How to Protect Against Evil Twin Attacks

You’re sat in a cafe waiting for a friend to arrive. You get there a little earlier than expected and when you check your phone to see where they are, you notice the cafe has its own public Wi-Fi network.

Great stuff! Now you’ll be able to kill some time while you’re waiting for your friend to arrive. It’s only hours later, once your friend has arrived and you’ve settled your bill, that you speak to a member of staff and discover that the cafe doesn’t actually have Wi-Fi. Wait a minute, what were you actually connected too? Uh-oh… 

What Are Evil Twin Attacks? 

This is a common scenario and its one of the reasons that evil twin attacks are becoming so popular. An evil twin attack is a fraudulent Wi-Fi access point that has been set up with the sole purpose of stealing information from the people that connect to it.

They’re often disguised with clever names that look legitimate. In the case of a coffee shop, the Wi-Fi network might share the same name as the business. Once you’ve connected to the fraudulent network, the hackers that control it will be able to see everything that you’re doing.

This means any passwords you enter on important websites that you visit, such as online banking or online stores such as Amazon, will also be shared with hackers. 

If you’ve ever used a public network before, you’ll be aware that one of the first things you’re asked to do when you connect to the network is to register your log-in information on a Captive Portal page.

Unfortunately, one of the biggest downfalls of Captive Portals such as those used for public networks is there’s no standard on how they should look, which makes them so easier for hackers to replicate. A Captive Portal on an evil twin network will usually look just the same as a legitimate one on a public network. 

Once the hacker has your information, they can monitor your network traffic and what you get up to online. They can also use the information they captured during your initial log-in and run it through software that shows what websites you’re registered with. If you share the same password across multiple websites, you’re in trouble. 

Methods To Prevent Evil Twin Attacks 

1. Never Connect To Public Networks 

It may sound obvious, but one of the easiest ways to protect against evil twin attacks is to never connect any of your devices to a public network. Even when you’re connected to a legitimate public network, your devices are still vulnerable as you have no idea about the levels of security that the access point is offering.

You should only ever connect your devices to networks that you trust. You should avoid connecting to any Wi-Fi hotspots too, even if they say they’re ‘secure’. The provider’s definition of ‘secure’ could be completely different from your own! 

2. Avoid Clicking Unusual Links

Another danger of evil twin attacks is they also operate as phishing scams. Depending on how much information was given away during the initial log-in, if it wasn’t enough, victims might be lured to a phishing site in the hope that hackers will be able to extract more information from them.

This goes without saying, but you should never click on any links or website pop-ups that you don’t recognize, no matter how enticing the offer might be. 

3. Use a VPN 

If you find yourself in a situation where you have to connect to a public W-Fi network, make sure you do it using a VPN. As a VPN encrypts your internet connection, it’ll protect you from many of the security threats that are posed by public networks.

Be warned though: your VPN can only protect you against so much. Even if you’re using a VPN and mistakingly click on a phishing link and give the hackers everything they need by entering your username and password, you won’t be protected. 

Are Public Networks Safe? 

We’d always advise against connecting any of your devices to a public Wi-Fi network. Doing so puts you at risk from a variety of different hacking threats and even when you’re using a VPN, these threats are only minimized, never completely eliminated.

If you truly care about your online security, make sure you only browse the internet when you’re using a VPN on your own private network. If you’re not using a VPN already, knowing what to look for isn’t easy.

To help, we’ve compiled a list of the best VPNs that are out there to help keep you safe online. Visit our reviews page here to take a look and make your decision.