People who log on to coffee shop and private wifi networks are at risk of having their data ‘scraped’ by hackers, leading Scottish cybersecurity experts have warned.

Passwords, text messages and websites that internet users have visited – and even entire data sets on a device – can all be infiltrated by snoopers, academics from Scottish universities have said.

Nick Taylor, a specialist in human-computer interaction at Dundee University, set up a ‘fake café’ offering free smoothies to anyone accessing the wifi.

“We told everybody that everything they sent over the wifi was going to be captured…and we had printers scrolling out long lists of all the data we managed to scrape,” he said. “Any café that you go to with public wifi can probably do that. We got the texts people were sending, the website addresses they were visiting and for non-encrypted websites you could grab all of the data on that site, including passwords.”

Dr Kami Vaniea, who is speaking next month at FutureScot’s Digital Scotland conference, said that Virtual Private Networks (VPNs), which are sometimes touted as a solution to hacking fears, in fact carry the risk that the VPN owners can access user data.

Dr Vaniea, a lecturer in cybersecurity and privacy at the University of Edinburgh’s School of Informatics, urged users to check for the padlock sign in website URL address boxes, which indicate that a site is encrypted, but said: “VPNs are a mixed bag, technically helping to stop coffee shops seeing anything, but it gives [data] to the VPN owner who can see absolutely everything that you’re sending.”

The comments were reported today in the Times (Scottish edition), where Charles Kriel, an associate fellow in war studies at King’s College London reportedly told an audiece at the Edinburgh Science Festival that internet users were “living in the era of the conman and everybody is the target”.

He said: “Don’t use the free VPNs. If you’re not paying for it, you’re the product being sold, that is for sure.”