Fake Wi-Fi Hotspot Scam UK: How to Spot and Avoid Fake Public Networks
Criminals are creating fake Wi-Fi networks in UK public spaces to steal your passwords and bank details—here's how to protect yourself.
What is this scam?
A fake Wi-Fi hotspot scam involves criminals setting up bogus wireless networks in public spaces like coffee shops, airports, libraries and train stations across the UK. The fake network typically has a name (SSID) that mimics a legitimate business—for example, 'Free_WiFi_Cafe' or 'Airport_Guest_Network'—to look trustworthy. When you connect to the fake network, scammers use special software to monitor your internet traffic, capturing unencrypted data like passwords, banking login details, emails and personal information. They may also redirect you to fake login pages or use man-in-the-middle attacks to intercept your communications.
Unlike phishing scams that trick you through emails, fake hotspot scams work silently in the background once you're connected, making them particularly dangerous because you may not realise your data is being stolen until fraudulent transactions appear on your accounts days or weeks later.
Warning signs to look for
- The network name is suspiciously generic like 'Free WiFi', 'Public WiFi' or 'Guest Network' with no business branding or unusual spelling of familiar brands.
- No password is required to connect, or the password is unusually simple and generic (like 'password' or '123456').
- The network signal is strong from an unexpected location—for example, a powerful signal in a cafe corner where there's no visible router.
- You're prompted to enter login details or personal information immediately after connecting, claiming to verify your identity.
- Your device doesn't automatically reconnect to the network like it normally would with trusted networks.
- Websites load unusually slowly or display strange redirect pages before loading properly.
- Your device shows warnings about unencrypted connections or certificate errors when visiting normally secure websites.
- Multiple identical network names appear in your available networks list (a sign of multiple fraudsters operating in the same area).
How this scam works step by step
The scam begins when a criminal uses a laptop and inexpensive Wi-Fi spoofing equipment to broadcast a fake wireless network in a public location. They choose a name that sounds legitimate or matches the venue—'Costa_Guest', 'Starbucks_WiFi' or 'Airport_Connect'—making users trust it without question. When you select and connect to this network, your device is now communicating through the criminal's equipment rather than a legitimate router. The scammer uses packet-sniffing software to monitor all unencrypted traffic passing through their network, capturing passwords, emails, banking credentials and personal data in real-time.
They may also set up a fake login portal that appears when you first connect, asking you to enter personal details supposedly to activate the network. Once you've entered information or visited sensitive websites (like your bank), the criminal has harvested enough data to commit identity theft or access your accounts. Some advanced scammers use SSL stripping techniques to downgrade secure HTTPS connections to unencrypted HTTP, allowing them to intercept data from websites you believed were secure.
The entire process can take minutes, and by the time you've finished your coffee and left the cafe, your financial details may already be compromised.
How to verify if it is genuine
Before connecting to any public Wi-Fi, always ask staff at the venue directly what the exact network name is—write it down or take a photo. Legitimate businesses can confirm their genuine network SSID, and staff will warn you about name variations used by scammers. Check the venue's official website or social media pages for their published Wi-Fi network name, as established cafes and airports list this information. Look for a notice or poster displayed at the location showing the correct network name and any security instructions.
Be cautious if the business has no printed information about their Wi-Fi—many legitimate venues provide cards or signs with details. If using a cafe's Wi-Fi, ask for a password. Genuine public networks either require a simple password (written on receipts or walls) or direct you through a legitimate login portal with clear branding. For airport Wi-Fi, connect only through official kiosks or screens provided by the airport authority, never random networks with airport-like names. For banking, check our guide on recognising fake websites at Is This Website a Scam? A Practical Checklist Before You Buy to understand how to spot fraudulent pages before entering credentials.
Enable two-factor authentication on all important accounts so that even if your password is stolen, criminals cannot access your accounts without a second verification code.
What to do if you have already interacted
If you've connected to a suspicious network, first disconnect immediately and move to a secure location. Check your device for any suspicious apps or software installed during the session—go to Settings > Apps (Android) or Settings > General > iPhone Storage (iOS) and uninstall anything unfamiliar. Change your passwords for all important accounts—email, banking, social media and work accounts—immediately using a secure connection (either your mobile data or a known safe Wi-Fi network). Use a strong, unique password for each account containing at least 12 characters with mixed case, numbers and symbols.
Contact your bank and building society directly using the phone number on the back of your card (never use numbers from emails or texts) to report the potential compromise and ask them to monitor your accounts for suspicious activity. Request they place a fraud alert on your account and freeze credit if necessary. Enable two-factor authentication on all accounts that support it, including email, online banking and social media. Monitor your credit report for free at Clearscore, Experian or Equifax to check for fraudulent accounts opened in your name.
If you entered banking details on a fake login page, report this immediately to Action Fraud on 0300 123 2040 so the network of fake hotspots can be tracked and investigated.
Reporting this scam in the UK
Report suspected fake Wi-Fi hotspot scams to Action Fraud immediately by calling 0300 123 2040 or visiting actionfraud.police.uk online. Provide them with the location where you encountered the suspicious network, the network name (SSID), the date and time you connected, and any suspicious websites or login pages you were shown. For scam emails or texts trying to direct you to fake hotspots, forward suspicious texts to 7726 (spoof) and report phishing emails to the NCSC Suspicious Email Reporting Service at report@phishing.gov.uk with full email headers attached.
If the fake network was set up to impersonate a specific business, contact that company's security team directly and inform them their brand is being used fraudulently—most large UK businesses like Starbucks or airports have dedicated fraud reporting channels. Contact Citizens Advice consumer helpline on 0808 223 1133 for free advice about your rights and any financial losses. Report the specific location and network details to the venue owner directly, as they may not be aware their premises is being used for scamming.
If you've suffered financial loss, also file a report with your bank's fraud team and provide them with Action Fraud's reference number. Keep detailed records of all communications and reports you make, including dates, times, names and reference numbers for your own protection.
Frequently asked questions
Is public Wi-Fi at UK cafes and airports always a scam?
No. Legitimate businesses do operate genuine public Wi-Fi networks. The key is verification: ask staff for the correct network name, check official signage, look for a password requirement, and contact the business directly if uncertain. Most established UK chains like Costa, Starbucks and major airports run proper secure networks—the risk comes from unverified or unusually generic-sounding networks with no password protection.
What should I do if I've already sent money or banking details through a fake hotspot?
Contact your bank immediately on the number on the back of your card and explain the situation. Change all your passwords from a secure connection. Report the incident to Action Fraud on 0300 123 2040. Monitor your accounts closely for unauthorised transactions and place a fraud alert with your bank. If money has already been taken, your bank may be able to freeze the account it was sent to and recover funds under fraud protection rules.
Can scammers access my phone's files just from me connecting to their Wi-Fi?
They cannot directly access your files unless your phone is set to share files publicly or has file-sharing enabled. However, they can intercept any unencrypted data you send over the network—emails, messages, passwords and banking information. Modern phones are more secure than laptops for this reason, but the risk remains high for any sensitive activity like banking or email access. Always disable auto-connect features and never allow file sharing on public networks.
How do I report a fake Wi-Fi hotspot I've spotted but haven't connected to?
Report it to Action Fraud on 0300 123 2040 with the location, network name, date and time observed. Also report it directly to the venue management so they can alert customers and improve their security awareness. If you believe it's actively being used for scamming, contact the local police non-emergency line on 101 or report it via your local police website. Reporting helps authorities track hotspot scam patterns across UK cities.