One might choose to do this because the admins thought they were "smart" and said, "Oh, I know, we will only allow 'known' MAC addresses to connect to the network! That will fix it."
And it does, kinda. Except it doesn't stop you from capturing clients on your "fake" network, and the goal isn't necessarily to be on the "real" network, the goal might be to just man-in-the-middle a juicy site or two, with is on the big Internet (say, the company's bank)
Capture the controller's login into the bank and win "free money"
Not disagreeing with you here, I am wondering however if you have ever surveyed or even had casual conversation with people who self identify as "an IT person at company <X>."
In my discussions with such people[1], I have found that a preponderance of them believe that a MAC address filter is a strong protection against unauthorized equipment on their wireless network.
[1] I have had many occasions in my career where I have hired people in the IT/Ops role and during the interview process I have often probed their understanding of the plumbing of IT beyond the parameters necessary to enter on a screen in order to get something "up." My admittedly non-scientific sampling suggests that "knowing the plumbing" is not a valued skill for many of these people.
And it does, kinda. Except it doesn't stop you from capturing clients on your "fake" network, and the goal isn't necessarily to be on the "real" network, the goal might be to just man-in-the-middle a juicy site or two, with is on the big Internet (say, the company's bank)
Capture the controller's login into the bank and win "free money"