What is an Evil Twin?
The Evil Twin is a type of man-in-the-middle attack where a fake access point is used to eavesdrop on activity. An attacker is then able to capture traffic or plant malware on the system. Evil twins appear to be legitimate access points by cloning the MAC address and the name or service set identifier (SSID) of the network. The evil twin is very similar to phishing and website spoofing in that it uses much the same tactics.
The evil twin attack begins by cloning a network SSID and pretending to be a local hotspot. An unsuspecting user then connects to the hotspot believing it to be the real one. Unbeknownst to the user, an attacker is actually intercepting all traffic between the user and the host, while also stealing personal data. This can lead to stolen credentials and sensitive information, resulting in identity theft or financial loss. This attack is so successful because most devices are unable to distinguish between two networks with the same name.