SCOTS have been warned over using airport Wi-Fi networks to transfer money, stream movies and share personal information, as they jet off this October half-term.
Cybersecurity experts at VPNPro conducted an analysis on 34 of the UK’s busiest airport websites, to determine which ones clearly state the correct name of their Wi-Fi network to customers.
When considering each airport’s website, a staggering 53%, or 18 out of the 34 airports analysed, did not verify the actual name of the airport’s Wi-Fi network on their site, leaving travellers at a greater risk of connecting to a malicious network while they wait to board.
Among the offenders in Scotland were Edinburgh Airport, Inverness Airport, Glasgow Prestwick Airport, and Dundee Airport.
Of the nine Scottish airports analysed, only two were found to clearly state the name of the Wi-Fi network to customers, Glasgow Airport and Aberdeen International Airport.
List of UK airports which did not clarify the name of their Wi-Fi network on their website:
|2.||Birmingham International Airport|
|4.||Belfast International Airport|
|5.||Belfast City Airport|
|8.||Glasgow Prestwick Airport|
|13.||Teesside International Airport|
|14.||City of Derry Airport|
Šarūnas Karbauskas, a cyber-security expert at VPNPro who conducted the analysis commented:
“When heading abroad, travellers frequently surf the web to pass the time, especially if there are unexpected delays to their departure.
“And since they often don’t want to eat up their mobile data while they wait, they will switch over to airport Wi-Fi to continue keeping themselves entertained.
“Anyone who has been to an airport will know that once you switch on your Wi-Fi settings, you are hit with a barrage of options, and it isn’t always clear which is the airport’s legitimate Wi-Fi network.
“A significant number of airports failed to confirm the correct name of their Wi-Fi network on their website, meaning that customers are left vulnerable to online attacks should they unknowingly connect to a bogus network.”
Mr Karbauskas adds, “Often referred to as an ‘Evil Twin Attack,’ cybercriminals are known to set up fake Wi-Fi hotspots in airports, in the hope that travellers will unwittingly connect to their network. Once connected, any personal information entered by the victim can then be intercepted by these fraudsters, enabling them to gain access to your email or bank account.
“Cybercriminals can even set up hotspots with the exact same name as the legitimate Wi-Fi network. Therefore, it is also important to check with a member of staff that you are connecting to the correct network if there are several options with the same name.”
List of UK airports which clarified the name of their Wi-Fi network on their website:
|UK Airport||Verified Wi-Fi network name|
|1.||London Heathrow Airport||_Heathrow Wi-Fi|
|2.||London Gatwick Airport||Free Gatwick Wi-Fi|
|4.||London Stansted Airport||_FreeWifi|
|5.||London Luton Airport||Luton Airport WIFI|
|7.||Newcastle International Airport||_NCLFreeWiFi|
|8.||Liverpool John Lennon Airport||LJLA-Free-WiFi|
|9.||Leeds Bradford Airport||LeedsBradfordAirport_Free_WiFi|
|10.||East Midlands Airport||_FreeWifi|
|11.||London City Airport||LCY Airport Free Wi-Fi|
|12.||Aberdeen International Airport||Aberdeen_Airport_WiFi|
|13.||Bournemouth Airport||BOH Public Wifi|
|15.||London Southend Airport||London Southend Free WiFi|
|16.||Land’s End Airport||Skybus Free WiFi|
Tips for staying safe on airport Wi-Fi networks
Mr Karbauskas, has outlined his top tips for staying safe when using airport Wi-Fi networks, so that holidaymakers can reduce the risk of revealing their personal information to cybercriminals.
1. Verify the Wi-Fi connection
If you need to connect to airport Wi-Fi, ask a member of staff if you are about to connect to a legitimate connection, as cybercriminals often imitate Wi-Fi hotspots in order to intercept sensitive data.
As mentioned above, hackers will often create a fake Wi-Fi hotspot using the airport’s name or something enticing such as ‘Free_Airport_Wi-Fi’ to hoodwink customers into connecting to their bogus network, before then snooping on their web activity.
2. Enable your device’s Firewall
Most modern laptops come with a built in Firewall, which shields your computer from malicious network traffic and helps prevent unauthorised access to your laptop.
For Windows 11 users, your laptop’s Firewall should be automatically enabled. To check it is enabled go to: Start > Settings > Privacy & security > Windows Security > Firewall & network protection > Windows Security settings. Then ensure that it is enabled for Domain network, Private network, and Public network.
For Mac OS users the Firewall isn’t always enabled as standard. To enable this, go to: System Settings > Network > Firewall > Click the toggle to enable.
3. Enable HTTPS only mode
When online, make sure there is a padlock symbol next to the URL of every website, as this ensures the information passing between your device and the web server is encrypted, preventing most third parties from spying on it.
Most browsers will do this by default, but you can switch on a ‘HTTPS only feature’, which will automatically move you to the secure HTTPS encrypted version of a website if you happen to end up on the unencrypted HTTP version.
To enable HTTPS Only mode on Google Chrome, open the application and select: Settings > Privacy & Security > Security > Toggle on ‘Always Use Secure Connections’
Safari users can update their operating system to macOS Big Sur and macOS Catalina in order to use Safari 15, which automatically enables the HTTPS Upgrade feature.
4. Never install software or certificates
A public Wi-Fi network should never ask you to install any additional software or certificates to use it. If it does, this could indicate that you are connecting to a fraudulent network.
5. Avoid logging into or checking sensitive information
Hold off on logging into banking, social media and email accounts or entering any personal information on public networks until you get home, even if you are confident that you are using a legitimate Wi-Fi network.
6. Enable two-factor authentication
Make sure that any important personal accounts require two forms of verification in order for you to access them. This way, if someone successfully intercepts your password and tries logging into one of your email accounts, you will receive a text to confirm that it is actually you trying to log in.
7. Set up a mobile hotspot if possible
If you are still unsure of the legitimacy of a Wi-Fi network, try to use mobile data on your phone when possible and set up a mobile hotspot if you are working from a laptop.
8. Use a VPN
A Virtual Private Network, or VPN, uses tunnelling protocols to ‘wrap’ your data in a layer of encryption so that anyone intercepting it cannot make any sense of it, as well as concealing your true IP address.
A VPN should provide you with the greatest level of protection from online attacks, even if you are browsing the web on an unsecure Wi-Fi network. There are several free VPNs online, but more reliable ones will cost you a couple of pounds per month.