Evil twin attacks are a cyber spoofing method used to trick you into connecting to a fake Wi-Fi network, leaving you vulnerable to hackers. This cybercrime can sneak up on anyone. Most of us use public Wi-Fi at some point when traveling or grabbing that favorite cup of joe at the local coffee shop. But how do we know those free networks are safe?

In this article, we’ll show you how to keep online safety a priority and avoid these nasty hacking attempts, as well as which of the best VPN services can best protect you against fake Wi-Fi networks.

What is an evil twin attack?

An evil twin attack is a man-in-the-middle attack (MitM) where a hacker attempts to trick you into connecting your device to a fake Wi-Fi network access point. It’s referred to as an evil twin because it mimics another network that is real.

If you connect to this fake network, the data you share will get sent to the server the hacker controls. The entire time you’re online, you have no idea the network you’re using is dangerous.

Evil twin attacks are more prevalent on unsecured public Wi-Fi networks, like your local coffee shop, hotel, or airport. These networks have higher traffic and less security, making them perfect targets for cybercriminals.

Risks of an evil twin attack

Evil twin attacks can be hard to spot, and the risks for users are high. When these attacks are successful, they give hackers complete access to your device. Once they have that, they can take control of all your personal information. They can also use an evil twin attack to insert malware onto your connected devices. Before you know it, you’ve got a nasty virus on your computer.

You typically won’t know you’ve been a victim until it’s too late. You may notice some odd bank transactions that you didn’t make. When pulling up your account, you may suddenly see transactions in a different state for items you didn’t purchase. By that point, you may have identity theft and loss of data to consider. Rather than being on the offense, it puts you in an uncomfortable defensive mode, trying to recover your accounts and other data.

How evil twin attacks work

Unfortunately for us, it’s pretty simple for hackers to create evil twin Wi-Fi attacks. The setup is easy and the allure is strong. Since the network looks safe on the outside, you see no reason not to use it. It may also have a strong signal, which makes you want to connect to it over one that isn’t as strong.

Here’s a closer look at how these attacks work.

1. Hackers look for populated areas

The hacker looks for the perfect public places for the evil twin attack. Busy areas are prime hunting grounds for hackers because they’re so popular. Anywhere people gather combined with free public Wi-Fi can make an evil twin attack look completely innocuous.

2. Evil twin access point gets configured

The hacker will set up the evil twin network using the SSID (Service Set IDentifier) that the genuine Wi-Fi router uses. That fake Wi-Fi access point gets configured through a portable hotspot, tablet, phone, or computer. If you’re not careful, you won’t see a difference between this network and the legitimate one.

3. A fake captive portal is created

After setting up the evil twin network, the hackers will create a phony portal page. A captive portal page is the website that automatically opens once you connect to the Wi-Fi, asking you to enter information to access and use the network. If you fill out the fake page, you’ve just given the hacker the info they need to complete their attack.

4. The network is made accessible

The hacker will place the hotspot in an area with the most people, thereby maximizing the chances of hooking more users. Once you connect to the evil twin network, your data can be seen by the hackers. They can monitor what you do while stealing any private information they deem valuable. If they want, the hackers can also insert dangerous malware onto your device.

How to identify an evil twin attack

Evil twin attacks can be so subtle, so how can you feel safe on public Wi-Fi? Luckily, there are some warning signs you can look for that will signal an attack.

• Duplicate network: If you’re attempting to use public Wi-Fi and see two networks with almost identical names, you should pause the connection. That could be an evil twin in disguise, with hackers hoping you’ll use the one they’ve created.
• Suspicious captive portal pages: If you get directed to a captive portal page, take a minute to check the legitimacy before quickly giving out your private information. When you see grammatical errors, typos, or suspicious links that could direct you to a malicious website, don’t use the network.
• Unsecured network notification: Your device may notify you that you are about to connect to an unsecured network. If you see this, you may want to avoid the network entirely.

How to prevent an evil twin attack

These evil twin attacks may not appear as obvious as other cyber threats. To avoid becoming a victim of these online attacks, you should keep these tips in mind when using Wi-Fi networks.

