Why on earth go to the extremes and effort of setting up fake WiFi networks or hacking into them, unless you _know_ there's a specific target you are going for?
Because general targets can also be valuable. So as an attacker I may not care about "bb_matt", but I do care about "anyone that interacts with a banking site I know how to man in the middle". As an attacker I especially care if I have some sort of scam or attack that works for a small number of limited value transactions but against a large number of people. If I had an attack that worked against unlimited value I would be less interested in "anyone blah blah blah bank" and more interested in "someone specifically with a large bank balance".
Almost all apps that carry important data have end-to-end encryption, so the bad actor would more than likely setup a fake WiFi access point with a login page that asks, as an example, users to login to their email account or something similar - but the numbers will be tiny.
Or set up something that looks like a public WiFi portal (or is one) that demands you install their root cert before you get the free WiFi. Anyone that knows what a root cert does will avoid installing one from anything except their work, and anyone that reads all the OS/browser warnings should avoid doing so, but people skip reading and do "dumb stuff" all the time. Just click whatever buttons in the alert that mean "get all this stuff off my screen and let me see cat videos!"
A scam doesn't need to catch everyone in order to be valuable, and there is some reason to believe that scams that are obvious to many people are actually more effective over the long run because the sort of people that would normally be able to track down the scammers and hold them accountable are the same people that run into obvious scams and go "who would fall for that?" and move on!
-------- (slashdot use to allow the HR HTML element, now it doesn't, i miss that!) -------
So I think the article is mixing some creditable advice "how likely is the attack? maybe don't worry about low probability attacks!" but failing to account for "how much does the risk mitigation cost?" & "how much does getting attacked hurt". The article seems to be saying "these aren't very likely so forget about them, move on!" as opposed to the more useful advice "how likely, scaled by how much it costs if they nail you, and does that cost more then the mitigation?". They get different results.
With one you get "public charger? plug in!", with the other you get "do you have a no-data power only cable? plug in!" and also "you need to trust their cable? Do you really need the power? If not just ignore the whole thing, if you desperately need the power though, go ahead, your phone is probably safe!". Yes, that is more thought then some people like to put into things, and a lot of people that don't like to think too hard about things like reassuring magazine articles that say "guy who likes to think about stuff says you don't have to think too hard. You were right all along!"