Evil twin attacks get their name from hackers who have learned to imitate legitimate Wi-Fi networks to the point where copies become indistinguishable from the originals. Therefore, this type of attack is especially dangerous - the victims do not even suspect that they are on the hacker's network while he collects the personal data of users in order to use them for his own purposes on the dark web.
How does this attack work?
Everything is based on public Wi-Fi networks. The most dangerous "evil twin" attacks trick victims into thinking they are connecting to trusted public networks. Typically, an attack goes like this:
- Choose a location with free Wi-Fi. To conduct such a cyber attack, hackers usually choose popular public places: parks, hotels, cafes, airports. Since there are many other access points with the same names in such places, it is even easier for cybercriminals to hide their activities by “merging with the crowd”.
- Setting up an access point. After choosing a location, the hackers create a new access point using the same network identifier (SSID) name as the real network. To do this, they can use almost any device, including phones, laptops, portable routers, and tablets.
- Creating a fake connection page. Attackers create a special connection page (captive-portal), with the help of which they deceive users and force them to enter their registration data.
- Rapprochement with potential victims. Once the hackers are done setting up their fake access point and connection page, they move their device or router closer to potential victims in an attempt to override the legitimate network signal so that the victims choose their access point.
- Start of surveillance and data theft. Once connected to the "evil twin", the hacker is able to track everything the user does online, from viewing login credentials to connect to their social media accounts to checking bank accounts. If, when connected to such a fake network, the user logs into any of their accounts, then the hacker can obtain these login credentials.
How to protect yourself from the "evil twins"?
Here are a couple of simple tips that will protect you when connecting to public Wi-Fi networks:
- Top tip - use a personal hotspot instead of public Wi-Fi. Don't forget to set a strong password to protect your hotspot!
- Disable automatic networking. If auto-connect is enabled on your device, it will automatically connect to any networks you have previously used as soon as you are in range of such a network. This can be dangerous in public places, especially if you have unknowingly connected to the "evil twin" network in the past. To always connect to the authentic network you want, turn off auto-connect every time you leave your home or office.
- Use a VPN. If you prefer to use public Wi-Fi networks, install a reliable VPN application on your device that will encrypt or hide your online activity before it is sent to the network, making it impossible for a hacker to read and understand it.
- Do not connect to insecure networks. Insecure networks are not secure enough, and "evil twin" networks are almost always labeled as such. Hackers often rely on people ignoring this characteristic and connecting to the network without thinking about the risks.
- Use multi-factor authentication. In this case, even if a hacker receives your registration data (login and password) to access such accounts, the enabled two-factor authorization option will not allow him to successfully access your account.
- Only open sites that use HTTPS. These sites offer end-to-end encryption to prevent hackers from tracking your activity while you visit them.
The "evil twin" attack is just one of the methods that hackers use to gain access to sensitive information on the Internet. To avoid becoming a victim of cybercriminals, just follow the tips, use reliable antiviruses, and don't forget to learn more about other types of cyberattacks that are popular among cybercriminals.