diff --git a/FAQ.md b/FAQ.md
index 62b3653..e225354 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -1,9 +1,20 @@
+### Clients are not automatically connected to the fake access point
+This is a social engineering attack and it's pointless to drag clients in automatically. The script relies on the fact that a user should be present in order to enter the wireless credentials.
-## Where is the handshake location?
+### There's no Internet connectivity in the fake access point
+There shouldn't be one. All of the traffic is being sinkholed to the built in captive portal via a fake DNS responder in order to capture the credentials.
+
+### I need to sign in (on Android)
+This is how the script works. The fake captive portal is set up by the script itself to collect the credentials. Don't freak, it's all okay.
+
+### The MAC address of the fake access point differs from the original
+The MAC address of the fake access point differs by one octet from the original in order to prevent fluxion de-authenticating clients from itself during the session.
+
+### Where is the handshake location?
You can find every saved handshake in:
```fluxion/attacks/Handshake Snooper/handshakes```
-# Where is the temporary folder?
+### Where is the temporary folder?
You can find that folder in:
Fluxion 3
```/tmp/fluxspace```
@@ -11,4 +22,4 @@ Fluxion 2 and older
```/tmp/FluxTemp```
-**Note:**
The folder get erased after exit. If the debug mode is on the folder get not erased.
\ No newline at end of file
+**Note:**
The folder get erased after exit. If the debug mode is on the folder get not erased.