{
	"id": "d60210bd-86d4-4969-a877-27f85ba9158a",
	"created_at": "2026-04-06T01:31:57.542889Z",
	"updated_at": "2026-04-10T13:11:21.440815Z",
	"deleted_at": null,
	"sha1_hash": "44d668c6042988a8086d8337d69011ecdb95920b",
	"title": "Evil twin attacks and how to prevent them",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 115964,
	"plain_text": "Evil twin attacks and how to prevent them\r\nBy Kaspersky\r\nPublished: 2017-10-13 · Archived: 2026-04-06 00:48:24 UTC\r\nIt's natural to use public Wi-Fi to check messages or browse online when you're out and about – shopping,\r\ntraveling, or simply grabbing a coffee. But using public Wi-Fi can carry risks, one of which is evil twin hacking.\r\nRead on to learn about evil twin attacks and how to avoid them.\r\nWhat is an evil twin attack?\r\nAn evil twin attack takes place when an attacker sets up a fake Wi-Fi access point hoping that users will connect\r\nto it instead of a legitimate one. When users connect to this access point, all the data they share with the network\r\npasses through a server controlled by the attacker. An attacker can create an evil twin with a smartphone or other\r\ninternet-capable device and some readily available software. Evil twin attacks are more common on public Wi-Fi\r\nnetworks which are unsecured and leave your personal data vulnerable.\r\nHow do evil twin attacks work?\r\nHere’s how a typical evil twin Wi-Fi attack works:\r\nStep 1: Looking for the right location\r\nHackers typically look for busy locations with free, popular Wi-Fi. This includes spaces like coffee shops,\r\nlibraries, or airports, which often have multiple access points with the same name. This makes it easy for the\r\nhacker’s fake network to go undetected.\r\nStep 2: Setting up a Wi-Fi access point\r\nThe hacker then takes note of the legitimate network's Service Set Identifier (SSID) and sets up a new account\r\nwith the same SSID. They can use almost any device to do this, including smartphones, laptops, tablets, or\r\nportable routers. They may use a device called a Wi-Fi Pineapple to achieve a broader range. Connected devices\r\ncan’t distinguish between genuine connections and fake versions.\r\nStep 3: Encouraging victims to connect to the evil twin Wi-Fi\r\nThe hacker may move closer to their victims to create a stronger connection signal than the legitimate versions.\r\nThis convinces people to select their network over the weaker ones and forces some devices to connect\r\nautomatically.\r\nStep 4: Setting up a fake captive portal\r\nBefore you can sign in to many public Wi-Fi accounts, you must submit data on a generic login page. Evil twin\r\nhackers set up a copy of this page, hoping to trick unsuspecting victims into disclosing their login credentials.\r\nhttps://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks\r\nPage 1 of 5\n\nOnce the hackers have those, they can log in to the network and control it.\r\nStep 5: Stealing victims’ data\r\nAnyone who logs in connects via the hacker. This is a classic man-in-the-middle attack that allows the attacker to\r\nmonitor the victim's online activity, whether scrolling through social media or accessing their bank accounts.\r\nSuppose a user logs in to any of their accounts. In that case, the hacker can steal their login credentials – which is\r\nespecially dangerous if the victim uses the same credentials for multiple accounts.\r\nWhy are evil twin attacks so dangerous?\r\nEvil twin attacks are dangerous because, when successful, they allow hackers to access your device. This means\r\nthey can potentially steal login credentials and other private information, including financial data (if the user\r\ncarries out financial transactions when connected to the evil twin Wi-Fi). In addition, the hackers could also insert\r\nmalware into your device.\r\nEvil twin Wi-Fi attacks often don't leave tell-tale signs which could expose their true nature. They perform their\r\nprimary task of providing access to the internet, and many victims won't question it. Users may only realize\r\nthey've been victimized by an evil twin attack afterward when they notice unauthorized actions performed on their\r\nbehalf.\r\nhttps://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks\r\nPage 2 of 5\n\nEvil twin attack example\r\nA person decides to visit their local coffee shop. Once they are seated with their coffee, they connect to the public\r\nWi-Fi network. They have connected to this access point before without problem, so they have no reason to be\r\nsuspicious. However, on this occasion, a hacker has set up an evil twin network with an identical SSID name.\r\nBecause they are seated close to the unsuspecting target, their fake network has a stronger signal than the coffee\r\nshop’s real network. As a result, the target connects to it even though it’s listed as ‘Unsecure’.\r\nOnce online, the target logs into their bank account to transfer some money to a friend. Because they are not using\r\na VPN or Virtual Private Network, which would encrypt their data, the evil twin network allows hackers to access\r\ntheir banking information. The victim only becomes aware of this later when they realize unauthorized\r\ntransactions have taken place in their account, causing them financial loss.\r\nRogue access point vs evil twin – what's the difference?