Fake Wi-Fi Hotspot Scams
Americans lost $12.5 billion to fraud in 2024, according to the FTC.
Quick Answer
Fake Wi-Fi hotspot scams trick users into connecting to fraudulent networks to steal personal information, with 19% of Americans certain they have experienced a security incident after using public Wi-Fi (Panda Security 2025).
Think you've seen this scam?
Paste any suspicious text, email, or voicemail into our free checker — get a verdict in 5 seconds. Or get our free Scam Defense Playbook.
Free. No credit card. No signup required for the checker.
How It Works
1
A scammer sets up a fraudulent Wi-Fi access point in a public place like an airport, coffee shop, or hotel. The network is given a name that looks legitimate, such as "Airport Free WiFi" or the name of the establishment, to trick people into connecting. This is often called an "Evil Twin" attack because it mimics a real, trusted network.
2
When a victim connects their device to the fake hotspot, all their internet traffic is routed through the scammer's equipment. This allows the attacker to monitor everything the victim does online in what is known as a "Man-in-the-Middle" (MITM) attack. The victim is usually unaware that their connection is being intercepted.
3
The scammer captures unencrypted data, such as login credentials for email, banking, and social media accounts. They may also redirect the victim to fake login pages to harvest usernames and passwords or inject malware onto the victim's device to steal information or gain long-term access.
Red Flags
- Wi-Fi network names that are misspelled or slightly different from the official network (e.g., "CoffeShop_Free_Wifi" instead of "CoffeeShop_WiFi").
- Networks labeled as "Free" or "Unsecured" when a password-protected option is also available.
- A Wi-Fi signal that is unusually strong, as attackers may boost their signal to lure devices.
- The connection repeatedly drops or is unusually slow.
- A login page that looks unprofessional, has missing images, or asks for sensitive information like credit card details for "free" access.
- Your browser displays security warnings that a website's security certificate is not trusted.
- Your device automatically connects to a network you don't recognize.
What to Do If Targeted
- If you suspect you've connected to a fake hotspot, disconnect from the Wi-Fi network immediately.
- Change the passwords for any accounts you accessed while connected, especially for banking, email, and social media.
- Scan your device with updated antivirus and anti-malware software to check for any malicious programs that may have been installed.
- Monitor your financial and online accounts closely for any unauthorized transactions or activity.
- Enable two-factor authentication (2FA) on all important accounts for an added layer of security.
- In the future, always verify the official network name with an employee before connecting and use a Virtual Private Network (VPN) to encrypt your internet traffic on public Wi-Fi.
How to Report It
- FBI IC3 — Report the incident to the FBI's Internet Crime Complaint Center (IC3), which is the central hub for reporting cyber-enabled crime.
- FTC — File a fraud report with the Federal Trade Commission, which shares information with thousands of law enforcement agencies.
- FCC — File a complaint about phone scams, robocalls, or unwanted calls with the Federal Communications Commission.
- AARP Fraud Helpline — Call 877-908-3360 for free support from trained fraud specialists. Available to anyone, not just AARP members.
Key Statistics
- 19% of Americans are certain they have had a security incident after using public Wi-Fi, while another 36% suspect they have. — Panda Security 2025 Survey
- Man-in-the-Middle (MITM) attacks, a common method used in fake Wi-Fi scams, are responsible for 19% of successful cyberattacks. — JumpCloud 2025 Cybersecurity Statistics
- Only about 20% of Americans are 'very confident' they could identify a fake or malicious Wi-Fi network. — Panda Security 2025 Survey
- The FBI's Internet Crime Complaint Center (IC3) received 880,418 complaints in 2023 with potential losses exceeding $12.5 billion, highlighting the broad financial impact of all internet crimes. — FBI IC3 2023 Internet Crime Report
- A 2023 study of 122 real-world Wi-Fi networks found that over 89% were susceptible to Man-in-the-Middle attacks due to a hardware vulnerability. — APNIC Blog
Get scam alerts before they hit your parents' inbox
One email per week. The scam that's spreading right now, the red flags, and what to tell Mom and Dad.
Free forever. Unsubscribe in one click.
Frequently Asked Questions
A fake Wi-Fi hotspot scam, or 'evil twin' attack, is when a cybercriminal sets up a fraudulent Wi-Fi network that appears legitimate to trick users into connecting. Once connected, the attacker can intercept internet traffic to steal sensitive information like passwords, banking details, and personal data through a 'Man-in-the-Middle' (MITM) attack.
To protect yourself, always verify the official network name with staff before connecting. Use a Virtual Private Network (VPN) to encrypt your internet traffic, which prevents snooping even on a compromised network. Avoid accessing sensitive accounts like banking or email on public Wi-Fi, and ensure websites use HTTPS encryption.
Immediately disconnect from the network. Change the passwords for any accounts you used while connected, such as email or banking. Run a malware scan on your device and monitor your financial accounts for suspicious activity. Report the incident to the FBI's Internet Crime Complaint Center (ic3.gov) and the Federal Trade Commission (reportfraud.ftc.gov).
Man-in-the-Middle (MITM) attacks, often carried out over unsecured public Wi-Fi, are a significant threat. These types of attacks are responsible for 19% of successful cyberattacks. A 2025 survey found that 19% of Americans are certain they have experienced a cybersecurity incident after using public Wi-Fi. (JumpCloud, Panda Security)
Has this scam reached your family?
Ready to protect yourself?
We've vetted the tools that actually work — VPN, threat protection, and identity monitoring.
See our recommended tools →Get weekly scam alerts
One breakdown per week. Real threats. Zero fluff.
You're in! Check your inbox.