What is an Evil Twin Attack and How to Spot One

  • By Greg Brown
  • Oct 28, 2022

 Evil Twin Attack

No longer can you head to your local coffee shop on a Saturday morning and safely browse the internet. Evil Twin attacks mimic a legitimate network and trick the user into logging in by posing as a legitimate internet source. An evil twin network is indistinguishable from the real thing and is nearly impossible to identify. 

The assault is usually a severe form of spoofing, whereby scammers steal personal information and money or infect the machine with malware. Once access has been established, hackers can attack every device area, including secure credentials to network paths. 

Public hotspots are growing at a staggering pace. Forecasts show nearly 540 million free wi-fi hotspots worldwide, with more coming online every minute. This massive number of wi-fi access points offers hackers fertile ground to attack.

Evil Twin Attacks

Tricking users into believing they are logging into a legitimate public network takes planning. The fake network must be as authentic as possible for the attack to work.

Hackers must first decide on the right location for their attack. Coffee shops, airports, libraries, and other similar locations make it easier for a fake network to go unnoticed. Most busy locations have multiple access points, making it much easier for a hacker’s fake network to go unnoticed. Most skilled attackers have several locations in the process all the time.

Once locations have been established, hackers create the evil twin access point. Hotspots are created using the same Service Set Identifier (SSID) name as the legitimate network. SSID names such as HELP or GUEST are popular among hackers. Any device can be used, and multiple devices are usually in play with more extensive operations. 

A Large variety of devices can be used, from smartphones and computers to portable routers and tablets. Wi-fi extenders are used to broaden the range.

Captive portal pages are created to extend the evil twin network. A captive portal page is one in which a user is guided to a specific login page, similar to the ones users encounter daily. These pages require the user to enter only a name and password and are identical to the actual page. Hackers create multiple portal pages to get unwitting users to send their credentials.

Another ploy for evil twin hackers is to move closer to their victims, creating a more robust network signal giving the allure of a solid native network. Robust evil twin networks will often cause the device to connect automatically. After the evil twin network has been set up and users start to access the network, hackers begin collecting data.

Attackers can access live user data, from scrolling through social media accounts to accessing user bank account information. Evil twin attacks are hazardous if the user accesses multiple sensitive accounts with the same login credentials.


Wi-fi has become an enormous breeding ground for the world’s hackers and cyber-criminals. With the rapid rise of remote work environments, companies are unwittingly exposing their networks to savvy hackers. If the attack is successful, hackers can steal login information and see sensitive details of transactions you make with financial institutions. For example, you have connected to your bank through an evil twin network. The hacker sees the transactions as you make them and can be rerouted to their bank accounts. 

Evil Twin networks are easier to find with network sniffing tools. These tools are easy to use and can be set up in a short period of time. Sniffing tools monitor data packets across the network. The tool can filter IP addresses, protocols, and data types. It is wise to remember that hackers also use sniffing tools to find the right network path.

There are a couple of best practices to help users stay away from fishy connections. 

  • Always pay attention to network names. Not all hackers are the most intelligent people on the planet, and most are lazy when setting up an evil twin network using misspelled words. Pay close attention to misspelled words and apparent errors. Hackers will replace or forget to use a single letter in the name, which most people overlook. 
  • Modern-day smartphones and computers are well-equipped to find network errors and other malware that may threaten your device. Pay attention to these errors; you may be better off by not connecting. 


Making sure the networks you use daily are monitored and locked down is the best way to prevent an Evil Twin network. 

  • VPNs are now a plentiful resource that can make communications stress free. A VPN service is made to prevent hackers from monitoring your online activity. A VPN is an excellent tool to secure your conversations and financial transactions. 
  • Most browsers, by default, will only connect to HTTPS sites. These website connections are encrypted, preventing onlookers and other sneaky people from viewing your activity. Surfing only to an HTTPS site may become impossible if you want to explore the web.

If you want to surf only the HTTPS site, use the HTTPS Everywhere extension, which is compatible with most browsers. The extension fixes many problems people have when surfing secure sites. The extension makes sure connections are fully encrypted.

  • Most smartphones and computers have an auto-connect feature, which can be a big problem if an Evil Twin attack is on the way. Auto connect is done via a wi-fi SSID name. This feature means that the device cannot distinguish between a legitimate network and its evil twin.
  • It seems that every business has free wi-fi service. If possible, stay away from these connections unless your device is fully protected. The wi-fi network down at your local coffee shop may be the best thing since sliced bread; however, everyone is listening in on your surfing.
  • Limiting your online activities can help if you suspect there may be an evil twin network lurking nearby. Avoid visiting sites that you feel may further compromise your network connection. Do not visit any site that may contain sensitive information. 

Be Cautious of All Types of Attacks Coming Your Way

Malware, evil twins, spoofing, and an endless number of cyber attacks are just waiting to overwhelm your smartphone or computer. It is imperative for anyone using an online device to be aware of the assaults coming their way. Prevention is the only answer.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer's dream; they offer low-priced goods for families in 8,200 locations nationwide.

Weekly Cybersecurity Recap December 1

Weekly Cybersecurity Recap December 1

This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International.

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address