Evil Twin Attack Prevention

Photo by github

Nowadays, people often use Wi-Fi regardless if it’s public Wi-Fi or Private Wi-Fi. Every now and then, Wi-Fi is everywhere. In home, restaurants or even malls. But, the question here is. Is it safe to connect to it? Here’s the answer to it.

What is Evil Twin?

Evil twin is basically a reprobate access point. It may look the same to the original access point. This replicated access point is controlled by the attackers. Which provides stronger signal than the original one. In that way, the victim gets the attraction too easily. Any traveled data from the attacker (Evil Twin) can be grab in one snap!

photo by nullbyte.

What can Evil Twin do?

Mainly, getting the sensitive data or so called phishing attack. If someone is connected to the replicated access point, any non-https data can be grabbed easily. As it traveled through the attacker’s device. So that, if the victims inputs his/her information. The attacker can have the transactions from the input information.

Photo by pinterest

What is Phishing?

Phishing is a Cyber Attack that uses sensitive information as a weapon. There are 13 types of phishing.

1. Malware Injection — Injecting a Malware into the system/network.
2. CEO Fraud — Is a part of Whaling Attack in which attacker fools employee to executing unauthorised wire transfer, or confidential information.
3. Voice Phishing Attack — This attack is orally communicated to the victim.
4. Photo Phishing/Image Phishing — Attackers use image format to carry batch files/viruses.
5. Clone Phishing — a previously sent email containing link/attachment is used as a legitimate replicate to create an almost identical email.
6. Man-in-Middle Attack — Malicious actor intercepts online com communication tween two parties.
7. Email Spoofing — This phishing is use to snatch data from the user without any idea of it.
8. Mass Target — Sent to group of people with some common interest based on their preferences.
9. URL Phishing — Attackers use this as a page’s url to infect the victim’s device.
10. Pop up Messages — Through pop ups, attackers get a window to steal the credentials by redirecting the victim to a trap destination.
11. Search Engine Attack — Paid Campaigns optimised for a specific keywords to launch a phishing fraud.
12. Website Spoofing — Attacker will create a website by replicating a legitimate website which include design, functionality, contents and more! To look the same as the legit website.
13. Scripting — Uses malicious scripts deployed on the victim’s device using as the medium. Mostly, website uses JavaScripts, it becomes easier to the attacker to add scripts attacks.

photo by Tech Republic

Prevention to a Evil Twin Attack

1. It’s better to use Virtual Private Network (VPN) — In this way, it encrypted your tunnel before it broadcast the data. Therefore, it is harder to the attacker to intercept the data.
2. Circumvent any information (Mostly, Sensitive one) — in any websites like login screens from the Public Wi-Fi.
3. Investigate carefully if the Service Set Identifier (SSID)is legit or not.
4. Don’t get attached to a beautiful User Interface(UI) of the Websites.
5. Better check the Mac address, It’s the same Service Set Identifier (SSID) but Mac Address. In additional, check the cipher, channel, privacy protocol and more.
6. User software that detects Evil Twin, like EvilAP Defender.

Photo by Ingalls Information Security

That’s all folks! Hope this gives you more knowledge and prevention to attacks!

Thank you for reading this!