The criminal casts the line, baits the hook, and waits.
En cada aeropuerto, centro comercial o cafetería donde una red WiFi parece ofrecer comodidad gratuita, puede estar tendida una trampa invisible. Los expertos en ciberseguridad llevan años advirtiendo que los criminales han convertido la confianza cotidiana del usuario en su principal herramienta: basta con imitar una red legítima para interceptar contraseñas, credenciales bancarias e identidades enteras. La amenaza persiste, aunque el avance de los datos móviles y las VPN ofrecen al usuario moderno una salida cada vez más accesible.
- Criminales crean redes WiFi falsas con nombres genéricos como 'AirportWiFi_Free' para engañar a usuarios desprevenidos en espacios públicos concurridos.
- Todo lo que el usuario transmite al conectarse —contraseñas, mensajes, datos bancarios— pasa directamente por el dispositivo del atacante sin que la víctima lo perciba.
- El cifrado de sitios web protege parte del tráfico, pero los servicios sin encriptación dejan al usuario completamente expuesto en redes comprometidas.
- El uso masivo de datos móviles reduce la dependencia del WiFi público, aunque quienes aún lo necesitan disponen de VPN como capa de protección adicional.
- La amenaza no ha desaparecido: los puntos de acceso falsos siguen activos, y la única variable que cambia es cuántos usuarios tienen alternativas reales para evitarlos.
Imagina que estás en la sala de espera de un aeropuerto, abres el portátil y te conectas a lo que parece la red oficial. En cuestión de segundos revisas el correo, consultas tu cuenta bancaria. Todo parece normal. No lo es.
Los expertos en ciberseguridad describen las redes WiFi públicas como zonas de caza. La técnica es engañosamente sencilla: un criminal despliega un punto de acceso falso con un nombre casi idéntico al de la red legítima. Quien se conecta no accede a internet de forma directa, sino a través del equipo del atacante. Cada contraseña tecleada, cada mensaje enviado, cada movimiento bancario queda registrado. Después, esos datos se venden o se usan para vaciar cuentas y suplantar identidades. Los expertos lo llaman pesca: el cebo es la comodidad, el anzuelo es la invisibilidad.
Existe, sin embargo, un límite a este tipo de ataque. El criminal no obtiene control remoto del dispositivo; solo intercepta lo que el usuario transmite activamente. Si el sitio web utiliza cifrado —como hacen la mayoría de los bancos y servicios de correo—, los datos viajan protegidos incluso en una red comprometida. El problema surge con los servicios sin encriptación, donde la exposición es total.
El panorama está cambiando. Los datos móviles son hoy más baratos y accesibles que nunca, lo que hace prescindible el WiFi público para la mayoría de los usuarios. Cuando la conexión pública sea inevitable, los expertos recomiendan usar una VPN, que cifra todo el tráfico independientemente de la red. Las herramientas existen. La pregunta es si la gente las usará.
You're sitting in an airport terminal, laptop open, waiting for a flight. The WiFi network list appears on your screen, and there it is: the airport's official network, right there, ready to connect. You tap it. Within seconds, you're browsing email, checking your bank balance, scrolling through messages. It feels safe. It isn't.
Cybersecurity experts have spent years trying to get this message across: public WiFi networks are hunting grounds. The criminals who operate in this space have refined their craft to something almost elegant in its simplicity. They don't need sophisticated code or elaborate schemes. They just need you to connect.
Here's how it works. A criminal sets up a fake WiFi hotspot—one that looks identical to the legitimate network you're expecting to find. At the airport, it might be called "AirportWiFi_Free." At the shopping mall, "MallGuest." The names are generic enough that most people won't think twice. When you connect, you're not actually joining a public network. You're connecting directly to a device controlled by the criminal. From that point forward, everything you do—every keystroke, every password you enter, every message you send—passes through their equipment. They see it all. They collect it. They store it. Later, they sell it to other criminals, or they use it themselves to drain your bank account or assume your identity.
The metaphor security experts use is fishing. The criminal casts the line, baits the hook, and waits. The victims come willingly, thinking they're grabbing something harmless. The bait is convenience. The hook is invisibility—most people have no idea they're being watched.
There is one saving grace built into how this attack actually functions. Unlike some forms of cybercrime, this particular method doesn't give the criminal remote control over your device. What they intercept is limited to what you actively transmit while connected. If you're browsing a website with encryption protocols—which most banking sites and email services now use—those communications remain protected even on a compromised network. The encryption happens on your device before the data ever leaves it, so the criminal sees only encrypted gibberish. But if you're logging into an unencrypted service, or if you're sending unencrypted messages, you're exposed.
The practical reality is shifting, though. Mobile data networks have become ubiquitous and affordable. Most people in developed countries now have enough data in their phone plans to avoid public WiFi entirely. The necessity that once made public networks unavoidable has largely evaporated. When you do need to connect to public WiFi—because your data is exhausted, or you're in a location where mobile service is weak—security experts recommend using a VPN, a virtual private network that encrypts all your traffic regardless of what network you're on. It's an extra layer, a second lock on the door.
The threat hasn't disappeared. The criminals are still setting up fake hotspots in airports and train stations and coffee shops. But the number of people who have no choice but to use them keeps shrinking. For those who do, the tools exist. The question is whether people will use them.
Notable Quotes
Cybersecurity experts recommend avoiding public WiFi networks when possible, and if connection is necessary, using a VPN to add an extra layer of security— Cybersecurity experts
The Hearth Conversation Another angle on the story
Why do these fake networks work so well? Isn't it obvious when you're being watched?
It's not obvious at all. The criminal's equipment sits between you and the internet, so from your perspective, everything looks normal. Pages load. Messages send. You have no way to know you're being intercepted unless you're actively looking for it.
So the encryption on banking sites actually protects you even on a fake network?
Yes. The encryption happens on your device before anything leaves it. The criminal sees only scrambled data. But most people don't think about which sites are encrypted and which aren't. They just assume they're safe.
What changed? Why is this less of a problem now?
Mobile data became cheap and available almost everywhere. Ten years ago, people genuinely needed public WiFi. Now most people have enough data to avoid it entirely. The threat is still there, but fewer people are forced into the situation.
If someone has to use public WiFi, what's the one thing they should do?
Use a VPN. It encrypts everything you send, so even if you're on a fake network, the criminal only sees encrypted traffic. It's not perfect, but it's the difference between being exposed and being protected.
Does a VPN slow things down?
Slightly, yes. But for most tasks—email, messaging, browsing—you won't notice. The security trade-off is worth it.