What is an Evil Twin Attack and How to Spot One

No longer can you head to your local coffee shop on a Saturday morning and safely browse the internet. Evil Twin attacks mimic a legitimate network and trick the user into logging in by posing as a legitimate internet source. An evil twin network is indistinguishable from the real thing and is nearly impossible to identify. 

The assault is usually a severe form of spoofing, whereby scammers steal personal information and money or infect the machine with malware. Once access has been established, hackers can attack every device area, including secure credentials to network paths. 

Public hotspots are growing at a staggering pace. Forecasts show nearly 540 million free wi-fi hotspots worldwide, with more coming online every minute. This massive number of wi-fi access points offers hackers fertile ground to attack.

Evil Twin Attacks

Tricking users into believing they are logging into a legitimate public network takes planning. The fake network must be as authentic as possible for the attack to work.

Hackers must first decide on the right location for their attack. Coffee shops, airports, libraries, and other similar locations make it easier for a fake network to go unnoticed. Most busy locations have multiple access points, making it much easier for a hacker’s fake network to go unnoticed. Most skilled attackers have several locations in the process all the time.

Once locations have been established, hackers create the evil twin access point. Hotspots are created using the same Service Set Identifier (SSID) name as the legitimate network. SSID names such as HELP or GUEST are popular among hackers. Any device can be used, and multiple devices are usually in play with more extensive operations. 

A Large variety of devices can be used, from smartphones and computers to portable routers and tablets. Wi-fi extenders are used to broaden the range.

Captive portal pages are created to extend the evil twin network. A captive portal page is one in which a user is guided to a specific login page, similar to the ones users encounter daily. These pages require the user to enter only a name and password and are identical to the actual page. Hackers create multiple portal pages to get unwitting users to send their credentials.

Another ploy for evil twin hackers is to move closer to their victims, creating a more robust network signal giving the allure of a solid native network. Robust evil twin networks will often cause the device to connect automatically. After the evil twin network has been set up and users start to access the network, hackers begin collecting data.

Attackers can access live user data, from scrolling through social media accounts to accessing user bank account information. Evil twin attacks are hazardous if the user accesses multiple sensitive accounts with the same login credentials.

Detection

Wi-fi has become an enormous breeding ground for the world’s hackers and cyber-criminals. With the rapid rise of remote work environments, companies are unwittingly exposing their networks to savvy hackers. If the attack is successful, hackers can steal login information and see sensitive details of transactions you make with financial institutions. For example, you have connected to your bank through an evil twin network. The hacker sees the transactions as you make them and can be rerouted to their bank accounts. 

Evil Twin networks are easier to find with network sniffing tools. These tools are easy to use and can be set up in a short period of time. Sniffing tools monitor data packets across the network. The tool can filter IP addresses, protocols, and data types. It is wise to remember that hackers also use sniffing tools to find the right network path.

There are a couple of best practices to help users stay away from fishy connections. 

• Always pay attention to network names. Not all hackers are the most intelligent people on the planet, and most are lazy when setting up an evil twin network using misspelled words. Pay close attention to misspelled words and apparent errors. Hackers will replace or forget to use a single letter in the name, which most people overlook. 
• Modern-day smartphones and computers are well-equipped to find network errors and other malware that may threaten your device. Pay attention to these errors; you may be better off by not connecting. 

Prevention

Making sure the networks you use daily are monitored and locked down is the best way to prevent an Evil Twin network. 

• VPNs are now a plentiful resource that can make communications stress free. A VPN service is made to prevent hackers from monitoring your online activity. A VPN is an excellent tool to secure your conversations and financial transactions. 
• Most browsers, by default, will only connect to HTTPS sites. These website connections are encrypted, preventing onlookers and other sneaky people from viewing your activity. Surfing only to an HTTPS site may become impossible if you want to explore the web.

If you want to surf only the HTTPS site, use the HTTPS Everywhere extension, which is compatible with most browsers. The extension fixes many problems people have when surfing secure sites. The extension makes sure connections are fully encrypted.

• Most smartphones and computers have an auto-connect feature, which can be a big problem if an Evil Twin attack is on the way. Auto connect is done via a wi-fi SSID name. This feature means that the device cannot distinguish between a legitimate network and its evil twin.
• It seems that every business has free wi-fi service. If possible, stay away from these connections unless your device is fully protected. The wi-fi network down at your local coffee shop may be the best thing since sliced bread; however, everyone is listening in on your surfing.
• Limiting your online activities can help if you suspect there may be an evil twin network lurking nearby. Avoid visiting sites that you feel may further compromise your network connection. Do not visit any site that may contain sensitive information. 

Be Cautious of All Types of Attacks Coming Your Way

Malware, evil twins, spoofing, and an endless number of cyber attacks are just waiting to overwhelm your smartphone or computer. It is imperative for anyone using an online device to be aware of the assaults coming their way. Prevention is the only answer.