Evil Twin (Wi-Fi Attack)

An evil twin attack involves a fraudster setting up a Wi-Fi hotspot with an identical — or near-identical — name (SSID) to a real network, such as a cafe's guest Wi-Fi or a hotel network. When a user's device auto-connects, or when they manually choose it thinking it is legitimate, all unencrypted traffic passes through the attacker's equipment.

The attacker can perform man-in-the-middle interception, capture login credentials submitted over unencrypted HTTP, inject malicious code into web pages, redirect users to phishing sites, or monitor browsing activity. Even HTTPS traffic can be vulnerable if the attacker presents a forged certificate that the user dismisses or that slips past an outdated browser.

Evil twin attacks require only inexpensive hardware — a laptop and a USB Wi-Fi adapter — making them accessible to attackers with modest technical skill. Defence includes using a VPN whenever on public Wi-Fi, verifying the exact network name with staff before connecting, and avoiding sensitive transactions on public networks.