People who use free Wi-Fi in businesses, coffee shops or hotels are particularly exposed to Evil Twin attacks. Hackers create wireless access points using real network names to trick users into connecting to them so they can steal login details, passwords, bank or credit card numbers and redirect victims to sites containing malware, phishing and other types of scams. Most of the time the hacker allows the victims to reach their intended Internet destinations while they secretly capture personal information and view the contents of files that victims have downloaded or uploaded while connected to the Evil Twin access point.
It is difficult to tell if you are connecting to a good hotspot or one that has been targeted by a criminal. Hackers can use software that utilizes the Wi-Fi network adapter in their notebook PC as the hotspot. Having this level of portability and concealment allows them to position themselves nearer to a potential victim which may help them to overpower the signal coming from the legitimate access point.
When using public Wi-Fi, do not select from the list available, ask a member of staff the exact name of the connection.
One of the ways to protect yourself from Evil Twin access points is to use a Virtual Private Network (VPN). Using the encrypted tunnel provided by the VPN encryption process helps to secure all traffic between your VPN-capable device and the VPN server.
You can help reduce the risk associated with Evil Twin hotspots by only logging into your email and other sites via HTTPS secured pages instead of using HTTP unencrypted. Sites such as Facebook, Gmail, and others already have HTTPS login options.