What is Evil Twin Attack?
A WiFi attack where an attacker creates a fake access point that mimics a legitimate network, tricking devices into connecting and exposing their traffic.
An evil twin is a rogue WiFi access point designed to look identical to a real one. It's one of the easiest wireless attacks to execute.
How It Works
- Attacker sets up a WiFi hotspot with the same name (SSID) as a legitimate network
- Uses a stronger signal to attract connections
- Optionally jams the real access point to force disconnections
- Victims connect to the evil twin thinking it's the real network
- Attacker can see all unencrypted traffic and perform man-in-the-middle attacks
Common Targets
- Coffee shops, airports, hotels, conferences
- Corporate networks (during physical security assessments)
Protection
- Always use a VPN on public WiFi
- Verify the network with staff before connecting
- Forget networks when you leave (prevents auto-reconnect)
- Disable auto-join for public networks
- Use cellular data instead of public WiFi when possible
Related Terms
Captive Portal
A web page that forces users to interact with it before granting internet access, commonly used in hotel, airport, and cafe WiFi networks.
Man-in-the-Middle Attack
An attack where the adversary secretly intercepts and potentially alters communications between two parties who believe they're communicating directly with each other. MITM attacks can capture credentials, inject malware, or modify data.
Virtual Private Network
A technology that creates a secure, encrypted connection over a less secure network, such as the public internet. VPNs mask your IP address, encrypt your internet traffic, and can make it appear as though you're browsing from a different location.
Have more questions?
Use our guided flow to get the right next privacy step for Evil Twin Attack.
Open Guided Flow