Evil twin attacks usually occur when using public WiFi. With more people working remotely – perhaps at cafes or libraries – the chances of it happening increase. However, it’s not only public WiFi that can be duplicated, your company’s guest network can too. This makes confidential company information vulnerable to hackers.
What is an evil twin attack?
An evil twin attack is when a hacker creates a fake WiFi access point, then intercepts data between that and the user via a Man-in-the-Middle (MITM) attack. Hackers target open WiFi spots where there are often multiple networks with similar names to choose from. They’ll spot you with a laptop and sit close to create a strong connection on their network, making it more attractive.
What to do if you’re the victim of an evil twin attack
Unfortunately, it’s almost impossible to know you’ve been victim to an evil twin attack until it’s too late – you might notice unauthorised transactions on your bank account. Then, all you can do is alert your bank and strengthen your passwords.
How to prevent an attack
There are a number of ways to protect yourself – and your employees – against evil twin attacks:
- Avoid unsecured WiFi hotspots. If you do connect to one, make sure you stick to HTTPS websites, which have end-to-end encryption, and pay attention to any warning notifications that appear.
- Use your own hotspot. This will connect you to a reliable network, reducing the risk of getting hacked. Make sure your access point is password protected.
- Use multi-factor authentication. This adds an extra layer of security by requiring you to provide additional information, beyond your password, that the hacker can’t access.
- Avoid logging into private accounts on public WiFi. Information can only be accessed by a hacker if you login whilst connected to their network.
- Use a VPN. This encrypts your data regardless of the network you’re using. So, even if you connect to a fake network, the hacker can’t read or understand your online activity.