2 min read

Fake Wi-Fi or ‘Evil Twin’ Hotspots: A Brief Guide


February 17, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Fake Wi-Fi or ‘Evil Twin’ Hotspots: A Brief Guide

If you’ve been out and about looking for Wi-Fi in public places, a connection to someone else’s hotspot can seem like a blessing. What could go wrong? Unfortunately, if you’re not careful, plenty.

Connecting to public Wi-Fi networks is a danger in its own right, considering the sheer number of risks associated with routing your traffic through an open, often unregulated environment.

However, fake Wi-Fi hotspots are a different, more vicious, type of beast. Also known as Evil Twin hotspots, they entice unsuspecting victims to connect, enabling perpetrators to perform malicious attacks.

What are fake Wi-Fi networks?

Threat actors often deploy rogue networks to monitor traffic, steal credentials and carry out man-in-the-middle (MITM) attacks.

Most of the time, these fake hotspots seem legitimate, as they use the same name as the network they mimic. It is nearly impossible to identify a fake Wi-Fi hotspot at first sight, unless you know exactly what to look for.

Public networks often use no passwords or use easy-to-guess ones, making them highly vulnerable to even unskilled perpetrators. Even worse, some places publicly display the password for their Wi-Fi hotspots, eliminating the attackers’ guesswork in replicating the hotspot.

Note that an evil twin hotspot that matches a legitimate network entirely, down to the password, is less likely to arouse suspicion.

Why are fake Wi-Fi hotspots dangerous?

Like ISPs, Evil Twin hotspot operators relay all your traffic once you connect to their malicious network. Without proper encryption, they see everything you do online: what websites you visit, how much time you spend on them, and even traffic generated by Internet-enabled apps on your device.

Many would argue that HTTPS is enough to fend off perpetrators’ attempts to harvest your private data. HTTPS websites encrypt your traffic, so attackers shouldn’t be able to see much besides what website or service you connect to.

However, with the right tools, perpetrators can perform SSL stripping attacks, redirecting you to the HTTP version of the website you’re trying to access. In doing so, they expose every bit of data from your traffic that would’ve been encrypted by SSL/TLS, including credentials, personally identifiable information (PII), payment details, and even messages on various platforms.

VPN could mitigate Evil Twin hotspot risks

Although there’s no surefire way to spot an Evil Twin hotspot, a VPN might be your best option for safely accessing public Wi-Fi networks.

Using a trustworthy VPN and turning it on before connecting can prevent malicious attackers from harming you. By encrypting your internet traffic, VPNs make it impossible for threat actors to intercept your traffic and steal your personal information or credentials.

In conclusion, it is highly recommended that, before connecting to any public Wi-Fi hotspot – especially one with no passwords – you should consider using a VPN.

While this won't guarantee safety in all cases, it will at least provide peace of mind that your data remains private and secure when connected to an unsecured or potentially fake network.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like