Why you should never share your boarding pass on social media
It's the classic pre-trip selfie. You take a picture of yourself with your passport and boarding pass, and then immediately share it on social media. Your family, friends and followers might like it.
"The risk of being hacked increases dramatically if you share too much information about your holiday online," says Robinson Jardin, head of social media and digital at NordVPN, a cybersecurity software company. "When it comes to boarding passes, the real problem is barcodes. They can be read by pretty much anyone with free software online."Get more news about
boarding pass manufacturers,you can vist our website!
The vast majority of airline boarding passes now contain barcodes or QR codes. "And there's a lot of information on those barcodes that hackers can use," says Jardin. In addition to personal identification and contact details, the code typically contains your reservation number and frequent flyer number. It may even include your passport or driver's licence number. This type of data can be sold on the dark web and ultimately used to steal the victim's identity, open credit card accounts or make unauthorised purchases.
Even heads of state can make cybersecurity mistakes. In 2020, former Australian Prime Minister Tony Abbott was hacked within an hour of posting an Instagram photo of his Qantas boarding pass. In this case, the hacker was benevolent and alerted Abbott to the potential security breach.
There's also a subset of hackers who are simply pranksters, using the information to play relatively harmless pranks, says Jardin. "Once you have that barcode information, you have the person's last name and reservation number. So you can go to the airline's website and cancel the return flight or change the return flight."
But most hackers have nefarious motives, especially when it comes to frequent flyer information. "If a hacker has access to your mileage points, it can be quite lucrative because the points don't necessarily have to be used for another flight," says Jardin, noting that many websites allow you to exchange mileage points for branded gift cards, essentially acting as laundromats for points thieves. Once those points are removed from your frequent flyer account and sold, they are virtually impossible to recover.
A common secondary type of attack is carried out through social engineering. "The hacker will pretend to be from the airline and either email or call the flyer, perhaps asking for credit card details to confirm the return flight," says Jardin. "Or the hacker might go in the other direction and call the airline pretending to be the traveller and provide information that was on the boarding pass barcode to gather even more information about the traveller."
