In the age of social media, our lives are often lived in public, from pre-trip selfies to picturesque vacation snapshots. However, a seemingly innocent photo of your boarding pass can expose you to a range of cybersecurity risks that many travelers remain unaware of.
What information can cybercriminals steal?
When you are excited about a trip, it can be hard not to share plenty of photos of your travels on social media. Even so, significant cybersecurity risks lurk, particularly when boarding passes are involved.
Robinson Jardin, the head of social media and digital for NordVPN, told Forbes that travelers should avoid sharing too much vacation-related information online. As Jardin highlights, one of the biggest issues lies not with personal information typed out on a boarding pass, but within barcodes.
“When it comes to boarding passes, the real issue is barcodes. They can be read by pretty much anyone with free software online.”
Modern airline boarding passes commonly feature barcodes or QR codes that store a wealth of information. Beyond personal identification and contact details, these codes often contain your reservation number, frequent flyer ID, and sometimes even your passport or driver’s license number.
What can cyber criminals do with that information?
Once hackers gain access to this information, they can manipulate flight bookings, engage in identity theft, and even employ social engineering tactics. This treasure trove of data can be used to launch targeted scams or sold on the dark web, where it becomes fuel for further identity theft, unauthorized purchases, and other sinister cyber activities.
The most sensitive information obtained from a boarding pass image includes the Passenger Name Record (PNR) and frequent flyer number. Armed with the PNR, hackers can access passengers’ airline accounts and even alter or cancel flights without needing to crack passwords. Beyond the digital realm, publicizing vacation plans can also lead to physical security threats like burglaries targeting unoccupied homes.
How can travelers protect themselves?
To counter these threats, travelers have several ways they can protect themselves. The best and safest option is to simply avoid posting travel photos while still on a trip and to avoid sharing images containing boarding passes altogether.
Beyond that, opting for mobile boarding passes or securely discarding printed passes can also help mitigate the risks of information exploitation. Even so, digital boarding passes aren’t impervious to compromise, and if a photo containing a boarding pass must be shared for some reason, the sharer should blur identifying details and delay any sharing until returning home.
Even seemingly minor details can be exploited by cross-referencing public records and data breaches. Protecting oneself against social engineering attacks is paramount. This requires vigilance and a thoughtful and disciplined approach to what gets shared online. Beyond online sharing, customers should be alert in all their travel dealings, as scammers are continually finding new ways to target people for personal information or money.
What other cybersecurity travel risks should people be aware of? How can travelers better protect themselves and their sensitive information while away from home? Let us know in the comments below.