Lesson 5

Coffee Shop Hackers

Public WiFi Dangers

The Scene

Tom is at his favorite coffee shop, working on some expense reports. He connects to "CoffeeShop_Free_WiFi" and logs into his company's expense system to submit receipts.

What Tom doesn't know: That WiFi network was set up by the person at the next table. Every password Tom enters, every website he visits, every file he uploads is being captured.

The Attack: Man-in-the-Middle

Here's what the attacker is doing:

1

Sets up a fake WiFi network with a believable name

2

Tom's device connects, routing all traffic through the attacker's laptop

3

Attacker intercepts logins, captures credentials, injects malware

4

Tom has no idea anything is wrong

The "Evil Twin" Attack

Attackers often create networks with names like:

  • "Starbucks Free WiFi" (when you're at Starbucks)
  • "Airport_WiFi_Free"
  • "Hotel_Guest_Internet"
  • Or they clone the exact name of the legitimate network

Your device might even auto-connect to these fake networks if you've connected to similarly named networks before.

What Can Be Stolen

  • Login credentials (email, banking, work systems)
  • Credit card numbers entered on shopping sites
  • Emails and messages
  • Documents you upload or download
  • Session cookies that let attackers impersonate you

Staying Safe on Public WiFi

1
Use Your Phone's Hotspot Instead

Your cellular connection is much harder to intercept

2
Always Use a VPN

VPNs encrypt your traffic so attackers can't read it

3
Verify the Network Name

Ask staff for the exact WiFi name - don't assume

4
Avoid Sensitive Activities

Don't access banking, enter passwords, or handle sensitive work on public WiFi

Test Your Knowledge

Answer these questions to complete the lesson.

1. What is an 'Evil Twin' attack?

2. Which is the SAFEST option for working remotely at a coffee shop?

3. What does a VPN protect when using public WiFi?

4. You need to check your bank account but only have public WiFi available. What should you do?

All Lessons