• Use a VPN: A virtual private network (VPN) helps you securely connect to the internet. All your online activity gets encrypted before an evil twin hacker can see or access it. It’s an additional layer of protection to keep you safe from these cyber threats.
• Don’t use unsecured networks: Many public Wi-Fi connections are unsecured. If you see one marked as unsecured, it’s best practice to avoid using it. It may not be an evil twin, but unsecured networks are more susceptible to online cyber threats.
• Only use HTTPS websites: These websites are secure and include SSL certificates. That means they are encrypted, which helps prevent an evil twin attack.
• Use two-factor authentication: If you enable 2FA, a hacker cannot access your online accounts, because it requires two means of authorization, which the cyber criminal won’t have.
• Do not use private accounts on public Wi-Fi: If you decide to use public Wi-Fi, first sign out of any sensitive accounts you use, like banking websites or other financial links. Then snoopers won’t see your login credential for those accounts.
• Disable auto-connect: If your device has an auto-connect feature, keep it turned off. That will avoid an accidental connection to a dangerous network.
• Use your hotspot: A personal hotspot or mobile tethering gives you a safe way to connect to the internet when away from home. That provides you with a trusted network to use.
• Install antivirus software: Using antivirus software can help ensure malware gets detected or prevented before it can damage your device or create security issues.

3 best VPNs for staying safe on public Wi-Fi

A VPN is an excellent first step toward keeping your devices safe while using public Wi-Fi, but not all VPNs are made equal. We highly recommend avoiding free VPNs, which can infect your devices with malware and collect your personal data, and opting for one of these premium VPN apps instead. 

• Surfshark: A low-cost VPN with tons of security features, Surfshark topped the charts during our hands-on testing. We love that it comes with a kill switch, which blocks your internet traffic if the VPN suddenly disconnects, as well as CleanWeb, a malware and ad blocker. 
  
  See Surfshark Plans | Read Our Surfshark Review
• NordVPN: Another favorite of ours, NordVPN includes Threat Protection, an anti-malware tool and ad blocker in one. It also features thousands of VPN servers, so you're more likely to find one that encrypts your data without slowing your internet speed down.
  
  See NordVPN Plans | Read Our NordVPN Review
• Private Internet Access (PIA): One of the cheapest premium VPNs out there, PIA doesn't skimp on features. We especially love that it didn't slow down our internet speed during testing. PIA also comes with Identity Guard, which checks whether your email address was leaked in a data breach, as well as MACE, an ad and malware blocker.
  
  See PIA Plans | Read Our PIA Review

Learn More

On Surfshark's website

---

• Unlimited simultaneous connections
• Works with Netflix and other streaming services
• Headquarters in Nine Eyes Alliance

What to do if you experience an evil twin attack

If you get impacted by an evil twin attack, follow these steps immediately.

• Report the attack: Notify the FCC and your local police department.
• Let your bank know: Notify your bank and any other financial institutions that have been affected.
• Change passwords: Reset all your passwords to mitigate online threats.
• Enable 2FA: Two-factor authentication will reduce the chances of successful evil twin attacks by requiring an extra layer of security authorization.

Evil twin attacks FAQ

Bottom line

Evil twin attacks can be scary. These cyberattacks can quickly access your private information and steal your credentials and financial data. They can even lead to identity theft if not caught in time.

Hackers are getting more sophisticated, but that doesn’t mean you must become an online victim. Using the tips in our article, you can stay safe while browsing the internet. Always use antivirus software and a VPN app to keep your data more secure. With online safety, it’s best to use a combined approach with different layers of protection to ensure the most effective data security.

Limited-time deal: 2 years of NordVPN with 68% off + 3 extra months

Learn More

On NordVPN's website

---

• Loads of servers for multiple connection options
• Works with popular streaming services, including Netflix
• From $3.19/mo
• Limited-time deal on 2-year plan
• Too many confusing plans

Author Details

Patti Croft

About the Author

Patti Croft is a freelance writer who specializes in all things technology. Her expertise includes antivirus software, online security strategies, and safety practices. She has a degree in Computer Information Systems and extensive experience working in the IT field. In her spare time, Patti is an avid reader and researcher, and loves spending time with her pets. She currently shares an office with her cat, Beau.