The threat of malicious Wi-Fi hotspots that intercept user data is nothing new, but fake Wi-Fi incidents have recently reached new heights. In a case from Australia, for example, a passenger was arrested for setting up fake Wi-Fi hotspots at the airport and on board the plane during the flight.

There’s a good reason these days why passengers are more likely to use in-flight Wi-Fi: airlines are increasingly offering entertainment streamed directly to passengers’ devices rather than on the seatback screens. Once being connected to the airline’s media portal, they can not only have access to movies, music, games and other entertaining activities, but also can get internet access for an additional fee.

Unsuspecting passengers can also connect to a malicious Wi-Fi spot because its signal seems stronger, and then be redirected to a fake authentication page. This page would possibly request some credentials, like email address and password or social network credentials, supposedly to sign in to the airline’s online services. This data can then be used by cybercriminals to hijack accounts and access personal information.

“The insidiousness of this kind of attack lies in the victims’ limited options: stuck on board of a plane, connected to what they believe is legitimate Wi-Fi, they have just two options: either to provide the requested information, or forgo all in-flight entertainment. Therefore, the chances of a successful attack are very high, which makes it extremely important for travelers to be vigilant so that not to lose personal data and more,” – comments Maher Yamout, Lead Security Researcher at Kaspersky.

While the main advice about using public Wi-Fi would be: use 4G/5G cellular access instead of public Wi-Fi hotspots wherever possible, and when that’s not an option — protect your privacy with a reliable VPN solution, like Kaspersky VPN Secure Connection. But these won’t work on a plane.

So, here’s some tailored advice for staying safe when using in-flight Wi-Fi:

  • Don’t connect to in-flight Wi-Fi just out of curiosity to see what’s on offer.
  • Come prepared. Download movies and music to your devices beforehand so as not to rely on the airline’s entertainment options. That done, you probably won’t need in-flight Wi-Fi at all.
  • If you still do need Wi-Fi, review the instructions in your seat pocket carefully. It should list the official Wi-Fi name and connection process.
  • Be wary of discrepancies. If something about the Wi-Fi connection seems off compared to the instructions, or if you’re asked to enter detailed personal information like email, passwords, passport details, or payment information, disconnect immediately and alert a flight attendant. Confirm with them whether this information is actually required to use the Wi-Fi. Show them the device screen so that they can verify the legitimacy of the connection interface.
  • Avoid downloading anything during the flight. Connecting to the plane’s network should never require installing apps, plugins, or certificates. If asked to install anything of the sort — disconnect immediately by enabling airplane mode.
  • If you connect to Wi-Fi to use the in-flight internet, try enabling your VPN as soon as the connection is established. If the VPN can’t be turned on, minimize your online activity, and never log in to sensitive services such as online banking, government websites, or email.
  • Keep the number of devices you connect to the in-flight Wi-Fi to a minimum — preferably no more than one.
  • If you do connect, before landing, make sure to go to the Wi-Fi settings and “forget” the airline network. You can then put your device in airplane mode, as required by the aviation regulations.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.