Skip to content

How Evil Twin Attacks Work and How to Protect Yourself

A man and woman looking worried because of an evil twin attack on their computer

Imagine, if you will, that you’re hooked on a soap opera. For years, your favorite character has been Wiley Finlay — a dashing, handsome, and reliable hero. However, he begins to act out of character. He looks like Finlay, he sounds the same, but Wiley Finlay now has a mustache to twirl and takes part in all sorts of dastardly deeds.

A big season finale reveal shows that this character is actually Riley Finlay…Wiley Finlay’s evil twin. You may wonder where we’re going with this illustration. Well, it turns out, when you access a familiar Wi-Fi network, it may have an evil twin out there, waiting to attack. 

Signing onto a public Wi-Fi network? Beware of evil twin attacks! These hacks play on our trust, but you can protect yourself if you know how.

What Is an Evil Twin Attack?

Evil twin attacks are a method used by nefarious hackers to lure unsuspecting users of public Wi-Fi. They mine your data and breach your security to gain access to protected information like your passwords, your bank account, your tax returns, and your Social Security number. 

Evil twin attacks have the potential to wreak havoc through your life. These attacks mirror real, secure networks, and typically occur within public Wi-Fi networks. An evil twin will show a network name and address that looks almost identical to a legitimate public network. The goal is to trick those attempting to connect to a Starbucks Wi-Fi, an airport domain, or another open public network. 

It’s tricky to differentiate between these bogus networks and valid networks offered in public spaces. Evil twin hackers can set up their fake hotspots from a phone or a tablet. And they often operate in the open. The creepy guy next to you at the coffee shop who keeps staring your way? He might not be stalking you, but he could be after your internet data.

How Do Evil Twins Use Captive Portals?

Captive portals are used by many companies that operate online. These are the pages you’re directed to that require a password and other log-in details to connect you to a public network. They can act as extra security measures and help users to feel protected. 

If you access a public network that doesn’t prompt you to enter a password or read a service agreement, it may mean that the network is not secure. However, although an evil twin can clone an open network, if you haven’t entered any password protected sites, they’re less likely to access your personal data.

An evil twin takes advantage of this protocol by using the same Wi-Fi name as the recognizable public network name and setting up a fake captive portal. Even with antivirus and firewall measures, your laptop or tablet may not be able to distinguish between the valid network and the impostor. 

Here’s a tip to protect yourself. When you bring up the menu, look for the “secure” notation (typically a lock icon) by a network’s name.

Evil Twin Attack Infographics

Other Evil-Twin Methods

Once an evil twin hacker sets up a fake network, they will try to place their hotspot device as close to as many users as possible — for instance, the center table in a busy coffee shop. Again, any smart device can be used to set up an evil twin access point. 

Hackers can use phones, tablets, or laptops. This allows the evil twin to lure in as many users as possible. Without thinking, you may click on “available networks.” If you see two Bob’s Coffee access points pop up, you’re probably more apt to click on the option with the strongest Wi-Fi signal. 

If the evil twin hacker has set up shop in closer proximity to you than the shop’s router, their signal will appear the strongest. A great day for an evil twin will see a multitude of hacked devices within a small window of time.

How Evil Twin Hackers Get Access to More Victims

Evil twins may also use a Wi-Fi Pineapple to expand the range of the computers they can attack. A Wi-Fi Pineapple is an auditing platform that exposes network security vulnerabilities that evil twin attackers may use as a way into your system. 

Hackers utilizing this platform don’t need to remain as close to your device to emit a strong network signal. Thus, more users may click on their evil twin network. 

Ironically, Wi-Fi Pineapple is a tool marketed to network security administrators. Evil twin attacks and man in the middle (MitM) attacks routinely use Wi-Fi Pineapple to set up fake network addresses.

A woman looking at her monitor in shock at having her identity stolen

The Harm Caused by an Evil Twin Attack

Once you’ve suffered an evil twin attack, it may be days or weeks before you have any idea it occurred. An evil twin hacker will collect as many of your login and personal credentials as possible. Then they will store them and slip away undetected. 

If you’ve logged onto your bank account or have made an online payment from an evil twin posing as a public network, a hacker can easily obtain your sensitive information. Weeks later, you might discover new credit cards have been opened in your name. Or perhaps your passwords have changed on secured sites that you visit. 

An evil twin hacker can also secretly install malware on your operating system. After using a public Wi-Fi network, make sure you run your software security program to check for viruses or malware. 

