10 Tips To Protect Your Phone From Hackers At The Airport

Most people think hackers only target computers. However, with the advancement of technology, most modern smartphones can rival the capabilities of entry-level laptops. Hackers have now set their sights on airport travelers in particular, as unsecured free public Wi-Fi is an easy gateway into your phone.

Phone hacking, therefore, occurs when a cybercriminal infects your device using malicious software that can steal or compromise personal data. Unfortunately, this includes everything, from photos, and login details, to banking information. Once the hacker is inside, they can transfer any file, authorize financial transactions, or impersonate you on social media platforms.

The airport is an ideal place to institute a hack because you're most vulnerable and unaware. After all, weary travelers aren't going to be monitoring their personal data and private information as closely as they should. By the time you land in another state or country and realize what has occurred, it might be too late. 

But all is not lost, there are ways to stay safe and prevent this from happening to you. Here are our top 10 tips to protect your phone from hackers at the airport!

Verify free public wi-fi

Nearly all airports offer free public Wi-Fi to those traveling abroad. While free internet might seem great at first, it does come with an increased risk of hackers infiltrating your phone. The most frequent public Wi-Fi hacking technique is called twin or false hot-spotting. The names intertwine, but the underlining principles of the hack remain the same.

Cyberthieves will start off by setting up a public Wi-Fi connection that looks official. This might be the name of the actual airport itself, or, a recognized restaurant or store that you're familiar with. The false or twin hotspot may be named something along the lines of ATL Free Wi-Fi, or McDonald's 2. Once you've logged into their malicious Wi-Fi connection, the hackers will then start monitoring usernames, passwords, and private data that you type or view while you're connected to the web.

The best way to protect yourself from a public Wi-Fi hack is to verify the connection with a staff member at a nearby establishment. An even better option would be to choose a public Wi-Fi connection that is password protected. You'll often find the exact Wi-Fi name and password on a nearby noticeboard, which would guarantee you've chosen the correct internet connection.

Alternatively, consider paying for a public Wi-Fi connection. Why would you want to pay for Wi-Fi you may ask? Well, the network is going to be much less crowded, and your internet speed will remain lightning fast.

Use a VPN and an antivirus software

While most phones provide some level of built-in security, the best way to keep your data safe is by utilizing a VPN (a virtual private network) and trusted antivirus software. A VPN protects your phone by hiding your IP address and encrypting all the data you exchange with the server. In other words, all of your sensitive data will be transmitted safely, and hackers won't be able to see what you're doing.

A VPN probably sounds like the ultimate airport security solution right? Well, in most cases yes, it will shield the majority of travelers from the scavenging eyes of cyberthieves. With that said, a good VPN isn't free and can cost approximately $10 a month. If your travel is work-related, you may be able to ask the IT department to secure all your internet devices at the cost of the company.

Now, depending on whether you've accidentally downloaded a harmful file from the internet, or, your free VPN has let you down, the next best defense is an antivirus app. Antivirus software will detect any suspicious activity on your phone and remove it before it accesses your important information.

There are various mobile antivirus apps available, but once again, you should make sure you're working with software from a brand that's well-established and reviewed. A trusted brand such as Norton 360 would be a great example. 

Avoid public USB charging stations

In 2019, tech company Asurion published research that showed Americans check their phones 96 times a day — or once every 10 minutes on average. The same research suggested that users aged 18 to 24 years old used their phones twice as much as the national average. If you're a traveler waiting for an airplane at an airport, these numbers will likely skyrocket even further.

Airport officials are aware that battery life is essential while traveling, and the most forward-thinking airport designers have, by now, begun incorporating a selection of charging stations at all heavily-trafficked terminals.  These open electrical outputs allow users to recharge their phones quickly but also create an opening for hackers to employ their juice jacking plan. According to the Los Angeles District Attorney's Office, juice jacking is executed when a criminal creates a fake USB charging station at an airport with the intention to load malware onto an unsuspecting victim's phone.

While you may think your phone is charging, the cyberthief is actually stealing information from your phone or infecting your device in the hopes of later spying on your private usernames and passwords. Avoid plugging your USB cord into a public USB port on one end and your phone on the other. 

Instead, using your own charger in a standard AC power outlet bypasses the juice jacking issue altogether. You could also use your own USB power bank. International flights occasionally have AC power ports onboard, but you'll still need your own charging plug, and the ports are never really guaranteed to function properly — on the majority of the flights we've taken in the last half-decade, anyway.