\r\nSo, what’s the difference between a rogue access point and an evil twin access point?\r\nA rogue access point is an illegitimate access point plugged into a network to create a bypass from outside\r\ninto the legitimate network.\r\nBy contrast, an evil twin is a copy of a legitimate access point. Its objective is slightly different: it tries to\r\nlure unsuspecting victims into connecting to the fake network to steal information.\r\nWhile they are not the same, an evil twin could be considered a form of rogue access point.\r\nWhat to do if you fall victim to an evil twin attack\r\nhttps://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks\r\nPage 3 of 5\n\nIf your data is breached through an evil twin Wi-Fi attack, or you suffer financial loss because a hacker stole\r\nmoney or accessed your banking information during the attack, then contact your bank or credit card company\r\nimmediately. You should also change your passwords across the board (you can read tips on choosing a strong\r\npassword here). Depending on the severity of the attack, you could contact your local police department too, as\r\nwell as file a complaint with the relevant consumer protection body in your country.\r\nHow to protect your device from evil twins\r\nTo avoid falling victim to a fake hotspot or evil twin hacking, here are some precautions you can take:\r\nAvoid unsecured Wi-Fi hotspots:\r\nIf you have to connect to a public network, avoid access points marked as ‘Unsecure’. Unsecured networks don't\r\nhave security features, and evil twin networks nearly always have this designation. Hackers often rely on people\r\nnot knowing the risks and connecting to their network anyway.\r\nUse your own hotspot:\r\nUsing your own personal hotspot instead of public Wi-Fi will protect you from evil twin attacks. This is because\r\nyou’ll be connected to a reliable network when you’re out and about, which reduces the risk of hackers accessing\r\nyour data. Set a password to keep your access point private.\r\nCheck warning notifications:\r\nIf you try connecting to a network and your device alerts you to something suspicious, take notice. Not all users\r\ndo, which can have negative consequences. Instead of dismissing those seemingly annoying warnings, pay\r\nattention because your device is trying to protect you from danger.\r\nDisable auto-connect:\r\nIf you have auto-connect enabled on your device, it will automatically connect to any networks that you have used\r\nbefore once you're in range. This can be dangerous in public places, especially if you have unknowingly\r\nconnected to an evil twin network in the past. Instead, disable the auto-connect feature whenever you’re out of the\r\nhome or office and let your device ask for permission first before connecting. That way, you can check the\r\nnetwork and approve or disapprove.\r\nAvoid logging into private accounts on public Wi-Fi:\r\nWhere possible, avoid carrying out financial or personal transactions on public Wi-Fi. Hackers can only access\r\nyour login information if you use it while connected to their evil twin network, so remaining signed out can help\r\nprotect your private information.\r\nUse multi-factor authentication:\r\nMulti-factor authentication is when two or more steps are required to log into a system. You may combine a\r\npassword requirement with a code sent to your mobile phone that you need to enter to proceed. This provides an\r\nhttps://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks\r\nPage 4 of 5\n\nadded layer of security between hackers and your information. Where accounts offer multi-factor authentication,\r\nit's worth setting it up.\r\nStick to HTTPS websites:\r\nWhen using a public network, make sure you only visit HTTPS websites, as opposed to HTTP. (The ‘s’ stands for\r\nsecure.) An HTTPS website will have end-to-end encryption, which prevents hackers from seeing what you are\r\ndoing.\r\nUse a VPN:\r\nA VPN or Virtual Private Network protects you from evil twin attacks by encrypting your data on the internet no\r\nmatter the network you are using. A reliable VPN such as Kaspersky Secure Connection encrypts or scrambles\r\nyour online activity before sending it to the network, making it impossible for a hacker to read or understand.\r\nYou can also make sure to have a comprehensive security product installed. Kaspersky Internet Security protects\r\nyour device from a wide range of cyberthreats.\r\nKaspersky Internet Security received two AV-TEST awards for the best performance \u0026 protection for an internet\r\nsecurity product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection\r\nagainst cyberthreats.\r\nRelated articles:\r\nPublic Wi-Fi safety tips\r\nGood cyber hygiene habits to help you stay safe online\r\nPersonal online privacy tips\r\nMessaging app security\r\nSource: https://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks\r\nhttps://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks"
	],
	"report_names": [
		"evil-twin-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775439117,
	"ts_updated_at": 1775826681,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/44d668c6042988a8086d8337d69011ecdb95920b.pdf",
		"text": "https://archive.orkl.eu/44d668c6042988a8086d8337d69011ecdb95920b.txt",
		"img": "https://archive.orkl.eu/44d668c6042988a8086d8337d69011ecdb95920b.jpg"
	}
}