How to Spot Fake “Evil Twin” Public Wi-Fi Networks Run by Hackers

Bernt Fuglseth 25-10-2018

Whether you’re in an airport, in a coffee shop, or a library, free Wi-Fi is available almost everywhere these days. Unfortunately, not all free Wi-Fi networks are vigilantly protected when it comes to their IT security.


That Wi-Fi network you’re using could be open to security threats by hackers and cybercriminals, putting your personal information at risk. Here’s what you need to know about fake Wi-Fi networks.

Why Do Hackers Use Fake Wi-Fi Networks?

Starbucks Wi-Fi login page

Public Wi-Fi is often a target for Man in the Middle (MITM) attacks. According to SaferVPN, up to 25 percent of all public hotspots are used by hackers to access your personal information.

Besides taking advantage of any insecure Wi-Fi networks to steal your identity 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity You might love using public Wi-Fi -- but so do hackers. Here are five ways cybercriminals can access your private data and steal your identity, while you're enjoying a latte and a bagel. Read More , two additional Wi-Fi vulnerabilities that hackers can use are Rogue Access Points (AP) and Evil Twins. These are seemingly genuine wireless networks created to trick potential victims into giving away their personal information.

They can look and act as what you would expect from a real network. This includes using the same or similar name (think Starbucks Wi-fi versus Starbucks Free Wi-Fi), and the same login screen.


While connected to an insecure and unencrypted network, you are at minimum giving the hacker free access to anything you do while online. This includes grabbing any usernames, passwords and other personal information that you enter.

At most you’ll download a virus or malware and give them full access to your device even after you disconnect from the insecure “network”.

If you connect to a network where a credit card is required for access, like a hotel, or an airplane “pay per hour” network, the hacker will have copied your credit card info even before you start browsing. In short, any data you upload or download while on the hacker’s Wi-Fi is visible to them.

While there are other ways hackers can use public Wi-Fi to steal your identity, we’re going to focus on what Evil Twins and Rogue Access Points are, what to look for, and what you should do if you connect to one.


What Is a Rogue Access Point (AP)?

hilton wifi login screen

A Rogue AP, sometimes used interchangeably with Evil Twin, is an insecure device connected to a network unbeknownst to the owner. This device will broadcast its own Wi-Fi that will connect you to the genuine network created by the business.

It will seem like connecting to the Wi-Fi as normal, but your connection will go via the hacker’s access point instead of the intended secure device.

A hacker will usually combine this with a Denial of Service attack What Is a DDoS Attack? [MakeUseOf Explains] The term DDoS whistles past whenever cyber-activism rears up its head en-masse. These kind of attacks make international headlines because of multiple reasons. The issues that jumpstart those DDoS attacks are often controversial or highly... Read More on the original access point to disable it, making theirs the only available signal.


Rogue Access Points are a massive security issue that threaten the security of all the connected users. Any network security features and firewalls that may be enabled on the network will not affect a Rogue APs access to your transmitted data.

A Rogue AP is difficult to spot as a user. However, if you’re worried that you might have any extra devices on your network, here’s how to find a rogue device on your network.

What Is an Evil Twin Wi-Fi Network?

An Evil Twin is technically a type of Rogue Access Point that can be set up with any phone or laptop with wireless capabilities. It differs in that it’s not strictly connected to the business’ Wi-Fi unknowingly. The hacker will set up a duplicate wireless network that also looks and acts the same way as the original network, down to using the same name and seemingly the same security features.

The signal of this Wi-Fi will usually overpower that of the real network, simply by being physically closer to the user. Again, a Denial of Service attack to knock out the original access point is not uncommon in this scenario.


Either way, this means that potential victims will connect to the hacker’s signal rather than the genuine network.

How to Spot an Evil Twin Wi-Fi Network

Unfortunately, in real life, evil twins don’t wear goatees to make them easy to identify. Don’t assume that because the name of the Wi-Fi is “Starbucks Free Wi-fi”, that it is secure, or even that it belongs to Starbucks.

Oddly enough, the easiest Evil Twins to spot can be those that are password protected. If you purposely enter the wrong password and you don’t get an error message, the access point is likely fake. An Evil Twins will commonly let anyone access it regardless of the password you enter.

Look out for very slow network connections. This could be a sign that the hacker is using mobile internet to connect you to the web.

Also, pay attention to the address bar of the websites you visit. If your banking website shows an unencrypted HTTP version instead of HTTPS, your connection is definitely unsafe. This is called SSL Stripping, and a hacker can get your passwords or banking details as you enter them.

It’s easy for a hacker to redirect you to a fake version of any website if you connect through their device, and this way, they can get your login details as soon as you enter them. Using a VPN will not protect you in these cases, as you are entering your information into the hacker’s own website.

However, make sure that the URL is correct, and look out for grammatical errors or language that you would not expect from the website.

Fake domains (often using misnamed addresses) are something you should watch out for when browsing in any situation, as they are one of many common social engineering threats you can face online. How To Protect Yourself From These 8 Social Engineering Attacks What social engineering techniques would a hacker use and how would you protect yourself from them? Let's take a look at some of the most common methods of attack. Read More

How to Avoid Being a Victim of Public Wi-Fi Hacks

How to Spot Fake "Evil Twin" Public Wi-Fi Networks Run by Hackers Google Chrome not secure error 670x376

Always use a VPN, like our #1 ranked service ExpressVPN, on your tablet, phone, or laptop. There are VPN solutions for pretty much all devices, including your smartphones, tablets, laptops, desktops, and routers.

When accessing a public Wi-Fi, especially if you don’t have a VPN installed, keep to regular browsing. Avoid accessing any websites where you will input sensitive data, like Amazon or your online banking.

Look out for SSL certificate errors. What Is a Website Security Certificate? What You Need to Know Website security certificates help make the web more secure and safer for online transactions. Here's how security certificates work. Read More  Many browsers will let you know if you are accessing an insecure and unencrypted page. Make sure that you access encrypted versions of any website. Always check if the “Secure” notice in your address bar is green. In addition to a VPN, you should consider security extensions like HTTPS Everywhere 13 Best Security Google Chrome Extensions You Need to Install Now Staying secure online can be tough. Here are several Chrome security extensions that you should consider adding. Read More .

If you do see a security certificate error, don’t ignore it. Instead, close the website, and look for other hints that you are on a suspicious network.

It might also be worth disabling your device’s “auto-connect to Wi-Fi” feature to prevent accidentally connecting to an illegitimate network.

Take care and follow these seven secure strategies to use public Wi-Fi safely on your phone.

What to Do If You Connect to an Evil Twin or Rogue AP

Even if you are vigilant, your phone might automatically connect you to an insecure network without you realizing. If you suspect that you have connected to a compromised network, follow these steps to reduce the potential consequences.

Any unencrypted network and public Wi-Fi can be targets for a MITM attack. In fact, the network doesn’t even need to belong to a hacker with criminal intent—any network set up without security in mind is vulnerable. So be careful out there, and always use a VPN  when you’re online 4 Reasons to Always Use a VPN When You're Online VPNs (virtual private networks) are becoming more popular. It's not always clear exactly why you should be using one though. Here's why you should use one whenever you go online. Read More !

Related topics: Online Security, SSL, Wi-Fi, Wireless Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *