What is an Evil Twin Attack – Understanding the Threat on Public Networks

We use our blog to educate users on various topics concerning privacy and security and to help you take preventive measures. One area that people don’t seem to realize is potentially dangerous, are Wi-Fi networks.

Evil Twin Attack

We have all been at a coffee shop, a mall or a public place that offered free Wi-Fi. While away from home or work, we carry our cellular internet with us, and quickly switch to Wi-Fi whenever it’s available to save the previous data plan. But little do most people realize that public Wi-Fi networks are very unsecure; it’s possible for someone to steal your information.

One frequent theme of FastestVPN is that it allows you to safely surf the web using public Wi-Fi networks. But why exactly is security on public Wi-Fi networks such a huge deal?

Before we explain that, you need to understand how internet communication works. Only then will you comfortably understand the pitfalls of using Wi-Fi without encryption.

Explaining How Internet Communication Works

You connect to the internet using your device and an internet service provider. When you type in an address in the URL bar of the web browser and hit enter, the request travels to the ISP who then forwards it to a DNS server.

A DNS server is a phonebook of the internet. Network devices speak to each other using IP addresses, all websites have a unique IP address that sit behind the alphanumeric name – such as www.fastestvpn.com. The DNS Resolver returns the address to the ISP who then returns the webpage to you.

This process of relying on the ISP is what puts your privacy at risk. The ISP can see every website that you visit and can even log all the activities.

Evil Twin Attack Explained

Like the evil twin you may be familiar with in movies, the one whose personality is a stark contrast to the protagonist, an Evil Twin is an attacker that impersonates the real access point.

The attackers trick you into connecting to its device by donning the same SSID (Service Set Identifier) as the access point around you. It’s known as a Man-in-the-Middle (MITM) attack.

When you use a Wi-Fi network, the SSID gets saved so that you can automatically connect to the network when you are in range – like visiting the coffee shop or the airport again, for example. Your device constantly reaches out for any SSIDs in range, including the one that’s already known to it. An attacker could see the broadcast for SSID “ABC” and set up an access point of the same name. Once your device is connected, the attack can begin.

Everything that you do on the internet from this point on will be fulfilled through access points. The attacker can do several things from here. For example, the attacker can show you fake login pages to steal your pages, show you a landing page saying that you’ve won a random lottery at the airport and ask for information, or redirect you to unsecure websites.

Most websites today use HTTPS (Hyper-text Transfer Protocol) which is the secure version of HTTP. It requires an SSL handshake; data such as login credentials are delivered in an encrypted form. So, it’s always in your benefit to visit websites protected with HTTPS. You can check for it by looking for the green padlock in the URL field of a web browser.

Also check out our list of Most Secure Browsers.

You would think that such nefarious attempts require deep technical understanding, but that’s not entirely true. If you know what Wi-Fi is and know your way around a computer then a couple of tutorials on the web will get you started.

Example of Evil Twin Attack

For example, the equipment you need for an evil twin attack is already sold legally. One such piece of equipment is Wi-Fi Pineapple. At first, it looks like a Wi-Fi router with a lot of antennas sticking out. But it’s actually a very powerful penetration testing tool used in ethical hacking. Professional hackers test a network’s security by attacking it, thereby exposing vulnerabilities.

But the very same equipment meant to improve security can also be used to carry out a Man-in-the-Middle Attack.

How to Prevent Evil Twin Attacks

The first step comes with the realization that such dangers exist, only then will you be mindful about where you connect and what you share on untrusted networks. Here are some of the things you can do to protect yourself.

  • Avoid Open Wi-Fi Networks

In this digital age, you can only trust yourself. The wireless access point at your home is the most trusted network since an attacker likely doesn’t have access to your network. It’s understandable how the temptation of free Wi-Fi in a public place might be a respite from the ever-draining and limited cellular data, but you risk losing security.

  • Use a VPN

A VPN connects you to a virtual server that is located remotely. FastestVPN’s global network of 550+ servers – for example – is a way to protect your online activities. It uses military-grade AES 256-bit encryption that’s near-impossible to break with today’s computational power.

Encryption is a way of converting plain text into ciphertext. A key is used to encrypt it and a key is used to decrypt it at the destination. Because only the receiver has the unique key for decryption, anyone intercepting your data will have nothing meaningful to read.

  • Browse with HTTPS

All big websites on the internet use HTTPS to encrypt sessions; they also automatically redirect you to the HTTPS version. But a large number of websites are still using HTTP. Make it a point to always visit domains that have “https://” in the prefix. An attacker can also redirect you to the unsecured version and monitor every activity.

  • Enable DNS Over HTTPS (DoH)

HTTPS encrypts data packets but it does not encrypt the DNS queries. DNS Over HTTPS remedies that by hiding your DNS queries under encryption. A hacker on the internet will not be able to see your destinations and redirect you to fake login pages of the same web pages. 

  • Disable Wi-Fi Auto-Connect

As we mentioned above, when your device loses connection to an access point, it will constantly broadcast to reconnect. That can potentially let someone know what SSID you are looking for. To prevent that, turn off the option that allows the device’s Wi-Fi to connect automatically.


When you are on the internet, always be careful about where you share your information. Fake login pages usually do a low-effort job on the visual appearance of the page, so that’s a good sign that something is wrong.

VPN ensures that whether you are using Wi-Fi at home or in a public place, internet communication is secured with encryption. Moreover, FastestVPN supports numerous apps and allows up to 10 device connections, which you can simultaneously use. So you could be with your friends in the coffee shop and let them benefit from VPN protection through a single account.

Take Control of Your Privacy Today! Unblock websites, access streaming platforms, and bypass ISP monitoring.

Get FastestVPN
Subscribe to Newsletter
Receive the trending posts of the week and the latest announcements from FastestVPN via our email newsletter.
0 0 votes
Article Rating

You May Also Like

Notify of
Inline Feedbacks
View all comments

Get the Deal of a Lifetime for $40!

  • 800+ servers
  • 10Gbps speeds
  • WireGuard
  • Double-VPN
  • 10 device connections
  • 31-day refund
Get FastestVPN