How to avoid hackers while traveling

With winter behind us (mostly) and warmer weather on the horizon, many Canadians will be thinking about travelling abroad.

But, while you’re at the airport, whether that’s here in Canada waiting for your flight or when you land at your destination, you may want to avoid using the airport’s Wi-Fi.

The Transportation Security Administration (TSA) in the United States had issued a warning in late 2025 about free Wi-Fi at airports, as it can be a hotbed for hackers.

There are news reports of travellers being hacked when using airport Wi-Fi, such as a woman who had money withdrawn out of her bank account after she had connected to free networks at airports in Singapore and Australia.

Why is public Wi-Fi unsafe?

Airport Wi-Fi, and basically all public Wi-Fi, is a security risk, said Randy Purse, senior cybersecurity adviser at Rogers Cybersecure Catalyst, Toronto Metropolitan University’s national centre for training, innovation and collaboration in cybersecurity.

“If you’re just surfing the net, it’s normally not a problem, but if you’re doing any sort of transactions or communications on there that’s going to be sensitive at all, it would be best to avoid airport Wi-Fi and public Wi-Fi altogether,” he said.

Providers of public Wi-Fi favour access over security, he said. Strict security would make the network harder to access, which is problematic if you’re trying to provide an easy access point.

“If they put good security around it, it makes it less accessible. That also costs a lot of money,” he said.

How do cybercriminals hack your devices?

The hackers are trying to access your device to gain sensitive and personal information, such as access to your various accounts or to get information about you. They could then access those accounts or steal your identity.

If you are using public Wi-Fi and your logged-in accounts are open, you’re essentially on them out in the open, Purse said.

Hackers have a variety of methods of gaining this information.

Man-in-the-middle attacks, or interception, sees all the data your device is sending to its intended destination first pass through the hacker’s system.

Packet sniffing allows cybercriminals to get information off the various apps your using.

Session hijacking allowing hackers to steal session cookies off apps, including messaging apps such as WhatsApp, which would give them some access to your social media accounts. Criminals could keep monitoring the account or take over the account.

Hackers could also send pop-ups to your device through malware distribution. These pop-ups might alert you to a “security risk” on your device and ask you to log into something, or accept an update, which in turn will install something malicious on your device.

Then, there are evil twin networks. This is where hackers create a fake Wi-Fi network disguised to look like the official one. Its name, for example, would appear almost identical the real one, such as being off just by one character, which travellers might not notice.

“If you get onto the fake Wi-Fi, they’ll start recording everything and they’ll start taking that information and using that personal information later on for other things, like identity theft, account theft, etc.,” Purse said.

Is any public Wi-Fi use safe?

Purse said using public Wi-Fi is generally safe for things such as surfing the web. So, if you need to check an airline’s flight schedule, that’s likely OK.

The risk increases if you are on any website or app that requires you to log in, regardless of whether you manually have to enter your credentials or if you are automatically logged in. That includes streaming services, bank accounts, emails, messenger apps, social media accounts, and so on.

“You’ve got a lot of applications on your phone or laptop or whatever that automatically log in as soon as you get into a Wi-Fi, so there’s the potential to get that account information the minute that you log into that public Wi-Fi,” Purse said.

What can you do?

If you are planning to connect to public Wi-Fi, there are a few steps you can take to safeguard your personal information.

Firstly, make sure you are connecting to the official Wi-Fi and not a fake one with a similar name. Ask an airport official which network to access.

Turn off Wi-Fi and Bluetooth

Purse also recommends you turn off your device’s Wi-Fi and Bluetooth auto connect features, or it might connect to a public network even if you don’t mean it to.

When connected to public Wi-Fi, he recommends reducing the number of apps you have running that require a log in.

Update security software

Make sure your device’s security software is up to date.

Make sure your devices are locked with a PIN or password and he recommends multifactor authentication for applications.

He also recommends you back up your files, so if you lose your phone or device, you don’t lose important files such as family photos.

Use a virtual private VPN

And, if you are going to connect to apps or websites that require log in credentials, the No. 1 advice Purse has for people is to use a virtual private network (VPN).

“That basically sets you up in a secure pipeline so that your data can travel to its destination without being intercepted, typically,” he said.

VPN typically costs a few dollars a month and many security software providers offer it.

If you are going to get VPN, make sure you have it set up and running on your device or devices before you go on your travels.

He cautions there is no foolproof method to protect yourself, not even with VPN, but criminals aren’t after you specifically, they’re after easy targets. The more security you use, the less desirable you are to criminals.

Mobile network safer than public Wi-Fi

There is another option that is generally safer than using public Wi-Fi — that’s to stick to mobile networks, as in having a phone plan with data for your destination so you don’t have to use public Wi-Fi.

Get a traveller plan with your cellphone service provider

This could be achieved by getting a traveller plan with your cellphone service provider, which would give you access to your talk, text and data service while abroad. There’s a cost to this option, but it would be cheaper than paying roaming charges. This option is only available where your service provider has coverage, typically through agreements with other providers.

Use an eSIM

Another option is to use an eSIM on your smartphone, which lets you connect to a mobile network without a physical SIM card.

This would allow you to get a phone/data plan directly with a service provider at your travel destination.

“If you’re using your mobile network, you’re safer than using the free Wi-Fi because there’s protections around it. If you have a trustworthy mobility provider or an eSIM with a recognized, reputable provider, then you should be in good shape,” Purse said.

He said it’s important to set up the eSIM and mobility service before you get to your destination, because if you’re scrambling to set that up on a public Wi-Fi network once you land, you’ll just put yourself at risk.

One caution he adds about using an eSIM is that it’s only as secure as the network you’re connecting to.

“Some countries monitor the networks all the time. So, stuff that’s on those networks is open season,” he said.

He recommends looking at Canada’s travel advisory page for your destination to check for security warnings, which may include notices about cybersecurity risks in those places.

There is more information about using data plans outside of Canada on the Travel Canada website.