Avoid sensitive websites

According to Statista, 263 million Americans regularly shop online as of 2022 — that's nearly 80% of the population. If you're an avid shopper, chances are you'll want to pass time at the airport by searching for potential deals. Having said that, if you're on free public Wi-Fi, we strongly advise against this.

As previously discussed above, free public Wi-Fi is an easy way for hackers to get access to the information stored on your phone. If you have chosen to connect to the free public Wi-Fi anyway, you should avoid sensitive websites. These include websites that ask for banking information in order to facilitate financial transactions, shopping sites, social networks, and basically any other website that requires login info.

Sensitive websites also expand to those that use personal data. Any website that requests your name, address, or social security number can put you at risk of identity theft. Hackers can use this information to create fake social media profiles or answer security questions to attain passwords to services you might not even visit during your trip. 

Should the situation arise that you're already automatically logged into a sensitive website, it's important that you log out immediately and disconnect from the web. Once you've done that, reconnect to a secure web connection (mobile internet or private Wi-Fi) and set a new password for yourself as fast as possible. 

Use Two-factor authentication

What happens if a hacker already has access to your phone, username, and password? Although this might seem like the end of the world, there is another security measure in place that can provide a safety net to your compromised device. Enter Two-Factor Authentication (2FA).

2FA will force you to provide an extra piece of information once you have logged into your chosen account. 2FA can be enabled on most mobile applications within the Security and Account Access setting. There are three types of 2FA categories, but they all provide the same function, ensuring that the person accessing the account, is really the account owner.

Whether you enable 2FA via a social media account, Google, or a banking institution, you'll likely come across one of the three available categories. This will be something you know, something you have, and something you are. Something you know might be an answer to a secret question. Something you have could be a message sent to your phone or an alternative email address. Something you are includes biometrics elements like your fingerprint or photo ID.

A 2FA that includes a secret answer or a fingerprint scan is likely your best option when phone security is your top priority at the airport. An SMS prompt or email 2FA might be accessible to hackers depending on the extent of control they have over your phone. Nevertheless, 2FA is easy to enable, and a great solution to ward off cybercriminals.

Be careful of suspicious emails or messages

Generally, your email service should catch most spam or phishing emails and send them to your spam folder. These emails are often easy to spot — for example, a stranger telling you that you've won the national lottery, or an executor informing you that you're entitled to an amazing inheritance. Unfortunately for weary travelers, airport hackers are becoming better at their game.

If an airport hacker has somehow found your email address or phone number while you're at the airport they can use it to their advantage. Spam or phishing emails at the airport can be set up professionally, include the airline logo, and have a legitimate-looking email address to match. They'll often request you to log in to confirm an action or verify your flight booking by clicking a link. 

With an unfortunate combination of jet lag and fatigue, what are the chances you'd identify a fake email from the exact airline you're about to fly on? Probably slim to none, and that's how fast an airport hacker can get you to click a malicious link. Nevertheless, there are some safeguards you can follow to protect yourself.

Avoid opening suspicious emails, including emails or messages that have a weird title, emoji, or font. It's always important to inspect the email addresses of incoming communications, especially when you're out and about. Close inspection of an email address from a malicious entity often reveals a missing letter, a misspelled word, an extra number — anything even the slightest bit strange or suspicious-looking. 

If you discover that a malicious or otherwise misleading email has reached your standard inbox (and has not been stopped by your email service's automatic safeguards), be sure to flag the email as "spam." This will give your email service's system a better idea of what to watch for and block in the future. 

Turn your notifications on

Most apps have a Security Notification feature that you can enable. This feature will let you know if there have been any unusual log-ins from new devices. If a hacker has stolen your login details, you can then be notified if your account has been compromised.

These security notifications also extend to banking services and credit cards. Similar to an app, you can enable a notification to inform you when any amount of money enters or exits your account. We'd also suggest pairing this strategy with a Two-Factor Authentication (2FA) to avoid any possible form of financial transaction fraud.

It's also important to note that you should be careful when granting app permissions. Once you have allowed the security notification setting, the app may ask for your phone number, location, contacts, or the ability to use your gallery. Only allow what you believe is necessary, as it could become a privacy issue later on if a hacker gains access to the app.

Airports are loud, so we would also advise making all security notifications vibrate on your phone. This way, you won't miss anything and you'll be able to take action immediately. On top of that, it's probably a good idea to know how to cancel or freeze your credit card should the situation arise. 

Use secure websites only

Websites that utilize an SSL (Secure Socket Layer) are becoming an industry norm. SSL is a standard security technology that secures the information that is shared between your phone's browser, and, the website you are interacting with. If a hacker gains access to your phone, SSL encrypts the information sent/received by you and the website, making it unreadable to prying eyes.

