A new warning has been issued for hotel guests using public Wi-Fi connections.

Most people tend to the think of cyberattacks, data breaches, and hacking as the work of highly-skilled, dark web-style operatives. The reality, though, is not quite so skilled. Not only are sophisticated tools available for sale to low-level cybercriminals, but social engineering plays a large part in victimizing consumers. Tricking someone into thinking their network is locked up or handing over their personal identifiable information is a lot easier than actually stealing it yourself.

A new warning has been issued to summer holiday travelers, one that builds on a known threat. For years, consumers have been warned about the dangers of connecting over public wifi, as they cannot know who else is on the connection and can see what they’re up to. Now, wifi “masking” of known, trusted networks allows even the least skilled would-be hacker to steal information.

So what does this mean for hotel guests?

Consider the example of traveling to Hawaii. You book reservations at a four-star resort, “Kona Key,” for example. The Kona Key wifi connection appears in your device’s list when you reach the property. During your stay, you find other available connections, some of them stronger. Kona Key Poolside, or Kona Key Bar and Grill. Perhaps there’s a Koana Key connection, too.

Those are the spoofed connections. By setting up wifi connections that are not associated with the property, scammers trick guests into connecting over the wrong wifi. This unsecured connection allows the scammer to see everything the guest is doing, including entering usernames and passwords, credit card information, and more.

Unfortunately, it happens far too often

According to the Identity Theft Resource Center, there are 50 new cases of identity theft every minute, utilizing tactics like hacking, data breaches, POS skimming, and more. Year-over-year record-setting numbers of data breaches continue to reach epidemic proportions; in 2017, over 1,500 separate data breaches resulted in the compromise of more than 179,000,000 consumer records. There is no indication that these numbers will decrease in the near future, and if anything, new technology and new tactics such as this one may lead to even higher numbers than before.