All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Evil twin attacks are a cyber spoofing method used to trick you into connecting to a fake Wi-Fi network, leaving you vulnerable to hackers. This cybercrime can sneak up on anyone. Most of us use public Wi-Fi at some point when traveling or grabbing that favorite cup of joe at the local coffee shop. But how do we know those free networks are safe?
In this article, we’ll show you how to keep online safety a priority and avoid these nasty hacking attempts, as well as which of the best VPN services can best protect you against fake Wi-Fi networks.
Risks of an evil twin attack
How evil twin attacks work
How to identify an evil twin attack
How to prevent an evil twin attack
What to do if you experience an evil twin attack
Evil twin attacks FAQ
Bottom line
What is an evil twin attack?
An evil twin attack is a man-in-the-middle attack (MitM) where a hacker attempts to trick you into connecting your device to a fake Wi-Fi network access point. It’s referred to as an evil twin because it mimics another network that is real.
If you connect to this fake network, the data you share will get sent to the server the hacker controls. The entire time you’re online, you have no idea the network you’re using is dangerous.
Risks of an evil twin attack
Evil twin attacks can be hard to spot, and the risks for users are high. When these attacks are successful, they give hackers complete access to your device. Once they have that, they can take control of all your personal information. They can also use an evil twin attack to insert malware onto your connected devices. Before you know it, you’ve got a nasty virus on your computer.
You typically won’t know you’ve been a victim until it’s too late. You may notice some odd bank transactions that you didn’t make. When pulling up your account, you may suddenly see transactions in a different state for items you didn’t purchase. By that point, you may have identity theft and loss of data to consider. Rather than being on the offense, it puts you in an uncomfortable defensive mode, trying to recover your accounts and other data.
How evil twin attacks work
Unfortunately for us, it’s pretty simple for hackers to create evil twin Wi-Fi attacks. The setup is easy and the allure is strong. Since the network looks safe on the outside, you see no reason not to use it. It may also have a strong signal, which makes you want to connect to it over one that isn’t as strong.
Here’s a closer look at how these attacks work.
1. Hackers look for populated areas
The hacker looks for the perfect public places for the evil twin attack. Busy areas are prime hunting grounds for hackers because they’re so popular. Anywhere people gather combined with free public Wi-Fi can make an evil twin attack look completely innocuous.
2. Evil twin access point gets configured
The hacker will set up the evil twin network using the SSID (Service Set IDentifier) that the genuine Wi-Fi router uses. That fake Wi-Fi access point gets configured through a portable hotspot, tablet, phone, or computer. If you’re not careful, you won’t see a difference between this network and the legitimate one.
3. A fake captive portal is created
After setting up the evil twin network, the hackers will create a phony portal page. A captive portal page is a website that automatically opens once you connect to the Wi-Fi, asking you to enter information to access and use the network. If you fill out the fake page, you’ve just given the hacker the info they need to complete their attack.
4. The network is made accessible
The hacker will place the hotspot in an area with the most people, thereby maximizing the chances of hooking more users. Once you connect to the evil twin network, your data can be seen by the hackers. They can monitor what you do while stealing any private information they deem valuable. If they want, the hackers can also insert dangerous malware onto your device.
How to identify an evil twin attack
Evil twin attacks can be so subtle, so how can you feel safe on public Wi-Fi? Luckily, there are some warning signs you can look for that will signal an attack.
- Duplicate network: If you’re attempting to use public Wi-Fi and see two networks with almost identical names, you should pause the connection. That could be an evil twin in disguise, with hackers hoping you’ll use the one they’ve created.
- Suspicious captive portal pages: If you get directed to a captive portal page, take a minute to check the legitimacy before quickly giving out your private information. When you see grammatical errors, typos, or suspicious links that could direct you to a malicious website, don’t use the network.
- Unsecured network notification: Your device may notify you that you are about to connect to an unsecured network. If you see this, you may want to avoid the network entirely.
How to prevent an evil twin attack
These evil twin attacks may not appear as obvious as other cyber threats. To avoid becoming a victim of these online attacks, you should keep these tips in mind when using Wi-Fi networks.
