Seven Scottish airports leave customers at risk of common Wi-Fi scam – including country’s busiest spot

18/10/2023
Student using laptop and credit card in cafe

SCOTS have been warned over using airport Wi-Fi networks to transfer money, stream movies and share personal information, as they jet off this October half-term.

Cybersecurity experts at VPNPro conducted an analysis on 34 of the UK’s busiest airport websites, to determine which ones clearly state the correct name of their Wi-Fi network to customers. 

When considering each airport’s website, a staggering 53%, or 18 out of the 34 airports analysed, did not verify the actual name of the airport’s Wi-Fi network on their site, leaving travellers at a greater risk of connecting to a malicious network while they wait to board. 

Among the offenders in Scotland were Edinburgh Airport, Inverness Airport, Glasgow Prestwick Airport, and Dundee Airport.

Of the nine Scottish airports analysed, only two were found to clearly state the name of the Wi-Fi network to customers, Glasgow Airport and Aberdeen International Airport.

List of UK airports which did not clarify the name of their Wi-Fi network on their website: 

 UK Airport 
1. Edinburgh Airport 
2. Birmingham International Airport 
3. Bristol Airport 
4. Belfast International Airport 
5. Belfast City Airport 
6. Cardiff Airport 
7. Inverness Airport 
8. Glasgow Prestwick Airport 
9. Exeter Airport 
10. Norwich Airport 
11. Sumburgh Airport 
12. Newquay Airport 
13. Teesside International Airport 
14. City of Derry Airport 
15. Kirkwall Airport 
16. Stornoway Airport 
17. Humberside Airport 
18. Dundee Airport 

Šarūnas Karbauskas, a cyber-security expert at VPNPro who conducted the analysis commented: 

“When heading abroad, travellers frequently surf the web to pass the time, especially if there are unexpected delays to their departure. 

“And since they often don’t want to eat up their mobile data while they wait, they will switch over to airport Wi-Fi to continue keeping themselves entertained. 

“Anyone who has been to an airport will know that once you switch on your Wi-Fi settings, you are hit with a barrage of options, and it isn’t always clear which is the airport’s legitimate Wi-Fi network. 

“A significant number of airports failed to confirm the correct name of their Wi-Fi network on their website, meaning that customers are left vulnerable to online attacks should they unknowingly connect to a bogus network.” 

Mr Karbauskas adds, “Often referred to as an ‘Evil Twin Attack,’ cybercriminals are known to set up fake Wi-Fi hotspots in airports, in the hope that travellers will unwittingly connect to their network. Once connected, any personal information entered by the victim can then be intercepted by these fraudsters, enabling them to gain access to your email or bank account. 

“Cybercriminals can even set up hotspots with the exact same name as the legitimate Wi-Fi network. Therefore, it is also important to check with a member of staff that you are connecting to the correct network if there are several options with the same name.”

List of UK airports which clarified the name of their Wi-Fi network on their website:

 UK Airport Verified Wi-Fi network name 
1. London Heathrow Airport _Heathrow Wi-Fi 
2. London Gatwick Airport Free Gatwick Wi-Fi 
3. Manchester Airport _FreeWifi 
4. London Stansted Airport _FreeWifi 
5. London Luton Airport Luton Airport WIFI 
6. Glasgow Airport Glasgow_Airport_WiFi 
7. Newcastle International Airport _NCLFreeWiFi 
8. Liverpool John Lennon Airport LJLA-Free-WiFi 
9. Leeds Bradford Airport LeedsBradfordAirport_Free_WiFi 
10. East Midlands Airport _FreeWifi 
11. London City Airport LCY Airport Free Wi-Fi 
12. Aberdeen International Airport Aberdeen_Airport_WiFi 
13. Bournemouth Airport BOH Public Wifi 
14. Southampton Airport Southampton_Airport_WiFi 
15. London Southend AirportLondon Southend Free WiFi 
16. Land’s End Airport Skybus Free WiFi 

Tips for staying safe on airport Wi-Fi networks 

Mr Karbauskas, has outlined his top tips for staying safe when using airport Wi-Fi networks, so that holidaymakers can reduce the risk of revealing their personal information to cybercriminals. 

1. Verify the Wi-Fi connection 

If you need to connect to airport Wi-Fi, ask a member of staff if you are about to connect to a legitimate connection, as cybercriminals often imitate Wi-Fi hotspots in order to intercept sensitive data.  

As mentioned above, hackers will often create a fake Wi-Fi hotspot using the airport’s name or something enticing such as ‘Free_Airport_Wi-Fi’ to hoodwink customers into connecting to their bogus network, before then snooping on their web activity. 

2. Enable your device’s Firewall 

Most modern laptops come with a built in Firewall, which shields your computer from malicious network traffic and helps prevent unauthorised access to your laptop.  

For Windows 11 users, your laptop’s Firewall should be automatically enabled. To check it is enabled go to: Start > Settings > Privacy & security > Windows Security > Firewall & network protection > Windows Security settings. Then ensure that it is enabled for Domain network, Private network, and Public network.  

For Mac OS users the Firewall isn’t always enabled as standard. To enable this, go to: System Settings > Network > Firewall > Click the toggle to enable. 

3. Enable HTTPS only mode 

When online, make sure there is a padlock symbol next to the URL of every website, as this ensures the information passing between your device and the web server is encrypted, preventing most third parties from spying on it.  

Most browsers will do this by default, but you can switch on a ‘HTTPS only feature’, which will automatically move you to the secure HTTPS encrypted version of a website if you happen to end up on the unencrypted HTTP version. 

To enable HTTPS Only mode on Google Chrome, open the application and select: Settings > Privacy & Security > Security > Toggle on ‘Always Use Secure Connections’ 

Safari users can update their operating system to macOS Big Sur and macOS Catalina in order to use Safari 15, which automatically enables the HTTPS Upgrade feature. 

4. Never install software or certificates 

A public Wi-Fi network should never ask you to install any additional software or certificates to use it. If it does, this could indicate that you are connecting to a fraudulent network. 

5. Avoid logging into or checking sensitive information 

Hold off on logging into banking, social media and email accounts or entering any personal information on public networks until you get home, even if you are confident that you are using a legitimate Wi-Fi network. 

6. Enable two-factor authentication 

Make sure that any important personal accounts require two forms of verification in order for you to access them. This way, if someone successfully intercepts your password and tries logging into one of your email accounts, you will receive a text to confirm that it is actually you trying to log in. 

7. Set up a mobile hotspot if possible 

If you are still unsure of the legitimacy of a Wi-Fi network, try to use mobile data on your phone when possible and set up a mobile hotspot if you are working from a laptop. 

8. Use a VPN 

A Virtual Private Network, or VPN, uses tunnelling protocols to ‘wrap’ your data in a layer of encryption so that anyone intercepting it cannot make any sense of it, as well as concealing your true IP address. 

A VPN should provide you with the greatest level of protection from online attacks, even if you are browsing the web on an unsecure Wi-Fi network. There are several free VPNs online, but more reliable ones will cost you a couple of pounds per month. 

The Latest Stories

The UK’s most in-demand IT roles of 2024
Entrepreneurial success at latest Startup Showcase as RGU secure future funding
Global leaders agree to launch first international network of AI Safety Institutes to boost understanding of AI
Pneumagen Presents Positive Phase 2 Influenza Human Challenge Study