go to check the available networks and see two “Coffee_shop_wifi” names. You click on the one with a better signal and get to work, unaware you’ve just given a hacker complete access to your keystrokes and online behavior.

This cyber attack sounds like the name of a science fiction movie, but it’s a genuine thing. It may not be as common as phishing or ransomware, but it can do just as much damage. Since nearly 5 billion people can connect to wifi as of 2022, hackers have plenty of opportunities to exploit their trust in public access points. 

How Does It Work?

Evil twin attacks work by creating a fraudulent network connection mirroring the legitimate one. A hacker sets up a hotspot, which is a physical location providing internet access wirelessly. It has the same name as the original, so people won’t second-guess connecting to it.

They often strategically position themselves in a public location with high traffic. How often do you think twice before connecting to public wifi after sitting in a store? The typical targets are airports, coffee shops, fast-food places and parks. Since you’re more likely to choose their access point if the connection is better, they usually boost their signal.

They only have around a 50% chance you’ll use theirs, so they have safety nets in place. If you’ve already connected to the legitimate access point, they can jam the signal or send disassociation requests to kick you off of it. They want to force you to choose them.

We won’t give you step-by-step instructions for obvious reasons, but you get the idea of how it works. The process is relatively simple, but someone has to be well-versed in tech and network communications to know how to set it up. 

What Are the Potential Risks?

The main risks of an evil twin attack are to your privacy and security. Public wifi networks are vulnerable to hackers already, so it can be doubly dangerous. A hacker can gain all sorts of information on you the longer you stay connected to their illegitimate access point. 

If they can track your online behavior and log your keystrokes along the way, they can steal your sensitive data. They could take your account passwords or email address. If you sign in to something like your banking app, they could do real damage.

Beyond the basic threats, you risk becoming the victim of additional cyber attacks. A hacker can use their position as a jumping-off point to launch more, doing all kinds of damage. While the best outcome is a few stolen passwords, the worst involves malware and identity theft.

Can You Detect an Evil Twin Attack?

Although evil twin attacks are supposed to be subtle, there are multiple ways to detect one. If you know what to watch for and pay close attention, you can protect yourself and your information. 

Here are the main signs of this attack:

  • Device warning notification: Your device will often display a warning when you join an unsecured network. If you get this kind of notification immediately after connecting, it might indicate a hacker is providing a fake access point.
  • Unusual connections: If an access point is illegitimate, it will usually have way too many connections. Also, devices often connect from odd locations. If you see this, it likely hints at an evil twin attack.
  • Duplicate service set identifier: Basically, SSID is the wifi name. The router’s identifier shows the access point is available and lets you auto-connect in the future. Two “Coffee_shop_wifi” names or a similar “Coffee_shop_guest” is your biggest sign.

Although one of these signs alone might not indicate this specific cyber attack, you should be concerned if you see multiple. It can be challenging to determine whether your connection is illegitimate or not, but it’s possible. Even if you think you’ve connected to one in the past, there are ways to protect yourself going forward. 

How Do You Protect Yourself?

You can protect yourself against an evil twin attack if you get security tools, adjust your settings and stay vigilant online. While nothing can guarantee you’ll be 100% secure, they give you a much better shot at protecting your data. 

Here’s how you can protect yourself against this cyber attack:

  • Connection permissions: If you’ve connected to unsecured public wifi before, turn off your device’s auto-connect feature. You don’t want it to automatically reconnect to an evil twin network when you go near it.
  • Virtual private network: A VPN protects you while you browse the internet. Since it encrypts your data, it keeps the hacker from collecting information on you.
  • Multi-factor authentication: Once a hacker gets your information with a captive portal or through data theft, multi-factor authentication is the best way to protect your accounts.
  • Hypertext transfer protocol secure: You know what this is even if you’ve never seen it written out. Since an “https” connection encrypts your network communications, the hacker has difficulty monitoring or messing with you.

These security features might not be as robust as you’d hope, but they’re available for everyone and meant for mobile devices. Still, you might feel wary about connecting to a public network. If that’s the case, take it as a sign to stick to your own hotspot or check out how much an unlimited data plan would run you.

Try to Avoid Public Wifi

Even though public wifi is convenient for people who don’t have data or can’t set up a hotspot, it’s generally unsafe to use. Couple the general risks with the potential for an evil twin attack and you get the perfect storm for identity theft, malware installs and compromised accounts. Although there are ways to protect yourself, avoiding unsecured access points is safest.