How it works
- A fake hotspot is broadcast with a name closely mimicking the airport's genuine free Wi-Fi network
- Connecting may route your browsing through the attacker's equipment, potentially exposing unencrypted traffic
- Some fake networks show a login or "terms and conditions" page asking for an email address and password, harvesting credentials that are often reused across other accounts
- Attackers may also use "evil twin" attacks that clone a legitimate network exactly, making the fake and real versions indistinguishable by name alone
Red flags
- Multiple similarly-named Wi-Fi networks showing in your device's list at the airport
- A login page asking for an email and password rather than just accepting the connection
- Being asked to download an app or a certificate to access the internet
- No official signage confirming the exact network name to use
How to protect yourself
- Check airport signage or ask staff for the exact official network name before connecting
- Avoid logging into banking, email, or other sensitive accounts on any public Wi-Fi network
- Use a VPN if you need to access sensitive accounts while travelling
- Turn off auto-connect to open Wi-Fi networks in your phone's settings
- Consider using your mobile data instead of public Wi-Fi for anything sensitive, if you have signal or roaming
If it happens to you
- If you entered a password on a suspicious network, change that password immediately (and anywhere else you reused it) once on a trusted connection
- Monitor your bank and email accounts for unusual activity in the days that follow
- Report the incident to Action Fraud (actionfraud.police.uk) and consult the National Cyber Security Centre's guidance for further steps