Public WiFi is part of everyday working life, even for those who aren’t hybrid or remote working: that coffee shop WiFi you used when waiting for a meeting; the public WiFi you used because the train WiFi was too slow, the quick few emails you wanted to get done while waiting for a friend to meet you for dinner. Whether someone is catching up on emails in a café, joining a Teams call from a hotel, working between meetings, or travelling, connecting to a nearby WiFi can feel completely routine.
But that convenience can come with risk.
One of the lesser-known threats facing businesses today is something called an ‘“Evil-Twin” WiFi Attack’. The name might sound dramatic, but the concept is simple: a cyber criminal creates a fake WiFi network that looks like a legitimate one, hoping people will connect without questioning it. Once they do, the attacker may be able to monitor activity, capture login details, redirect users to fake websites, or trick them into entering sensitive business information.
For SMEs, where employees often work flexibly across multiple locations and devices, this is a risk work understanding.
An “Evil-Twin” is a fake wireless network designed to impersonate a real one. For example, imagine you’re in a hotel lobby and you see two WiFi options:
At a glance, they both seem plausible. One might question the genuine network. The other could be a malicious copy set up by someone nearby. The attacker’s aim is to make the fake network look trustworthy enough that people connect to it. They may use the same or a very similar name to a real network, create a convincing login page, or offer an open connection that seems easier to use than the official one.
In busy places like airports, cafés, hotels, conference venues and shared workspaces, it can be surprisingly difficult to know which network is genuine.
The biggest danger is that they rely on trust and habit. Most people don’t inspect a WiFi network closely before connecting. They see a familiar-looking name, tap connect, accept the terms and get on with what they were doing. That’s exactly what attackers count on.
Once connected to an “Evil-Twin” network, users could be exposed to several risks.
An attacker may be able to view unencrypted traffic, capture login details and keystroke information, redirect users to malicious websites or fake login portals, or collect information about the device being used. In some cases, they may attempt to trick users into downloading malware or entering Microsoft 365, email, banking, CRM or business application credentials.
For a business, the impact can go far beyond one compromised device. A stolen password could give an attacker access to company email, shared files, client data, financial systems or cloud platforms. If that account doesn’t have the right security controls in place, the attacker may be able to move further into the organisation.
This is why “Evil-Twin” attacks aren’t just a ‘public WiFi problem’. They’re a business security problem.
Small and medium-sized businesses are increasingly mobile. Teams work from home, client sites, coworking spaces, trains, hotels, and event venues. That flexibility is great for productivity, but it also means company devices regularly connect outside the protection of the office network.
For SMEs, the challenge is often that employees are trying to do the right thing. They want to reply to a client quickly. They want to download a file before a meeting. They want to join a call on time. Cyber criminals take advantage of those rushed, everyday moments.
An “Evil=Twin” attack doesn’t require an employee to do anything obviously reckless. They may simply connect to what appears to be normal guest WiFi.
That’s why awareness, technical controls and clear security policies matters.
It’s not always possible to identify an “Evil-Twin” network just by looking at it, but there are warning signs employees should know.
Be cautious if:
A good rule of thumb is simple: if you’re not sure which network is genuine, ask a member of the staff before connecting.
The best protection is a combination of caution and good cyber hygiene.
Employees should avoid using unknown public WiFi for sensitive tasks where possible, especially when accessing business systems, financial platforms or confidential documents. If they do need to connect, they should verify the correct network name with the venue first. They should also turn off auto-join for public networks, forget networks they no longer use, and avoid connecting to open WiFi that doesn’t require any form of authentication. Using mobile data or a trusted hotspot can often be a safer option. It’s also important to pay attention to browser warnings. If a website displays a certificate warning or says the connection isn’t secure, employees shouldn’t ignore it. These warnings exist for a reason.
Most importantly, employees should report anything suspicious to their IT team immediately. If someone thinks they may have connected to a fake network, early reporting can make a significant difference.
User awareness is important, but it shouldn’t be the only line of defence.
Businesses can reduce the risk of “Evil-Twin” attacks by putting the right technical protections in place. These may include:
These controls help limit the damage if an employee connects to a malicious network or accidentally enters credentials into a fake login page.
For example, MFA can make it harder for an attacker to use a stolen password. Conditional access can block suspicious sign-ins. Endpoint protection can detect malicious activity on a device. Security awareness training can help employees spot risks before they become incidents.
The aim isn’t to make flexible working difficult. It’s to make it safer.
At Apex Computing, we help businesses across Greater Manchester and the North West build practical, layered cyber security that supports the way their teams actually work.
That includes helping organisations secure Microsoft 365, protect devices, implement MFA, improve remote working policies, manage endpoints, monitor threats and educate employees of the risks they’re most likely to face day to day.
“Evil-Twin” WiFi attacks are a good reminder that cyber security isn’t just about firewalls and antivirus. It’s about people, devices, networks, cloud platforms and everyday habits all working together securely.
If your team works remotely, travels regularly, uses public WiFi, or accesses business systems outside the office, now is a good time to review whether your current security setup is giving you the right level of protection.
“Evil-Twin” WiFi attacks work because they look ordinary. A network name that seems familiar. A login page that looks convincing. A quick connection while someone is trying to get work done. But with the right awareness and security controls in place, businesses can significantly reduce the risk.
Cyber criminals are looking for easy opportunities. Your business doesn’t have to be one of them.
If you would like support reviewing your remote working security, Microsoft 365 protection or wider cyber security setup, Apex Computing can help you understand where the risks are and what to do next. Get in touch here.