Fake WiFi used to steal personal information detected at airports

A fake free WiFi network used to steal sensitive personal data has been discovered in busy public places including airports around Australia.

It comes as a 42-year-old West Australian man was charged with cybercrime offences in May 2024 after the fake WiFi network was detected at airports in Melbourne, Adelaide, Perth and onboard domestic flights among other locations.

Users connecting to the WiFi would be redirected to a fake webpage requesting an email or social media login, Australian Federal Police (AFP) said.

Harvested passwords and login details from dozens of unsuspecting victims were allegedly saved to the man's device, police said.

Investigators warned those details could be used to access further information including online banking logins, personal communications, images and videos.

"To connect to a free WiFi network, you shouldn't have to enter any personal details such as logging in through an email or social media account," AFP detective inspector Andrea Coleman said.

AFP recommended users install a reputable virtual private network (VPN) on their devices, to encrypt and secure data, before using publicly available WiFi.

"When using a public network, disable file sharing, don't do anything sensitive - such as banking - while connected to it and once you finish using it, change your device settings to 'forget network'," she said.

She also recommended turning off the WiFi on phones or other electronic devices before going out in public "to prevent your device from automatically connecting to a hotspot".

Police said anyone who connected to free WiFi networks in airport precincts and on domestic flights should change their passwords and report any suspicious activity on their accounts to cyber.gov.au.

Airline staff reported a suspicious WiFi network on a domestic flight and an AFP investigation was launched on April 19.

Police searched the man's bags when he arrived at Perth Airport and a portable wireless access device, a laptop and a mobile phone were seized.

The man was charged with nine offences including three counts each of unauthorised impairment of electronic communication and possession or control of data with the intent to commit a serious offence.

He was also charged with unauthorised access or modification of restricted data, dishonestly obtaining or dealing in personal financial information and possession of identification information with the intention of committing, or facilitating the commission of, conduct that constitutes the dealing offence.

He is expected to appear before Perth Magistrates Court on June 28.

Anyone who believes they are a victim of cybercrime, should report it to police using Report Cyber at cyber.gov.au.

If there is an immediate threat to life or risk of harm, call 000.

If you are concerned that your identity has been compromised, contact the national identity and cyber support service IDCARE at www.idcare.org.