From Kick-Off to Check-Out: Keeping Your Digital Life Safe at Major Events
Author: Morten Peachey
At the world’s biggest sporting gatherings, your digital security deserves as much attention as your travel plans. Your phone, laptop and tablet will often be the first things you pack when travelling, essential and reliable companions that help you stay connected. Yet at major global sporting events, from the World Cup in the USA to the F1 Grand Prix, these same devices can become particularly vulnerable.
As large numbers of visitors gather in one place, cyber‑criminals, state actors and opportunists recognise a moment when defences are down and distractions are high. And it’s your personal data, your identity and your privacy that can be targeted.
A New Reality: Travel Destinations with Invisible Digital Risks
International sporting events attract sophisticated cyber‑threat actors who know that high‑value individuals often travel with sensitive information, rely on unfamiliar networks and are typically less cautious when away from home.
In some host countries, the digital landscape operates differently to the UK. Local regulations, surveillance practices or simply the volume of public networks can create environments where your devices are more exposed than you might expect.
Depending on the location, officials may also review elements of your digital footprint as part of their entry process. This can include requests to look at your devices or activity such as emails, messages or social media, either before you travel or when you arrive.
Optimal Conditions for Cyber‑Threats
Global sporting events create a perfect mix of conditions that make your devices, and the information on them, more exposed than usual. Threats include:
Unsecured Public Wi‑Fi
A lot has changed since the 2010s and before. Devices today are significantly harder to compromise, which means attacks are more complex and costly to carry out. At the same time, the underlying protocols that support the internet have improved. Widespread HTTPS, HSTS protections, certificate pinning, and stronger browser and operating system defences all contribute to a much more secure baseline.
That said, public spaces like airports, hotels, stadiums, and fan zones still rely heavily on large, open Wi‑Fi networks that are free and easy to join. While most people don’t need to worry about connecting to public Wi‑Fi, there are still some residual risks worth understanding.
The good news is that applying common sense and maintaining good cyber hygiene across your devices and accounts will mitigate the majority of these risks. That leaves a small number of considerations you should still keep in mind:
There is still a small risk of credentials being captured through a malicious captive portal. In practice, anyone using phishing‑resistant multi‑factor authentication is well protected. It’s also worth noting that this type of attack is often easier for an attacker to carry out remotely rather than on-site.
While protections like HSTS preloading have largely addressed this issue for popular websites, there remains a residual risk when visiting a site for the first time on an untrusted network, where initial connections could be intercepted.
The UK benefits from generally strong website security standards. However, less well-maintained or niche websites may not be as well protected, which could create opportunities for a malicious Wi‑Fi network to intercept data.
If you’re using a laptop, make sure your firewall profile is set to “public”. This reduces the attack surface and limits exposure to other devices on the same network.
Keep your devices, browsers, and applications up to date to ensure you benefit from the latest security fixes and protections.
Crowded Spaces and Physical Access
Busy transport hubs and event venues can make it easier for a device to be stolen or briefly handled by someone else. Even a short lapse in attention, placing a phone on a table while paying, leaving a bag unattended, or handing a device to someone who appears to be staff, can create an opportunity.
Modern smartphones and tablets are well protected against rapid technical compromise. It is very difficult for an attacker to install malicious software on a locked, up‑to‑date device in a matter of seconds.
The more realistic risk in these environments is opportunistic access. If a device is unlocked, an attacker may be able to quickly view emails, messages, or other sensitive data, or take copies of information. You could also potentially open yourself up to paired device attacks for common messaging platforms such as WhatsApp and Signal. Using Registration Lock and 2-step verification can help prevent this kind of attack. In some cases, simply observing a passcode being entered can also enable further access later on.
In crowded settings, attackers rely far more on distraction and social engineering than advanced technical methods. Maintaining control of your device, using strong unlock methods, and being mindful of who handles it will reduce the vast majority of this risk.
Surveillance and Data Collection
Some countries operate more extensive digital monitoring than others, and expectations of privacy can vary significantly when you travel.
In certain destinations, authorities may inspect devices at borders, and local apps or services can request broad permissions such as access to contacts, location, or files. While these apps are not necessarily malicious, they can enable ongoing data collection once permissions are granted.
Public Wi‑Fi networks and captive portals may also collect device and browsing information, sometimes using tracking that persists beyond a single session.
For most travellers, the risk is not covert ‘hacking’ but the gradual accumulation and sharing of personal data across apps, networks, and services. Being selective about what you install, what permissions you grant, and what networks you trust will significantly reduce this exposure.
Sharing a sunset from your villa or tagging yourself at a favourite restaurant can feel completely harmless. Yet for someone with the wrong intentions, these posts offer valuable clues. Location‑tagged content can reveal where you are, where you’re staying and, importantly, where you’re not - information that can be used to target you or your home while you’re away.
AI Driven Phishing and Fake Ticket Campaigns
There is likely to be an increase in AI‑driven phishing scams and fake ticket campaigns, particularly around major events. These are becoming far more convincing, using realistic branding, accurate event details, and even personalised messaging to build trust quickly.
Attackers are now able to replicate legitimate emails, booking confirmations, and customer service interactions at scale, making it harder to distinguish between genuine and fraudulent communications. In some cases, fake ticket platforms or resale sites can appear identical to trusted sources, leading to financial loss and potential exposure of personal data.
Taking a moment to verify links, purchases, and communications, especially when under time pressure, remains one of the most effective ways to reduce this risk.
Next Steps
coc00n gives you the confidence to fully enjoy the atmosphere, the sport, and the experience- without worrying about the digital risks in the background. While you focus on the moment, we focus on protecting your privacy.
From device protection and incident response to travel guidance and disaster recovery, we provide the support you need before, during, and after your trip. You’ll also have access to our Cyber Concierge service, giving you expert support whenever you need it. Get in touch to find out more.
About the author
Morten Peachey is coc00n’s Chief Information Security Officer. He spent nearly 10 years working for the UK's National Cyber Security Centre working on Zero Trust Architecture principles and facilitating secure working in high threat locations.