ExpressVPN Report: Over 60% of Australian Football Fans Trust Wi-Fi Networks by Name Alone, Leaving Them Exposed for the 2026 World Cup

With an estimated 6.5 million people expected to attend matches during the 2026 World Cup, and millions more following the tournament online around the world, new research from ExpressVPN has uncovered a vulnerability that cybercriminals are ready to exploit: football fans are highly likely to connect to any public Wi-Fi network that looks legitimate. The […]

Data Security | Reports & Predictions | Security Awareness | Social Engineering

Posted: Wednesday, Jun 10

KBI.Media
$
ExpressVPN Report: Over 60% of Australian Football Fans Trust Wi-Fi Networks by Name Alone, Leaving Them Exposed for the 2026 World Cup

ExpressVPN Report: Over 60% of Australian Football Fans Trust Wi-Fi Networks by Name Alone, Leaving Them Exposed for the 2026 World Cup

With an estimated 6.5 million people expected to attend matches during the 2026 World Cup, and millions more following the tournament online around the world, new research from ExpressVPN has uncovered a vulnerability that cybercriminals are ready to exploit: football fans are highly likely to connect to any public Wi-Fi network that looks legitimate.

The survey of 6,000 football fans across Australia, the United States, the United Kingdom, France, Germany, Spain found that nearly three in four people would trust and connect to a public Wi-Fi network if it used the name of a venue or event they were attending, such as ‘MetLife_Stadium_WiFi’ or ‘MCG_Stadium_WiFi’, showing how a recognisable name is often all it takes to get fans to connect. In Australia, just under two-thirds (65.8%) said they would be likely to connect to these networks making Socceroos fans the most vigilant among the countries surveyed. The problem is that cybercriminals know this too, and setting up a convincingly named malicious network requires very little technical skill.

Yet in the same survey, only three in 10 Australian fans said they could distinguish between a legitimate public Wi-Fi network and a fake one – and despite this, over half said they would trust a venue-named network simply because it appeared to be provided by a hotel, stadium, or airline.

Once connected, fans are doing far more than checking scores. Across all six markets, fans reported logging into their social media accounts, email, and banking apps on stadium Wi-Fi and making purchases. For Australian fans, the most common activity was logging into social media (44%), followed by accessing emails (19.4%), and 18.5% using it to purchase tickets, food or merchandise.

Every login, transaction, and message sent on an unverified network is an opportunity for malicious actors to exploit. Many fans have already found that out the hard way. In Australia, just under a third of fans reported experiencing phishing scams, fraudulent charges, and hacked accounts at major sporting events – with phishing or scam messages and emails being the most common (19.3%), closely followed by suspicious or fake streaming websites and apps (14.4%).

Fans know the risk. They connect anyway.

The research reveals a clear gap between awareness and behaviour. In Australia, three in four fans (75.8%) acknowledged that connecting to public Wi-Fi at venues like stadiums, airports, and bars is risky – yet convenience consistently wins out. More than half (56.9%) are still willing to share personal details over these networks, including their email address (35.2%) and full name (17.1%) – and a small number would even hand over social media credentials (5.1%) or payment details (1.7%).

When the match is live, caution gives way to convenience even more. Just over a third (34.4%) of Australians have streamed live matches or sports content on public Wi-Fi, and nearly one in five (19%) said they would still do so even knowing the network might not be secure. At the World Cup – the biggest live sports event on the planet – that means millions of fans connecting to unverified networks simultaneously, across stadiums, airports, and hotels spanning three countries.

Gen Z: The most exposed generation.

That behaviour is especially pronounced among younger fans. Across all surveyed markets, Gen Z respondents were consistently more likely to take risks to stay connected online. In Australia, 22.4% of this demographic said they would use public Wi-Fi to follow a match, even if they knew it might not be secure – albeit much lower than the United States (47.7%), UK (38.7%), France (30.9%), and Germany (23.9%), but consistent with a generational pattern of prioritising connectivity over caution.

Australian Gen Z respondents are also likely to have entered personal details to get online in the first place. Over a quarter (28.21%) said they had handed over personal information, such as an email address or phone number, to access Wi-Fi or sports content during a match or tournament. That trust drops sharply with age: nearly two in three younger fans (62.8%) would enter personal details to get online, compared to just over one in three (38%) of those aged 62 and over.

For cybercriminals, this creates an ideal target: younger fans who are highly connected, comfortable entering personal information, and more willing to accept online risks in exchange for instant access to matches, streams, and live updates. Cybercriminals often take advantage of major live events by launching phishing scams, fake streaming platforms, fraudulent ticket scams, and fake public Wi-Fi networks designed to mimic legitimate venue connections.

Where Australians are most at risk

The risk isn’t confined to the stadium this World Cup. Australian fans are logging into personal and sensitive accounts – including email, banking, and work accounts – across every stop of their match-day journey. Hotels are the most common location (51.2%), followed by airports (31.5%), pubs and restaurants (17.9%, train stations (12.8%), and stadiums themselves (9%). With the World Cup spanning three different countries and requiring some fans to travel internationally, that exposure increases at every step – from check-in to kick off.

“Cybercriminals don’t need sophisticated tools to target football fans. They just need to name their network ‘Stadium_Guest_WiFi’ and wait,” said Aaron Engel, CISO at ExpressVPN. “Our research shows nearly two in three Australians would connect to a venue-named network without thinking twice, and once they do, they’re logging into email, banking apps, and social media – from the hotel to the stadium. Brand trust has become a vulnerability malicious actors are keen to exploit, and the World Cup – with millions of fans travelling to stadiums across three countries – is the biggest opportunity attackers have had in years. Australians should be wary of phishing scams, fake streaming platforms, and fraudulent ticket offers – if it looks too good to be true, it probably is. The irony is that protecting yourself doesn’t require sophisticated tools either – a VPN takes seconds to switch on and makes you a significantly harder target. Attackers rely on fans doing nothing. Don’t make it that easy for them.”

Using a VPN on public Wi-Fi can help encrypt internet traffic and reduce the risk of interception when connecting through shared or unfamiliar networks while traveling or attending live events.

To read the complete findings, visit: https://www.expressvpn.com/blog/football-fans-stadium-wifi-risk-survey/