WiFi attacks are fairly easy for hackers. WPA2 and WPA3 are both already hacked. WEP is also really not very secure. That is not to say that you should not use security on your WiFi, WPA2 and 3 are the most secure currently and you should use one of them.
WiFi Pineapple is a device readily available on Amazon, and there are others, that sets up a dummy wifi network. It comes with a disclaimer that reminds you that hacking is illegal in most countries and this device should not be used for that purpose. I’m sure all the criminal gangs take complete notice and cease and desist their criminal activity.
But, if, for research purposes, you wanted to know how it works: Your device, let’s say your smartphone wants to connect to a wifi network, so it sends out a message saying home wifi are you there? The wifi pineapple clones your home wifi network and responds saying yes, I am your home wifi, give me your login details. But it doesn’t end there. The Wifi Pineapple is able to run a local server on it which can be made to look like GMail or Outlook or whatever email provider you use. So you go to your email service provider to check your email, but in fact, you are going to the local server on the Pineapple and you enter your email login information. Then that is it. They have you.
Another method of using wifi is to set up a free wifi network using something like The GLiNET Mudi. Using this device a hacker can set up a hotspot, for example, “BA First Class Lounge Free Wifi” then travelers connect to what they think is a service provided by BA, but in fact, it is a criminal sitting at a table in the lounge recording the information everybody is putting into their laptops or iPads or phones. That could email info or more seriously they could be connecting to their bank to make some bank payments.
This has been restricted somewhat recently using 2-factor authentication. You should always use 2-factor authentication when it is offered.