Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

Evil twin attack explained

As technology evolves, so do the methods to steal our valuable data - read more about evil twin attacks and how they work.

21-09-2023 - 6 minute read. Posted in: hacking.

Evil twin attack explained

Technology is evolving and so are the cybercriminals’ methods in obtaining our valuable data. Cybercriminals live off of the profits they make when they steal our data - either to sell or to exploit for identity theft or the like.

So, they have, of course, discovered yet another type of cyberattack that can trick their victims into providing sensitive data. This time, we’ll discuss evil twin attacks - we’ll look at what it is, how it works, and what you should look for, so you don’t fall into their malicious trap.

What are evil twin attacks?

An evil twin attack is a type of wireless network assault in which a cybercriminal deploys a fake wireless access point (AP) to pose as a reliable network. By posing as a legitimate hotspot, the attacker effectively makes a copy of a real network and lures unsuspecting users into connecting to it.

The name "evil twin" accurately captures this duality: a malicious twin impersonating the benevolent twin - in this case it'll be perceived as the "original".

Let’s say the hacker is sitting at a café or restaurant and has made a hotspot with the same name as the café they’re sitting at. Some people won’t think twice about the two hotspots and just click one of them - which thus can be a malicious network. The same goes for airports, public transport, hotels etc. As long as it’s a public place, the hacker can strike with this type of hacking attack.

How Evil Twins Operate

It’s always an advantage to be able to get inside the head of the enemy, so below we’ll explore how the evil twin attacks happen:

Finding Vulnerabilities

Attackers often start by deciding which network they want to use as a disguise. Any public space with a Wi-Fi network, whether an airport, hotel, or coffee shop as we've mentioned above, could qualify as this. They then compile details on the settings of the target network, including its name (Service Set Identifier, or SSID), and security protocols.

Setting up the trap

Using this knowledge, the attacker builds an Evil Twin AP with a similar or identical SSID. This sets up the trap. To increase the chance that consumers will connect to the malicious AP, the hacker attempts to make the Wi-Fi as authentic as possible.

Attracting the target

With the clone AP installed, the attacker broadcasts it near the real Wi-Fi. Unaware of the fake Wi-Fi, users can see the Evil Twin's SSID in their list of possible networks whilst searching for a Wi-Fi connection and mistake it for the real network they're looking for and thus connect to the malicious network.

Hook, Line, and Sinker

After a user establishes a connection with the malicious AP, their device creates a connection with the attacker's server. Through this connection, the attacker can track and intercept the user's online activities, steal sensitive data, login information, or even download harmful content onto your device.

How it affects you

Being the target of an Evil Twin attack might have serious, far-reaching effects. Here's an example of what could happen:

Data theft: Attackers are capable of intercepting and stealing sensitive data, such as credit card information, login information, personal messages, and browser history. Data that has been stolen can then be used for identity theft or financial gain.

Malware transfer: Forcing malware or malicious code into the victim's device is almost certain when you connect to an evil twin AP. This may result in subsequent security breaches on the device and the potential malware infection of other connected devices.

Man-in-the-Middle attacks: Attackers can manipulate the information transmitted and potentially lead to illegal transactions, fund transfers, or other fraudulent activities by intercepting and altering interactions between the victim and authentic websites or services.

Phishing and social engineering: Evil Twin attacks offer ideal conditions for phishing attempts. Attackers can employ social engineering techniques to construct fake yet very convincing login pages or pop-ups that request users gives the sensitive information.

Protect yourself from evil twin attacks

Although Evil Twin attacks can be cunning and convincing, there are a number of proactive measures you can take to protect your online activities:

  • Verify Wi-Fi ID: Before you connect to a public Wi-Fi network, always confirm the network's SSID and login information with the establishment's staff. We recommend that you steer clear of networks with vague or suspicious names and ID.

  • Use a VPN: By encrypting your internet connection, a virtual private network (VPN) makes it more difficult for hackers to intercept and decode your data. A VPN provides an additional layer of security when using public Wi-Fi.

  • Disable automatic connection: To prevent your device from connecting to networks without your permission, turn off the automatic connection feature. You now have more control over the networks you choose to connect to.

  • Check for HTTPS: When browsing websites, make sure the URL begins with "https://" and has a padlock icon in the address bar. This indicates that the connection is safe and encrypted.

  • Keep your software up to date: Regularly update your operating system, programs, and security software on your device. Patches for identified vulnerabilities are often included in these updates.

  • Use multi-factor authentication (MFA): To improve account security, you should turn on MFA whenever you can. Without the additional authentication, an attacker won't be able to access your accounts even if they manage to get your credentials.

Stay vigilant

The connectivity and convenience provided by the digital world are unparalleled, but it's important to be on alert of new cyberthreats like the evil twin attacks. These sneaky attacks take advantage of our trust in well-known networks, often with fatal consequences.

We can navigate the digital world with greater confidence and prevent our sensitive information from ending up in the hands of malicious hackers by understanding how evil twin attacks work and putting strong security measures in effect.

In the interconnected world that we live in we should keep informed, vigilant, and safe, to secure our most valuable assets.

Author Caroline Preisler

Caroline Preisler

Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.

View all posts by Caroline Preisler

Similar posts

What is a Man in the Middle Attack?
hacking

What is a Man in the Middle Attack?

A Man in the Middle attack involves a third party monitoring a transaction between two parties. Here we explain what it is, and what you can do about it.

30-11-2022 · 7 min.
Cyber insurance and why you should have it
cybercrime

Cyber insurance and why you should have it

We explain what cyber insurance is, what it entails and why it might be a good idea for your business to get one.

30-01-2023 · 5 min.
MaaS: A malicious service provider
malware

MaaS: A malicious service provider

MaaS is the hacker's answer to SaaS. Read on to learn what this means and how you can best protect yourself from the cyber attacks associated with MaaS.

24-07-2023 · 5 min.