What to Do if You’ve Endured an Evil Twin Attack

If you’ve inadvertently logged into private sites via a public Wi-Fi network, monitor your accounts closely. Look for fraudulent charges or sites that you use frequently which no longer recognize your password or username. 

The good news is, there are steps you can take if you discover you’ve been a victim of an evil twin attack. After an attack, you should :

  • Call your bank or credit card company to address fraudulent charges
  • File a police report over the online theft of funds
  • File a complaint with the FCC
  • Change all of your online passwords
  • Ensure that any antivirus software you have installed is up-to-date and reputable
  • Stay cautious when logging into unsecured or public networks.
A mobile phone trying to connect to free WiFi

Steps to Protect Yourself Against an Evil Twin Attack

It’s vital to understand ways to protect your online access from a variety of hacker attacks. While it may prove difficult to identify an evil twin attack before it occurs, you can protect yourself from falling victim to Riley Finlay and his malevolent intentions.  

You can protect yourself by taking the following steps:

  • Use your mobile hotspot as a network and bypass public networks altogether. By switching your phone’s connection to a mobile hotspot, you ensure that you’re the only one with Wi-Fi access to the device you’re using in a public space.
  • Never assign the “auto-connect” option to a public Wi-Fi network — even if you’ve used it before. Auto-connecting may bypass security keys or other protection features offered by legit public networks. Your computer will search for the strongest signal associated with the network address. It may switch on the evil twin’s bogus address.
  • Even if the only public Wi-Fi network options are unsecured networks, avoid using these for anything other than general internet browsing. 
  • Use a VPN. VPNs are a great security measure that allow you to use your virtual private network anywhere you go. VPNs encrypt your data and protect your information from hackers.
  • Avoid logging into your banking application or credit card account when in  a public space.
  • Choose the two-factor authentication security option for your online accounts. Adding this extra step in protection will deter evil twin hackers and prevent them from gaining access to your data.
  • Only visit sites that begin with an “https://” in their address.
  • If your computer kicks you off of the internet, don’t dismiss this as a weird glitch. It may have recognized that the network address you’re using isn’t legitimate.
  • Regularly change your passwords, and don’t use the same passwords for multiple sites.
  • Ensure the passwords you use for sensitive sites are strong and a combination of upper and lowercase letters, numbers, and symbols.
  • If there are two Wi-Fi options listed with the same address, don’t open either. If you’re in a public space offering free Wi-Fi, ask any employee if their network is password protected.

Be Aware of the Dangers of Evil Twin Attacks When You’re in Public

Evil twins like to show off — they often strike in public. However, the further away your device is from their access point, the less likely you are to fall for an evil twin trap. When you’re logging into any network, pay close attention to the details and to your surroundings. It’s best to sit away from others whenever possible. 

These hackers typically work alone, but they know what they’re doing. Follow the steps above to protect yourself from evil twin attacks. And remember: At first glance, evil twins look exactly like their good, authentic counterparts.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking Basics: Learn How Networks Work
  • Online Privacy
  • Online Safety
  • Uncategorized
Reverse Image Search: Guide and Tools

Reverse Image Search: Guide and Tools

Have you ever seen an image somewhere and wondered, Where have I seen that before? Or maybe…

[Read More]
How to Fix a Wet Smartphone

How to Fix a Wet Smartphone: Important Steps to Take

Although unheard of 25 years ago, we now collectively depend on our smartphones. Americans use smartphones to…

[Read More]
Can you unsend an iMessage?

How to Unsend an iMessage: A Quick Guide

We’ve all experienced that Homer Simpson DOH! feeling after hitting send on a message we did not…

[Read More]
Mark Kreitzman talks about SIM swapping, mobile security, and how most mobile carrieres are putting you at risk.

Mobile Security Factors to Protect Your Phone from Criminals

Your phone is not as secure as you think. There are lots of ways for hackers, criminals,…

[Read More]
Cars today have many microprocessors and sensors. They gather a lot of data to power advanced features, boost safety, and make driving smarter.

What Does Your Car Know About You?

Cars are smarter than ever before. Cars have had computers since 1968, but today, there are thousands…

[Read More]
How to Protect Your iPhone

How to Secure Your iPhone Against iMessage Vulnerabilities

Have you heard about the Operation Triangulation attacks that targeted iPhones from 2019-2023? According to Kaspersky, a somewhat…

[Read More]