How To Secure Your Devices Against Evil Twin Attacks

Don’t get tricked into connecting to a fake Wi-Fi network.
We may receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Evil twin attacks are a cyber spoofing method used to trick you into connecting to a fake Wi-Fi network, leaving you vulnerable to hackers. This cybercrime can sneak up on anyone. Most of us use public Wi-Fi at some point when traveling or grabbing that favorite cup of joe at the local coffee shop. But how do we know those free networks are safe?

In this article, we’ll show you how to keep online safety a priority and avoid these nasty hacking attempts, as well as which of the best VPN services can best protect you against fake Wi-Fi networks.

In this article
What is an evil twin attack?
Risks of an evil twin attack
How evil twin attacks work
How to identify an evil twin attack
How to prevent an evil twin attack
What to do if you experience an evil twin attack
Evil twin attacks FAQ
Bottom line

What is an evil twin attack?

An evil twin attack is a man-in-the-middle attack (MitM) where a hacker attempts to trick you into connecting your device to a fake Wi-Fi network access point. It’s referred to as an evil twin because it mimics another network that is real.

If you connect to this fake network, the data you share will get sent to the server the hacker controls. The entire time you’re online, you have no idea the network you’re using is dangerous.

Evil twin attacks are more prevalent on unsecured public Wi-Fi networks, like your local coffee shop, hotel, or airport. These networks have higher traffic and less security, making them perfect targets for cybercriminals.

Risks of an evil twin attack

Evil twin attacks can be hard to spot, and the risks for users are high. When these attacks are successful, they give hackers complete access to your device. Once they have that, they can take control of all your personal information. They can also use an evil twin attack to insert malware onto your connected devices. Before you know it, you’ve got a nasty virus on your computer.

You typically won’t know you’ve been a victim until it’s too late. You may notice some odd bank transactions that you didn’t make. When pulling up your account, you may suddenly see transactions in a different state for items you didn’t purchase. By that point, you may have identity theft and loss of data to consider. Rather than being on the offense, it puts you in an uncomfortable defensive mode, trying to recover your accounts and other data.

How evil twin attacks work

Unfortunately for us, it’s pretty simple for hackers to create evil twin Wi-Fi attacks. The setup is easy and the allure is strong. Since the network looks safe on the outside, you see no reason not to use it. It may also have a strong signal, which makes you want to connect to it over one that isn’t as strong.

Here’s a closer look at how these attacks work.

1. Hackers look for populated areas

The hacker looks for the perfect public places for the evil twin attack. Busy areas are prime hunting grounds for hackers because they’re so popular. Anywhere people gather combined with free public Wi-Fi can make an evil twin attack look completely innocuous.

2. Evil twin access point gets configured

The hacker will set up the evil twin network using the SSID (Service Set IDentifier) that the genuine Wi-Fi router uses. That fake Wi-Fi access point gets configured through a portable hotspot, tablet, phone, or computer. If you’re not careful, you won’t see a difference between this network and the legitimate one.

3. A fake captive portal is created

After setting up the evil twin network, the hackers will create a phony portal page. A captive portal page is the website that automatically opens once you connect to the Wi-Fi, asking you to enter information to access and use the network. If you fill out the fake page, you’ve just given the hacker the info they need to complete their attack.

4. The network is made accessible

The hacker will place the hotspot in an area with the most people, thereby maximizing the chances of hooking more users. Once you connect to the evil twin network, your data can be seen by the hackers. They can monitor what you do while stealing any private information they deem valuable. If they want, the hackers can also insert dangerous malware onto your device.

How to identify an evil twin attack

Evil twin attacks can be so subtle, so how can you feel safe on public Wi-Fi? Luckily, there are some warning signs you can look for that will signal an attack.

  • Duplicate network: If you’re attempting to use public Wi-Fi and see two networks with almost identical names, you should pause the connection. That could be an evil twin in disguise, with hackers hoping you’ll use the one they’ve created.
  • Suspicious captive portal pages: If you get directed to a captive portal page, take a minute to check the legitimacy before quickly giving out your private information. When you see grammatical errors, typos, or suspicious links that could direct you to a malicious website, don’t use the network.
  • Unsecured network notification: Your device may notify you that you are about to connect to an unsecured network. If you see this, you may want to avoid the network entirely.

How to prevent an evil twin attack

These evil twin attacks may not appear as obvious as other cyber threats. To avoid becoming a victim of these online attacks, you should keep these tips in mind when using Wi-Fi networks.

