ExpressVPN has published research showing many Australian football fans would trust public Wi-Fi networks based on their names alone. The findings suggest Australians are more cautious than respondents in five other countries.
The survey found that 65.8% of Australian respondents would be likely to connect to a public Wi-Fi network if it used the name of a venue or event they were attending, such as a stadium, hotel or airline. Across the six markets surveyed, nearly three in four said they would trust and connect to such a network.
Only about a quarter of Australian fans said they could identify a fake network. Even so, more than half said they would trust a venue-named network because it appeared to be provided by a hotel, stadium or airline.
The study surveyed 6,000 football fans in Australia, the United States, the United Kingdom, France, Germany and Spain, with 1,000 respondents in each market. All said they followed football either closely or casually.
Risk and behaviour
The data points to a gap between awareness of cyber risks and everyday behaviour. In Australia, 75.8% of respondents said connecting to public Wi-Fi at places such as stadiums, airports and bars is risky, yet many still use those networks for convenience.
That use goes beyond checking scores or team news. Among Australian fans, the most common activity on public Wi-Fi was logging into social media, cited by 44% of respondents, followed by accessing email at 19.4% and buying tickets, food or merchandise at 18.5%.
More than half of Australian respondents, 56.9%, said they were willing to share personal details over public Wi-Fi. That included 35.2% willing to share an email address, 17.1% a full name, 5.1% social media credentials and 1.7% payment details.
Streaming was another common use case. Just over a third of Australians, 34.4%, said they had streamed live matches or sports content on public Wi-Fi, while 19% said they would still do so even if they knew the network might not be secure.
Incidents reported
The research suggests some users have already encountered problems. Just under a third of Australian fans said they had experienced phishing scams, fraudulent charges or hacked accounts at major sporting events.
Phishing or scam messages and emails were the most common issue, affecting 19.3% of Australian respondents. Suspicious or fake streaming websites and apps followed at 14.4%.
The report warned that cybercriminals often use major live events to launch phishing attacks, fake streaming platforms, fraudulent ticket offers and public Wi-Fi networks that mimic legitimate venue connections. It said these risks can follow fans throughout a match-day journey, from hotels and airports to bars, train stations and stadiums.
Gen Z exposure
Younger respondents stood out in the findings. Across all markets, Gen Z participants were more likely than older groups to accept security risks to stay connected during matches and tournaments.
In Australia, 22.4% of Gen Z respondents said they would use public Wi-Fi to follow a match even if they knew it might not be secure. More than a quarter of Australian Gen Z respondents, 28.21%, said they had handed over personal information such as an email address or phone number to access Wi-Fi or sports content during a match or tournament.
Age also appeared to influence willingness to share data. Nearly 62.8% of younger fans said they would enter personal details to get online, compared with 38% of those aged 62 and over.
Travel touchpoints
Hotels were the most common place where Australian fans said they used public Wi-Fi, cited by 51.2% of respondents. Airports followed at 31.5%, with pubs and restaurants at 17.9%, train stations at 12.8% and stadiums at 9%.
Those figures suggest the exposure extends well beyond the sporting venue itself, particularly when fans travel. The report linked that pattern to supporters moving through accommodation, transport hubs and hospitality venues while following live sport.
Aaron Engel, Chief Information Security Officer at ExpressVPN, said the ease of setting up a convincing fake network made familiar branding a weak point for users.
"Cybercriminals don't need sophisticated tools to target football fans. They just need to name their network 'Stadium_Guest_WiFi' and wait," Engel said.
"Our research shows nearly two in three Australians would connect to a venue-named network without thinking twice, and once they do, they're logging into email, banking apps and social media - from the hotel to the stadium. Brand trust has become a vulnerability malicious actors are keen to exploit, and the World Cup, with millions of fans travelling to stadiums across three countries, is the biggest opportunity attackers have had in years.
"Australians should be wary of phishing scams, fake streaming platforms and fraudulent ticket offers. If it looks too good to be true, it probably is. The irony is that protecting yourself doesn't require sophisticated tools either - a VPN takes seconds to switch on and makes you a significantly harder target. Attackers rely on fans doing nothing. Don't make it that easy for them."