Holiday travel is rarely stress-free, but this year the pressure is intensifying. With delays mounting and terminals more crowded than ever, travellers are spending longer periods connected to public Wi-Fi, often without a second thought. Cybersecurity specialists warn that this combination of disruption and distraction is creating ideal conditions for digital crime.
In December 2025, the International Air Transport Association revealed that air traffic control delays across Europe have risen by 114 per cent over the past decade. The same pattern is being seen globally, raising concerns that this holiday season will leave millions stuck in airports and exposed on open networks.
Despite ongoing cost pressures, people are not cutting back on travel. A recent survey by Deloitte found that US consumers are more eager to travel than they have been for several years. In Europe, the European Travel Commission reports that 82 per cent of people are increasing their travel budgets, even though average overall spending per trip is slightly down year on year.
As passenger numbers rise, so do disruptions and risk. The UK’s cybersecurity agency has reported that highly significant cyber incidents have increased by 50 per cent for the third year in a row. At the same time, Fortinet has observed a 42 percent increase in compromised login credentials being offered for sale online.
In crowded terminals, public Wi-Fi often becomes the default way to check emails, boarding updates or accommodation details. According to security experts, this is exactly where attackers thrive.
One recent case in Australia highlighted just how simple these attacks can be. A man was jailed after setting up a fake Wi-Fi network on a domestic flight and capturing passengers’ login details, according to Australian Federal Police.
Experts from Planet VPN say these so-called look-alike networks are increasingly common in busy travel hubs, exploiting stress, fatigue and routine behaviour.
Konstantin Levinzon, co-founder of Planet VPN, says most of these attacks go unnoticed.
Public Wi-Fi, whether in airports, hotels or cafés, is often unencrypted and sometimes does not even require a password. This makes it easy for malicious actors to monitor browsing activity or hijack online sessions. Levinzon warns that the growing use of AI tools is allowing cybercriminals to accelerate these attacks, including those targeting Wi-Fi networks.
Even Google has advised users to avoid public Wi-Fi altogether. For many travellers, however, particularly during long delays or flights, it remains the only practical option.
The message from experts is not that public networks should never be used, but that they should be approached with caution and basic safeguards in place.
First, travellers are advised to use a VPN from a provider that does not store activity logs. A VPN encrypts internet traffic, creating a secure tunnel that prevents others on the same network from seeing what a user is doing online.
On an open network, activity can be visible to anyone with the right tools. Once a VPN is activated, however, data becomes unreadable to hackers, hotspot operators and even internet service providers. Levinzon adds that well-designed free VPN services can offer meaningful protection, provided they do not collect personal data such as email addresses or browsing histories.
Second, locking down a device takes only moments but can significantly reduce risk. Disabling automatic connections to open networks prevents devices from joining rogue hotspots in the background. Turning off file and printer sharing on laptops makes them harder to discover, while installing software updates before travelling closes known security gaps.
Finally, experts recommend treating public Wi-Fi as a read-only environment. Even with protection in place, risks such as phishing pages and malware remain.
Public networks should be used for low-risk activities such as browsing or checking messages, not for online banking, shopping or account management. Levinzon stresses that these habits should extend beyond holiday travel and into everyday life, alongside basic cyber hygiene measures such as strong passwords, two-factor authentication and regular updates.
As travel volumes continue to rise, so too does the need for awareness. Staying connected may be unavoidable, but staying careless is not.