The Wi-Fi Stranger: A CyberSafety Story You Won’t Forget

On Wednesday of CyberSafety Awareness Week, I want to share a story about someone who didn’t get hacked through a bad link…

but through their own Wi-Fi. 

Let’s call him Tom. 

Tom works from home most days, but every Thursday he grabs his laptop and heads to a local café for a change of scenery. Same corner table, same latte, same routine.

One Thursday, his routine almost cost him everything.

The “Free Café Wi-Fi” That Wasn’t

Tom opened his laptop, clicked the café’s familiar network, typed the usual password, and got to work.

Except… he didn’t.

He actually connected to a network called “Cafe_Guest_Free.” 

Almost the same name as the real one — just missing one character.

And that’s how the trouble started.

The Man at the Corner Table

A guy sitting two tables over had created a fake Wi-Fi hotspot using a small device the size of a deck of cards.

Anyone who connected routed all their traffic through him first.

Meaning:

• emails

• passwords

• saved logins

• autofill forms

• browsing history

• and anything typed before encryption kicked in

Tom had no idea.

The man didn’t look suspicious. He wasn’t wearing a hoodie. He wasn’t typing frantically. He just looked like another person enjoying coffee and checking email. That’s the point — real cybercriminals don’t look like movie villains.

The Moment Tom Got Suspicious

About 20 minutes in, Tom noticed something strange:

His email kept asking him to “re-enter his password.”

Then his banking app suddenly logged him out — twice. 

That gut feeling we talked about earlier in the week?

Yeah, it hit him hard.

So he packed up and left.

On the drive home, he called me.

What We Found

When we looked through his logs and connection history, we saw it immediately:

He had connected to a fake Wi-Fi network, also known as an Evil Twin attack. 

If he had typed a single password into anything that didn’t use strong encryption, it would’ve gone straight into the attacker’s hands.

Thankfully, he didn’t. His instincts kicked in fast enough to avoid disaster.

But it was close.

Way too close.

How We Fixed It

Here’s what we did as soon as he got home:

• had him change all his passwords

• removed saved Wi-Fi networks on his laptop and phone

• enabled 2FA everywhere possible

• updated his router firmware

• installed a VPN for public Wi-Fi use

• set up alerts for unusual login attempts

• checked for unauthorized sessions on key accounts

Then I showed him how to permanently avoid this trick.

Three Lessons From Tom’s Close Call

1. Never join public Wi-Fi without verifying the network name

Ask the staff if you’re not sure.

2. “Free Wi-Fi” is easy for criminals to fake

It only takes $50 of equipment.

3. If anything suddenly asks for your password, stop immediately

That’s usually the first sign someone is trying to intercept your traffic.

CyberSafety Week Takeaway

Not all attacks come through your inbox.

Sometimes they come through the air around you.

The simplest way to stay safe?

Avoid public Wi-Fi unless you’re using a VPN.

Or skip it entirely and use your phone’s hotspot instead. 

If you want help setting up a VPN or tightening your device settings, I’m always happy to walk you through it.