Evil Twin

By listing this name, you might have thought that Evil twin is some staff of the horror movies, but this is not the thing, it is a thing of the online world, where they try to steal your sensitive details while browsing something in public Wi-Fi. In this article, you will know what is all about evil-twin attack and how it performs, and how you will protect yourself from it.

What is all about the Evil Twin Attacks?

It is a hack attack where hackers set up fake Wi-Fi that looks legitimate access, but it will steal the victim’s sensitive details. Victims are the common men like you and me. One important thing is the attack performed by the man-in-the-middle (MITM).


There are few fake Wi-Fi access points that mainly use for eavesdrop to steal the victim’s login credentials and other important information. For hackers, it is very easy to do because they have the equipment and intercept things like bank transactions.

This type of access point also can be used for phishing the scam. Victims will connect to the evil twin then they will get connected with the phishing site. This evil twin prompts them so that they collect your sensitive data nothing but login details. It can be sent directly to the hacker, and as soon as it gets hack, it will disconnect the victim and show the server temporarily available.

Evil Twin Attack Step by Step Procedure:

For hacking the site, hackers need impatient web users to pull the evil twin attack. Unfortunately, most of us fall into this category. Whenever we go to a public place, we connect our devices with free Wi-Fi and start using that.

The Attacker typically works like this:

Step 1: Need to set up an evil twin access point:  Hackers always look for free access with popular Wi-Fi. Hackers also see that Service Set Identifier (SSID), then he will use the tool and set the new account. They will do it so neatly that you will not distinguish between the fake and legitimate versions.

Step 2: Need to set up a fake captive portal: Before you sign any public WiFi account, you need to fill in the data, and the hacker will set everything in the same way, which will trick the victim and allow him to enter authentication details. As soon as hacker gets those, they can quickly log in to the network and control it.

Step 3: Encourage the victims to connect to the evil twin WiFi: Hackers always try to move close to the victim so that the victim gets the stronger connection and they combine their phone with the link. Whenever you are connecting newly, you can only see the evil twin; after you tap, you can log in. Hackers can easily kick-off when they get denial of service (DDoS) attacks. This is to take the server offline and make the mass logins.

Step 4: The hacker steals the data: Whenever you get connected via hacker, it will be the man-in-the-middle attack. This will allow an attacker to monitor everything, whatever is happening online whenever a victim user login to the bank account hacker will see that and save the login details.

Evil Twin Attacks: 2 Examples

Why anybody needs to sit between the customer and the website? Here you will come to know the reason with example.

Let’s imagine the hacker sitting inside in the local coffee shop:

  1. Hacker has already done with his setup, and now he needs to create the evil twin network, and one person has logged in to it.
  2. Attack has begun, and the victim has no idea about the insecure connection and they are trying to log into the banking page. He has also agreed to transfer $100 to his friend.
  3. Hackers transform the data and send a request to change the account on their own. Bank will start the process, and the transaction will happen; by the hacker will change the receipt, and the victim will think that he has completed his work by doing the transaction.

Another Version of Attack:

  1. As soon as the setup gets successful hacker will create the evil twin network with the phishing site.
  2. Connection will get initiated, and the victim has to log in the phishing site to gain access. The person will believe that they are into actual sites like Google and Facebook. But they are getting connected with the hacker.
  3. This is the time when a hacker steals the target data. Hackers will see the login data and save it. They will use that data to steal the funds, and sell the credential in the black market.
  4. After the work completion hacker will release the victim and disconnect the connection. Still, the victim does the next login, he will not have any idea that his login id is invalid.

Prevent the Next Attack

Since most people connect the free WiFi connection, we need to find the quickest and safest way to avoid hackers. Those are discussing below:

  1. Use VPN: This is a virtual private network that encrypt the data. This has to be pass between your device and the web where your system can be safe though you are dealing with the hacker.
  2. Turn off autosaves: Your device will seek out WiFi connection; that time it will ask for help. You will have a turn off option where you need to be mindful before you use it.
  3. Be judicious: As soon as you are login to the WiFi system without VPN, you need to be careful about your login. You should not tap into your bank account or any other work server if you are looking for the Twitter, then you can accept the risk.

Final Thought

An evil twin is just a method which hackers use to steal data. IP spoofing attacks are very dangerous; it is tough to get them. We hope by reading this you can protect yourself.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.