  • Use a VPN: A virtual private network (VPN) helps you securely connect to the internet. All your online activity gets encrypted before an evil twin hacker can see or access it. It’s an additional layer of protection to keep you safe from these cyber threats.
  • Don’t use unsecured networks: Many public Wi-Fi connections are unsecured. If you see one marked as unsecured, it’s best practice to avoid using it. It may not be an evil twin, but unsecured networks are more susceptible to online cyber threats.
  • Only use HTTPS websites: These websites are secure and include SSL certificates. That means they are encrypted, which helps prevent an evil twin attack.
  • Use two-factor authentication: If you enable 2FA, a hacker cannot access your online accounts, because it requires two means of authorization, which the cyber criminal won’t have.
  • Do not use private accounts on public Wi-Fi: If you decide to use public Wi-Fi, first sign out of any sensitive accounts you use, like banking websites or other financial links. Then snoopers won’t see your login credential for those accounts.
  • Disable auto-connect: If your device has an auto-connect feature, keep it turned off. That will avoid an accidental connection to a dangerous network.
  • Use your hotspot: A personal hotspot or mobile tethering gives you a safe way to connect to the internet when away from home. That provides you with a trusted network to use.
  • Install antivirus software: Using antivirus software can help ensure malware gets detected or prevented before it can damage your device or create security issues.

3 best VPNs for staying safe on public Wi-Fi

A VPN is an excellent first step toward keeping your devices safe while using public Wi-Fi, but not all VPNs are made equal. We highly recommend avoiding free VPNs, which can infect your devices with malware and collect your personal data, and opting for one of these premium VPN apps instead. 

  • Surfshark: A low-cost VPN with tons of security features, Surfshark topped the charts during our hands-on testing. We love that it comes with a kill switch, which blocks your internet traffic if the VPN suddenly disconnects, as well as CleanWeb, a malware and ad blocker. 

    See Surfshark Plans | Read Our Surfshark Review
  • NordVPN: Another favorite of ours, NordVPN includes Threat Protection, an anti-malware tool and ad blocker in one. It also features thousands of VPN servers, so you're more likely to find one that encrypts your data without slowing your internet speed down.

    See NordVPN Plans | Read Our NordVPN Review
  • Private Internet Access (PIA): One of the cheapest premium VPNs out there, PIA doesn't skimp on features. We especially love that it didn't slow down our internet speed during testing. PIA also comes with Identity Guard, which checks whether your email address was leaked in a data breach, as well as MACE, an ad and malware blocker.

    See PIA Plans | Read Our PIA Review

Limited-time offer: 82% off + 4 months free
Learn More
On Surfshark's website

  • VPN technology offering stability and speed
  • Unlimited simultaneous connections
  • Works with Netflix and other streaming services
  • Headquarters in Nine Eyes Alliance

What to do if you experience an evil twin attack

If you get impacted by an evil twin attack, follow these steps immediately.

  • Report the attack: Notify the FCC and your local police department.
  • Let your bank know: Notify your bank and any other financial institutions that have been affected.
  • Change passwords: Reset all your passwords to mitigate online threats.
  • Enable 2FA: Two-factor authentication will reduce the chances of successful evil twin attacks by requiring an extra layer of security authorization.

Evil twin attacks FAQ


What is an example of an evil twin attack?

An example of an evil twin attack is you deciding to use the public Wi-Fi at your local coffee shop. You connect to the network that looks genuine because it uses an identical SSID name, but it’s actually a fake wireless network. The imposter has a stronger signal, so it’s the one you choose, even though it’s not secure. Once you’re connected, cybercriminals access your personal data and bank account login information.


Where do hackers set up evil twin attacks?

Hackers set up evil twin attacks in busy areas like airports, hotels, or coffee shops, to increase the chances of someone connecting to them. The more people, the more victims the hackers can attack.


What’s the difference between a rogue access point and an evil twin attack?

The difference between a rogue access point and an evil twin attack is that an evil twin attack is a separate network set up to impersonate a genuine Wi-Fi network, but a rogue access point is an unauthorized device plugged into a real network.

Bottom line

Evil twin attacks can be scary. These cyberattacks can quickly access your private information and steal your credentials and financial data. They can even lead to identity theft if not caught in time.

Hackers are getting more sophisticated, but that doesn’t mean you must become an online victim. Using the tips in our article, you can stay safe while browsing the internet. Always use antivirus software and a VPN app to keep your data more secure. With online safety, it’s best to use a combined approach with different layers of protection to ensure the most effective data security.

Limited-time offer: Up to 67% off
Learn More
On NordVPN's website

  • High-quality VPN offering safety and speed
  • Loads of servers for multiple connection options
  • Works with popular streaming services, including Netflix
  • Too many confusing plans

Author Details
Patti Croft is a seasoned writer who specializes in all things technology. She holds a B.S. in Computer Science and carries a wealth of hands-on experience thanks to her background as a technical analyst and security specialist.