Billions of people with an iPhone or Android smartphone are being warned about an 'evil twin' attack on their devices, with key advice issued on how to protect yourself from it.

The menacing threat poses a risk to countless devices across the world, with it having the ability to affect pretty much anybody with a smartphone.

And unfortunately, you might have already found yourself victim to such an attack without even knowing. But what is an 'evil twin' attack?

'Evil twin' attack explained

According to experts over at NordVPN, an 'evil twin' attack is a cyberattack that you can stumble across incredibly easily.

"A hacker creates a fake Wi-Fi access point that mimics a legitimate network and tricks users into connecting," it says.

"Threat actors create such hotspots to infiltrate a device and gain unauthorised access to sensitive data."

Areas where you're vulnerable from these incidents are in public places when you need to connect your device to the internet, such as a cafe, shopping centre, or airport.

Once you connect to the fake network, everything you then do on your device from that moment on is shared with the hacker, passing through their server.

How to spot an evil twin network

This can be the hard part, with many of the bogus Wi-Fi networks mimicking real networks in their name. So it really does come down to being smart with what data you're sharing on a public network.

"The attacker makes the evil twin visible to unsuspecting users. Devices previously connected to the network attempt to connect to the evil twin automatically," NordVPN says.

"A hacker gains the ability to monitor the victim’s internet traffic and capture personal information that users transmit over the network."

The best way to spot the fake network is to see if there are two of the same name. And if spotted, approach staff if you can find them so as to distinguish which is the real one. NordVPN also warns about log in screens once you're connected. If at this point you're asked for personal details, it is a big sign you're going to be a victim of a scam if you continue.

"Legitimate networks usually don’t ask for login credentials unless it is a captive portal, for example, in a hotel or airport," it adds.

What to do if you're a victim of an evil twin attack

Disconnect your phone immediately and change your passwords to your accounts. And if you don't have two-factor authentication (2FA) turned on, get it sorted.

NordVPN then says to scan your device for malware and keep a close eye on your accounts for any dubious activity such as bogus banking payments.

Going forward, it advises: "Avoid unsecured networks that don’t require a password to connect. This can safeguard you from evil twin attacks, eavesdropping, man-in-the-middle attacks, and malware distribution in your device."