Is hacking Wi-Fi THAT easy? (just spoof, and it's hacked?)
No, it is not that easy. But it depends on the network.
First, most Wi-Fi devices will remember all Wi-Fi networks they connect to, and also whether that network is encrypted or not and using which method. When your device comes near a network it "knows" (by its name, i.e. its SSID), it will try to reconnect, if that network's security method matches the saved one. What happens next will depend on the kind of Wi-Fi network.
Open, unencrypted Wi-Fi networks
When a Wi-Fi network is unencrypted (like most "Free Wi-Fi" networks in cafés, bars or hotels) and you have already been connected to that network once before, your device will automatically reconnect to a network with the same name. Anyone can spoof a well-known "Some Coffeemaker Free WiFi" and your device will happily connect to it when encountered. The rogue access point (AP) will then see all traffic your device sends or receives over this network (but cannot look into HTTPS or VPN encrypted traffic, of course).
WPA2 networks with pre-shared keys (WPA-PSK)
When using WPA2 authentication with pre-shared keys (PSK), both the station and the AP have to prove that they know the PSK in the four-way handshake. Thus, a rogue WPA2-AP cannot give access to a client by just having the right SSID and accepting any password from the client. Your device will not associate with that AP unless it uses the same PSK.
AFAIR, this is also valid for authentication with WPA version 1 and even WEP, but those protocols have other weaknesses which make them non-recommendable or even useless.
On the other hand, everyone who knows the PSK could fake a WPA2-AP. A weak PSK could also be guessed in a brute-force attack, e.g. by repeated authentication attempts. Hence, a long, not-guessable PSK is necessary.
(There is also an attack called Hole 196 that can be used by already authenticated attackers to break the session key of other authenticated hosts with the AP, but this is not relevant here.)
WPA2 Enterprise networks
WPA2 Enterprise works similar to WPA2-PSK, but uses a dedicated authentication server. In addition to passphrases, it can use certificates on client and AP. Client certificates are like long, authority-signed passphrases which are different for every client device. This way, when a host is compromised (e.g. stolen), that particular client certificate can be blocked on the authentication server, instead of changing the PSK on all devices.
For your device it makes no difference if WPA2-PSK or WPA2 Enterprise is used, in both cases it will not connect to an AP that cannot prove to have the necessary secret.