Threat Actors may host seemingly genuine Wi-Fi access points to deceive users into connecting to malicious networks as a way of supporting follow-on behaviors such as Network Sniffing, Transmitted Data Manipulation, or Input Capture.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.