An evil twin attack is a method of phishing that can occur when a user connects to a malicious fake AP. A criminal creates a Wireless Network with a seemingly trustworthy network name and deliberately makes it a free and public network. Unweary users connect to this network, not knowing that in fact they are falling into a trap. As they provides usernames and passwords to access websites like their bank websites, the criminal is then able to monitor and obtain the sensitive information of the users. This technique is also called a "man-in-the-middle" attack.
How does it work?
One common way these attacks occur are that criminals put their fake networks in public areas that offer free public networks, like in a coffee store or hotel. The criminals use this to their advantage, making the signal of their network stronger than the public network so that their network is found before the public network. The unsuspecting user connects to the fake network, and as they try to connect to websites requiring passwords, the fake network sends the user to identical login pages. As they provide the sensitive information, the criminal is able to collect this, as well as browse onto the pages that the user accesses once logged in.
While criminals are able to redirect the users to imitation login pages, they cannot use protect their pages with SSL. SSL (Secure Sockets Layering) is a protocol which encrypts and protects the confidential information exchanged between the webpage and the user. Legitimate webpages dealing with passwords and usernames utilize this protocol to protect users' information. If a user attempts to access a sensitive page, the url should start with "https", indicating it is a secured page, not just "http", which would indicated an insecure and fake page.
Additionally, while in a hotspot location, if the user's computer displays maximum signal strength, but consistently disconnects, it may be a sign that someone is causing "deauth floods". A "deauth flood" is a method of disconnecting user(s) from a public wireless network. A criminal would use "deauth floods" to catalyze users to eventually connect to their network, which "conveniently" does not keep disconnecting. Using this method, criminals can get users to be trapped faster.
