Cybersecurity for everyone: the most common traps and how to avoid them (Part 1)

You don't have to be a tech expert to protect yourself online. Most attacks regular people fall for aren't movie-style hacks — they're simple traps that prey on distraction, hurry, or unawareness.

If you work from your laptop in cafés, airports, hotels, or any public space, three things are worth being clear about today. We explain them without jargon.

Is it true I can get hacked on public WiFi?

Yes. And while it sounds dramatic, it still happens every day.

What can happen:

An attacker on the same network can read what you send if your connection isn't encrypted. It used to be catastrophic; today, thanks to HTTPS, it's less severe — but plenty of misconfigured apps still leak data.

More dangerous is the evil twin: the attacker creates a WiFi network with a name nearly identical to the real one (for example, "Starbucks_Free" instead of "Starbucks WiFi"). Once you connect, all your traffic flows through their device. There are also fake "hotel login" pages designed to steal your credentials.

How to avoid it:

• Use a trusted VPN when connecting to public networks. It's the most effective measure: it encrypts all your traffic even if the network is hostile.

• Check that pages use HTTPS (the padlock in the address bar) before typing passwords or banking details.

• Avoid banking on public WiFi when you can. Use mobile data instead.

• Turn off auto-connect to open networks on your phone. Many attacks rely on devices reconnecting silently to known network names.

• Forget the network when you're done so you don't reconnect unknowingly next time.

If your work depends on internet daily, you don't want to bet on the WiFi of every café you visit. A professional dedicated, private network removes that risk without you having to think about it.

What happens if I click a suspicious link?

Clicking a malicious link (known as phishing) is still the number one cause of hacks on regular people. And in 2026 it got worse: attackers now use AI to write perfectly polished messages, without the typos that used to give scammers away.

What can happen:

• They take you to a page identical to your bank, Gmail, or Instagram. You type your username and password, and you've handed them over.

• Some links automatically download a program that spies on your activity or encrypts your files to demand ransom.

• If you fall for a fake banking page, transfers can happen within minutes.

• They send you a "code that arrived by mistake" on WhatsApp and, without realizing it, you give them access so they can take your account and scam your contacts.

Warning signs before clicking:

• Messages with manufactured urgency: "your account will be suspended in 24 hours", "suspicious login attempt", "you have a pending fine".

• Senders with odd domains: amaz0n.com, netfllix.com, bbva-mx.info. Swapped letters or extra words.

• Generic greetings ("Dear customer") when your bank normally uses your name.

• Promises too good to be true: prizes, inheritances, packages you didn't expect.

• Requests for sensitive data by email or message. No serious bank asks for your PIN by message.

How to avoid it:

• Don't click directly. If the message claims to be from your bank, open the bank's app or type the URL by hand.

• Hover over the link (on desktop) to see where it actually leads before clicking.

• Never share verification codes you receive by SMS or WhatsApp, not even with someone claiming to be "tech support".

• When in doubt, contact the supposed sender directly through another channel. A 30-second call saves you weeks of nightmare.

How risky are unfamiliar QR codes?

This already has a name: quishing (QR phishing). It's one of the fastest-growing attack vectors recently, because people trust QR codes a lot and almost nobody verifies where they lead.

What can happen:

• You're taken to fake login or payment pages, just like with a traditional link, but harder to detect because you don't see the URL until after scanning.

• Classic scam: someone sticks a fake QR over the real one on parking meters, restaurant menus, or payment terminals. You pay — but the money goes to a different account.

• Automatic download of malicious apps that ask for broad permissions (contacts, messages, location, microphone).

• Automatic connection to malicious WiFi networks preconfigured in the QR.

How to avoid it:

• Before acting, check the URL that appears after scanning. Most cameras and apps show where they're taking you before opening.

• Be wary of QRs stuck on top of other QRs, especially on parking meters, menus, and payment terminals. A poorly placed sticker is a red flag.

• Don't download apps directly from a QR. Find them in the official store instead.

• Don't enter banking details or passwords on a page reached through an unverified QR.

• In public places, if you're unsure, ask staff whether the QR is legitimate.

Wrap-up of Part 1

Three simple rules that take most of the risk off the table:

1. Public WiFi: use it with a VPN, or use mobile data for sensitive things. If you work from a laptop daily, consider a space with a professional dedicated network.

1. Suspicious links: when in doubt, don't click. Open the app or type the URL by hand.

1. Unknown QRs: verify the URL before acting. Be suspicious of stickers placed over other stickers.

Cybersecurity isn't paranoia, it's digital hygiene. Just as you lock your front door when you leave home, lock the doors of your digital life. Criminals look for the easy path — with these basics, you stop being that path.

In Part 2 we'll cover passwords, two-factor authentication, the new AI voice-cloning scams, and how to tell if you've already been compromised.

Kiin Hub runs on 500 Mbps dedicated, private fiber. If your work depends on internet daily and you'd rather not gamble on the WiFi of every café, come try it with a daypass. Bookings and questions: +52 990 403 6041.