After Part 1 of our public Wi-Fi guide, some people told me: “I have nothing to hide. I’m not running a business, not a celebrity. Private messages? Let them read.”
It reminds me of a horror movie: the hero in pyjamas decides to check the basement in the middle of the night. The door is slightly open. Barefoot, they take the first step down. Every fibre of your being screams: DON’T GO DOWN THERE!
But they go anyway. Because what could possibly go wrong?
Meet Jan. An ordinary guy. Wife, kids, mortgage. Solid, reliable — banks would happily give him a loan for a new fridge. Jan has nothing to hide from his wife or the tax authorities. He travels frequently for work. During layovers, he uses free Wi-Fi.
What could go wrong? It’s just Wi-Fi…
Let’s follow Jan down into that basement.
Step 1 — The Inconvenience
One hour after connection
Amazon gift card — $25
Uber Eats — $37
Google Play — $19.99
City Parking fine (Main St.) — $40
Miles balance — 0
Card — blocked (fraud detection)
Why it happened: Real-time interception during Wi-Fi session.
Card details skimmed; session cookies hijacked (wallets, web banking, PayPal, loyalty).
Step 2 — The Violation
One week after connection
Gmail: Password incorrect
Instagram: Password incorrect
LinkedIn: Password incorrect
Bank: Password incorrect
Everything locked.
Inbox looks clean. Phone goes quiet.
Here’s what happened while Jan wasn’t looking:
Recovery email changed
Recovery phone number updated
2FA method switched to attacker’s device
Wire transfer approved: $8,400
Personal loan approved: $15,000 (excellent credit history!)
Business registered: JAN CONSULTING LLC
New credit card issued to “Jan’s” company
Why it happened: Account Takeover (ATO)
Credentials were intercepted over public Wi-Fi. Hackers immediately changed the recovery email and phone — cutting Jan off from his accounts. Then they ran a password-reset cascade: one compromised mailbox unlocked other services via “forgot password.” To the bank, it all looked legitimate (trusted email/phone, clean credit file), so transfers and loans were approved. The silence was intentional — security alerts were filtered or forwarded away.
Jan steps deeper into the basement.
Step 3 — The Exposure
Two weeks after connection
Call from Mom: “Jan! Oh God, you picked up! Are you okay? Dad is already at the bank, transferring money to the hospital account you sent! We only have three thousand, he’ll borrow another two. What happened?”
SMS from a friend: “Jan, why aren’t you answering my messages? I’d like to get back the €300 you borrowed.”
This is what Jan sees. Meanwhile, behind the scenes:
Mass messages sent from Jan’s name to all contacts:
“Hi! My wallet was stolen at the airport, I urgently need €300 for a ticket home. I’ll pay you back in two days!” Seven people transferred money.
Fake profiles “Jan Verny” were created on dating sites using his photos from Instagram.
Marketplaces: listings posted from Jan’s name for selling an iPhone (with prepayment to “his” card).
Hi Mom scam: Scammers create panic in elderly parents, forcing quick actions driven by emotions.
Why it happened: Social Engineering + Context
The attackers gained full access to the inbox, contacts, and message history. They studied Jan’s writing style, his connections, and the context of each relationship. The messages looked completely natural – correct greetings, familiar topics, personal details. This isn’t ordinary spam, it’s high-trust phishing: victims saw a familiar name, recognized the style, and trusted it.
To Jan’s loved ones, it was Jan.
Step 4 — The Trap
Three weeks after connection
Jan opens his laptop to finish a work presentation. Bold text on a black screen:
YOUR FILES HAVE BEEN ENCRYPTED
All your documents, photos, and databases are locked.
Pay 0.5 BTC ($15,000) within 48 hours – or lose everything.
Jan tries to open a file.
Document.docx — ENCRYPTED
Family_photos.zip — ENCRYPTED
Work_project.pdf — ENCRYPTED
Every file. Years of work. Photos of his kids. Everything.
Off-screen, during these three weeks:
Jan’s data is listed for sale on a Dark Web forum:
Email login: $8 (sold 47 times)
Bank account credentials: $120 (sold 12 times)
Social media accounts bundle: $25 (sold 23 times)
Full identity Theft kit (passport data, tax ID, addresses): $380 (sold 8 times)
Why it happened: Ransomware + Identity Theft + Dark Web
When he connected to public Wi-Fi, a man-in-the-middle attack began. The attacker either set up a fake access point like “Free_Airport_WiFi” or intercepted unprotected traffic (as noted in Part 1, open public Wi-Fi traffic is unencrypted by design). When Jan opened his browser, a fake update prompt led to a drive-by download that silently installed the malware. For three weeks it stayed quiet, harvesting credentials and preparing the ground. The stolen data was then monetized — resold in bulk on the Dark Web. Now 90 different buyers own pieces of his digital identity.
Step 5 — The Ruin
Two months after connection
Jan is urgently called into the office, where the Head of HR and the company’s lawyer are waiting.
“Jan, did you authorize a payment change for the Company X account?”
What Company X? What payment?
Email open on screen — FROM: [email protected]
TO: Company X GmbH, CFO
SUBJECT: Re: Invoice #8847 — Updated Banking Details
What happened inside the company while no one noticed:
BEC/thread hijack: bank details were swapped right inside the email chain — the client paid to a fraudulent account.
Database and correspondence leak: CRM/contacts/contracts were pulled out.
Contractual exposure: policy/NDA violations, claims and lawsuits.
Reputation: lost deals and lost trust.
Why it happened: Business Email Compromise (BEC)
At the airport, Jan “for just a minute” opened his work mailbox over public Wi-Fi – credentials were intercepted. This is a classic Business Email Compromise (BEC) attack. The attackers gained access to corporate email, set up auto-forwarding and rules for messages with “payment” and “invoice,” and became invisible participants in every financial thread. They didn’t rush and studied the context for months. And waited for a major deal.
Five minutes at the airport cost Jan his career.
In the basement, the monster waiting at the bottom devoured him.
How not to end up in this horror movie
Always carry your own internet with you. In your home country — your mobile operator. Abroad, anywhere in the world — secure private network MTX Connect .
If any work or personal data truly matters, add Enhanced Security — an extra layer of encryption and anonymity.
Business owners: provide traveling employees with secure corporate network access via MTX Connect’s flexible business solutions — office-level security from anywhere in the world.
Give every family member a SIM or eSIM from MTX Connect, so they never have to connect to public Wi-Fi. And you’ll never receive a message from your child: “Dad, I’m in trouble, I urgently need money.”
So next time you decide you have nothing to hide, ask yourself:
Do you have anything to lose?
Travel wise and MTX-connected,
Jan Verny,
MTX Connect Chronicler