This Is One of the Biggest Cybersecurity Mistakes You Can Make at an Airport, Experts Warn

Travel + Leisure

17-06-2025

While cruising an airport's public internet network may feel like a convenience, criminals can easily exploit those networks to steal sensitive data from unsuspecting travelers, experts warn.
'It's definitely among the worst things you can do at an airport,' Matthew Hicks, a cybersecurity expert and associate professor of computer science at Virginia Tech, told Travel + Leisure .
Public Wi-Fi is a shared internet connection, often over an unsecured network. Users are therefore vulnerable to hackers, who can intercept data like credit card details or account passwords, and install malware onto consumers' devices, according to experts.
About 40 percent of Americans have had their data compromised while using a public Wi-Fi network, according to a recent Forbes Advisor survey of 2,000 workers who regularly use public internet. Yet, 23 percent of users said they think public Wi-Fi is completely safe, and another 43 percent said it's somewhat safe, the Forbes survey found.
Anything you do on airport Wi-Fi should be something you'd be comfortable with the rest of the world knowing about.
— John Breyault
Because travelers often have ample downtime before flights—and may be in an area without cellular connection—airports are a common access point for public Wi-Fi, Hicks said.
Consumers reported losing more than $16 billion to internet crime overall in 2024, a record high and a 33 percent increase from 2023, according to data from the Federal Bureau of Investigation.
Personal data breaches were among the top three most common complaints received by the FBI, it said. 'As nearly all aspects of our lives have become digitally connected, the attack surface for cyber actors has grown exponentially,' B. Chad Yarbrough, operations director for the FBI's criminal and cyber unit, wrote in the Bureau's annual internet crime report. 'Scammers are increasingly using the Internet to steal Americans' hard-earned savings.'
Scammers also often try to trick travelers into logging onto fake Wi-Fi networks, John Breyault, vice president of public policy, telecommunications and fraud at the National Consumers League, a consumer advocacy group, told T+L.
Someone trying to connect to the O'Hare Guest Wi-Fi network may unknowingly access another—perhaps 'O'Hare Guest 2' or 'Chicago Airport Wi-Fi'—controlled by a criminal. "Make sure [the network] is the one run by the airport, and not someone setting up a honeypot," Breyault said.
In 2024, the Australian Federal Police charged a man for allegedly establishing one of these so-called 'evil twin' networks to steal people's personal data. He did this at airports in Perth, Melbourne and Adelaide, among other places, AFP reported.
Accessing the correct network will 'eliminate most of the real attackers,' Hicks said, adding that travelers can ask airport personnel if they're unsure.
Using your cell phone to establish a personal internet hotspot is among the safest ways to access the web in an airport. This simple step will reduce the number of attackers to 'near zero,' according to Hicks. That's because it's a private cellular connection instead of an open Wi-Fi network. 'You're not sharing that connection with everyone else in the airport,' Breyault said. 'Your data will be much safer in transit.'
If that's not available, experts recommend using a device with a 'virtual private network' or VPN, which is an encrypted connection that offers an additional layer of security. Hicks' best advice is to buy one from a reputable, U.S.-based company.
Travelers should ultimately avoid logging into financial, email, social media, or other sensitive accounts over airport Wi-Fi, Breyault noted. 'If you're just checking the weather, that's one thing,' Breyault said. 'If you're checking your bank account balance, that's something different.'
"Anything you do on airport Wi-Fi should be something you'd be comfortable with the rest of the world knowing about,' he said.