- Use a VPN: A virtual private network (VPN) helps you securely connect to the internet. All your online activity gets encrypted before an evil twin hacker can see or access it. It’s an additional layer of protection to keep you safe from these cyber threats.
- Don’t use unsecured networks: Many public Wi-Fi connections are unsecured. If you see one marked as unsecured, it’s best practice to avoid using it. It may not be an evil twin, but unsecured networks are more susceptible to online cyber threats.
- Only use HTTPS websites: These websites are secure and include SSL certificates. That means they are encrypted, which helps prevent an evil twin attack.
- Use two-factor authentication: If you enable 2FA, a hacker cannot access your online accounts, because it requires two means of authorization, which the cyber criminal won’t have.
- Do not use private accounts on public Wi-Fi: If you decide to use public Wi-Fi, first sign out of any sensitive accounts you use, like banking websites or other financial links. Then snoopers won’t see your login credentials for those accounts.
- Disable auto-connect: If your device has an auto-connect feature, keep it turned off. That will avoid an accidental connection to a dangerous network.
- Use your hotspot: A personal hotspot or mobile tethering gives you a safe way to connect to the internet when away from home. That provides you with a trusted network to use.
- Install antivirus software: Using antivirus software can help ensure malware gets detected or prevented before it can damage your device or create security issues.
3 best VPNs for staying safe on public Wi-Fi
A VPN is an excellent first step toward keeping your devices safe while using public Wi-Fi, but not all VPNs are made equal. We highly recommend avoiding free VPNs, which can infect your devices with malware and collect your personal data, and opting for one of these premium VPN apps instead.
- Surfshark: A low-cost VPN with tons of security features, Surfshark topped the charts during our hands-on testing. We love that it comes with a kill switch, which blocks your internet traffic if the VPN suddenly disconnects, as well as CleanWeb, a malware and ad blocker.
See Surfshark Plans | Read Our Surfshark Review - NordVPN: Another favorite of ours, NordVPN includes Threat Protection, an anti-malware tool and ad blocker in one. It also features thousands of VPN servers, so you're more likely to find one that encrypts your data without slowing your internet speed down.
See NordVPN Plans | Read Our NordVPN Review - Private Internet Access (PIA): One of the cheapest premium VPNs out there, PIA doesn't skimp on features. We especially love that it didn't slow down our internet speed during testing. PIA also comes with Identity Guard, which checks whether your email address was leaked in a data breach, as well as MACE, an ad and malware blocker.
See PIA Plans | Read Our PIA Review
What to do if you experience an evil twin attack
If you get impacted by an evil twin attack, follow these steps immediately.
- Report the attack: Notify the FCC and your local police department.
- Let your bank know: Notify your bank and any other financial institutions that have been affected.
- Change passwords: Reset all your passwords to mitigate online threats.
- Enable 2FA: Two-factor authentication will reduce the chances of successful evil twin attacks by requiring an extra layer of security authorization.
Evil twin attacks FAQ
What is an example of an evil twin attack?
An example of an evil twin attack is you deciding to use the public Wi-Fi at your local coffee shop. You connect to the network that looks genuine because it uses an identical SSID name, but it’s actually a fake wireless network. The imposter has a stronger signal, so it’s the one you choose, even though it’s not secure. Once you’re connected, cybercriminals access your personal data and bank account login information.
Where do hackers set up evil twin attacks?
Hackers set up evil twin attacks in busy areas like airports, hotels, or coffee shops, to increase the chances of someone connecting to them. The more people, the more victims the hackers can attack.
What’s the difference between a rogue access point and an evil twin attack?
The difference between a rogue access point and an evil twin attack is that an evil twin attack is a separate network set up to impersonate a genuine Wi-Fi network, but a rogue access point is an unauthorized device plugged into a real network.
Bottom line
Evil twin attacks can be scary. These cyberattacks can quickly access your private information and steal your credentials and financial data. They can even lead to identity theft if not caught in time.
Hackers are getting more sophisticated, but that doesn’t mean you must become an online victim. Using the tips in our article, you can stay safe while browsing the internet. Always use antivirus software and a VPN app to keep your data more secure. With online safety, it’s best to use a combined approach with different layers of protection to ensure the most effective data security.