A hacker sets up a hotspot with a name similar to the legitimate one (e.g., "Starbucks Free Wi-Fi" vs. "Starbucks WiFi 2.4G"). When you connect, they can see every unencrypted keystroke, including passwords and credit card numbers.