According to the University of Wisconsin-Madison, there are two ways to know if the website you're about to visit is considered secure: HTTPS and a padlock icon. Look at the website's URL and check for the letter S. A secure website URL will start with HTTPS, with an emphasis on the letter S as this indicates that the website is using an SSL certificate. You may find website URLs that start with HTTP, without the S – in general, these are no longer regarded as secure.

Look for a padlock next to the URL. The lock symbol is found on the top left of your phone's browser, usually in the same line as your URL. The padlock confirms that the website is secure and the information is encrypted.

With the above considered, you should still be wary when visiting any kind of website at the airport. A secure website that uses an SSL can still technically give away your private info if your device is compromised by keylogger malware. That's where your trusty antivirus software can come in and ensure your system is clean and ready to browse the web.

Create a personal hotspot

Throughout the article, we have outlined the dangers and risks associated with free public Wi-Fi. A solution to safe and secure internet can therefore come in the form of a portable 4G router. With the ability to create your own hotspot, you can then access your own internet and be confident the network isn't at risk to a hacker — provided you have created a complex password of course.

Alternatively, if you are traveling with a friend, you can also ask them to make their own phone a mobile hotspot for you. We'd advise asking them if they have an unlimited data plan, just in case you end up running up their phone bill. If everything is A-OK, you can follow these steps on how to create a hotspot for Android or Apple products:

For Android Phone Connections:

  1. On your friend's phone, swipe down from the home screen and tap Hotspot.
  2. On your own phone, open Wi-Fi Options, and select your friend's Hotspot Name.
  3. Enter your friend's Hotspot password, and then tap Connect.

For Apple Phone Connections:

  1. On your friend's phone, go to Settings, Mobile Data, Personal Hotspot, and activate.
  2. On your own phone, go to Settings, Wi-Fi, and look for your friend's Hotspot name.
  3. Select the Wi-Fi network, and enter the password.

Download and update apps from a trusted platform

Most users who turn off their phone's auto-update feature do it to preserve space, or because they simply prefer the current version of their app or operating system. While updates to apps and operating systems can be a fuss, they often include new security features to protect users from hackers. This is especially important for apps that deal with money or personal information.

Similar to a phishing email, hackers can also send you a fake notification that says your app needs to be updated. If you've ever visited an unsecured website, you've probably come across a fake WhatsApp or Messenger update pop-up. Once you tap the screen prompt in your internet browser, malware can then be downloaded onto your phone.

The only secure way to update your apps is through the platform where you downloaded the app in the first place. Those using Android should visit the Google Play Store with some exceptions, while iPhone should always update apps using the Apple App Store. In terms of apps that are not found on the official Google or Apple app stores, we'd strongly recommend using your antivirus software. Scan the app and make sure it's safe before you start inputting your private information.

How can I tell if my phone has been hacked?

The most common warning signs you can look out for when your phone has been hacked include constant pop-ups, higher-than-usual data usage, reduced system performance, random texts, random calls, and the appearance of apps on your device that you don't remember downloading in the first place.

If your phone has suddenly started increasing its data usage, a hacker may be accessing your information while you're away. Furthermore, try checking your data usage settings on your Android or iOS device (Settings, Cellular, scroll to check the list) to discover the exact apps that may be compromised. Reduced system performance can come in the form of apps not responding properly, or your overall system slowing down. If your phone's battery seems to be draining at a high rate, even while it's sitting idle in your pocket, something may be amiss. 

Take a scroll through your messages or call log, and look for any texts or calls that you do not recognize. This includes messages sent via social media apps, too. Hackers won't always stop with you. If they have the opportunity to use your device to pull others into their web of deceit, they'll do so. 

How do I secure my phone?

If you've been the unfortunate victim of a phone hack at the airport, there may still be time to save your personal information and prevent further damage. To secure a compromised smartphone, you'll want to go ahead and reset the whole thing. A clean factory reset will return your phone to its original state. Just make sure you create a backup of all your photos, contacts, and important data.

If you're not worried enough to fully reboot, start by deleting any newly installed apps you don't recognize. Additionally, try not to open them, as this could be a trap that activates a malware attack.

In all cases — even if you find yourself just a tiny bit suspicious of malicious behavior on your phone, you should change your passwords. Make certain your data connection is secure (with a non-public option, or mobile data), and reset your passwords. If a hacker gained access to your device in any way, chances are good that they automatically copied any and all of your passwords and login information. Unless you used a password manager, of course.