The Evil Twin attack consists of creating a trap access point. The purpose of the attack is to redirect the user to a trap website, in which the user will have to enter their Wi-Fi password and we will be able to see it. In this attack, phishing is used to obtain a password for a Wi-Fi network.
This can be done very easily by creating a Wi-Fi network with the same SSID as the legitimate access point, the attacker can also use the same MAC address to make it more difficult to identify and even avoid our connection with the access point. legitimate access for us to connect to the fake one.
Once the evil twin is started, victims are simply needed, this can be achieved simply by offering a better signal than the original network so that the victims’ devices will connect to the fake access point or also by attacking the original access point with a denial of service attack or by sending huge amounts of deauthentication packets so that all clients search for the network again to connect.
Another very common use of these fake Wi-Fi is to redirect victim requests to captive portals or fake websites through DNS spoofing and in this way obtain credentials to different services. From experience most users are inclined to enter credentials without much concern so even a simple portal can easily obtain almost any type of credential.
These types of attacks are rare for many reasons, but the best we can do to avoid these types of threats:
▸Avoid connecting to public access points over which we have no control.
▸Use 2FA for all of our accounts whenever possible Always be suspicious, learn to identify phishing attempts, false URLs ,etc.
▸Avoid saving Wi-Fi networks on our device or at least configure that it does not connect automatically, this will prevent us from inadvertently connecting.
See also:
Wi-fi Router – Tips to improve its security
VPNFilter – A serious risk for routers
