An “evil twin” is a fake Wi-Fi network that looks just like a trustworthy, genuine network – for example, the guest Wi-Fi at a company, a café or a hotel. The attackers’ aim is to trick users into connecting to the fake network so that they can then steal their data.
The attacker sets up a Wi-Fi network with the same name (SSID) as a genuine network. If a device connects to it – often automatically if it recognises the genuine network – the attacker can, for example:
Intercept data traffic (e.g. passwords or emails)
distribute malware
Intercepting logins (e.g. to cloud services, corporate systems)
Here’s an example: employees log into a Wi-Fi network named ‘CompanyName_Guest’ whilst out and about in a café or at a trade fair – but in reality, it is a fake network set up by an attacker. This is particularly critical if they access internal systems or send emails containing confidential data.
Never allow automatic connection to known Wi-Fi networks
Use VPN connections, especially when out and about
Check Wi-Fi names – if in doubt, use mobile data instead
Run awareness-raising training sessions
Do not use sensitive services over public Wi-Fi networks
The ‘evil twin’ is an attack that is easy to carry out but highly effective – which is why raising awareness within the organisation is particularly important.
