Free Wi-Fi can feel like a lifesaver when you’re traveling or relaxing at a coffee shop. But before you tap “connect,” there’s a cyber scam you should know about. Hackers have used this trick for years, and it still works today.

How the Fake Wi-Fi Scam Works

Scammers create a hotspot that looks legitimate. If you’re at a café called Jamey’s Java, they might rename their phone’s hotspot to “Jamey’s Java Free WiFi.” Unsuspecting customers see it, assume it’s safe, and connect.

Once connected, all internet traffic flows through the scammer’s device. Cybercriminals can:

• Monitor browsing activity
• Redirect you to fake websites designed to steal login credentials
• Capture sensitive data like usernames and passwords

Why Encryption Isn’t Enough

Most banking and shopping sites use encryption—you’ll see a padlock icon or “https.” But encryption doesn’t help if you’ve been tricked into logging in on a fake site. Attackers controlling the hotspot can reroute you to a look-alike page. Once you type in your information, it’s game over.

Research shows man-in-the-middle attacks still account for around 20% of cyberattacks worldwide and cause an estimated $2 billion in losses annually.

How to Protect Yourself on Public Wi-Fi

• Verify the network name. Ask staff to confirm the official Wi-Fi before connecting.
• Avoid sensitive logins. Wait until you’re on your home network or cellular data to do banking or shopping.
• Watch for unusual prompts. A request to log into Google or Facebook to use Wi-Fi could be fake.
• Use a VPN. A Virtual Private Network scrambles your traffic so attackers can’t read it, even if you connect to the wrong hotspot.

The Bottom Line

Fake Wi-Fi hotspot scams have been around for decades, and they still work because they exploit our desire for quick, free internet access. By double-checking network names, avoiding sensitive logins on public Wi-Fi, and using a VPN, you can avoid becoming the next victim.