Fake Wi-Fi Captive Portal Scams on Public Networks
How attackers create fraudulent captive portal login pages on rogue Wi-Fi hotspots to harvest email addresses, passwords, and payment card details.
Part of: Fake Wi-Fi Captive Portal Scam
Last reviewed: 8 June 2026
Captive portals are the login or acceptance pages that appear when you first connect to a public Wi-Fi network in an airport, hotel, or coffee shop. They are a familiar feature of public internet access. Attackers create fake networks with convincing captive portals that mimic legitimate venue Wi-Fi — complete with venue branding — to harvest the credentials and personal data that users type to 'sign in'.
Unlike an evil twin attack that passively intercepts traffic, a fake captive portal actively requests information. Victims willingly type their email address, password, and sometimes a payment card number — believing they are completing a normal Wi-Fi login or paying for premium access.
How this scam works on public wifi
An attacker sets up a rogue Wi-Fi hotspot in an airport or hotel, naming it to match or closely resemble the venue's network. When a traveller connects, a captive portal appears requesting the user's email and a password 'for their records', or their room number and surname, or a card number to verify identity. The design matches the venue's branding closely.
Information entered is captured by the attacker. Email-password combinations are tried against common services (credential stuffing). Card numbers entered to 'verify identity' or 'pay for premium access' are captured and used fraudulently. The victim is then given working internet access through the attacker's tether, so they have no immediate reason to suspect anything is wrong.
Common red flags
- Captive portal asks for a password from another service (email, social media) rather than venue-specific credentials
- Login page requests a payment card number to verify identity or unlock access
- Two networks with the same or similar name appear in the venue's location
- Portal design does not exactly match the venue's confirmed branding
- Venue staff cannot confirm the network name or portal process you experienced
How to protect yourself
- Verify the exact Wi-Fi network name and captive portal process with venue staff before connecting
- Never enter passwords from other services into a captive portal login form
- Never enter payment card details into a Wi-Fi captive portal — this is not a legitimate authentication method
- Use a VPN immediately after connecting to any public network
- Use mobile data for sensitive activities rather than public Wi-Fi where possible
How to report it
- Report a suspected fake captive portal to venue management and local law enforcement
- Report to your national cybercrime authority
- If credentials were entered, change passwords immediately and contact your bank if card details were input
Frequently asked questions
Do legitimate captive portals ever ask for passwords or payment cards?
Legitimate captive portals may ask for your email address as a login, a room number and surname for hotel Wi-Fi, or a payment for premium access via a payment processor. They should never ask for an existing password from another service. Any portal requesting your email password is fraudulent.