Cyber crimminals can extract value from ussed boarding passes
eGlobal Travel News with Peter Needham 15 February 2016 - Once you’ve taken your seat on a flight, what further use is your boarding pass? To cyber criminals, a great deal – they can obtain much vital information about you, just by passing a smartphone over the pass.
Security experts say boarding passes, or to be accurate their stubs – the portion that remains after the gate agent takes the other section – should be kept with you, not carelessly dropped on the seat or left in the seat pocket in front of you.
To be safe, it’s best to subsequently destroy your boarding pass stub, not throw it away where it might be retrieved.
Many boarding passes include QR bar codes that can be used to extract much information of use to cyber criminals and identity thieves. They can find name, phone number, flight information and frequent flyer info in a second.
A recent investigation by USA Today sounded the alarm. It’s viewable on YouTube below:
Never post a picture of your boarding pass on Facebook or other social media, experts warn. Security analyst Brian Krebs, in his blog Krebs on Security, writes of someone who found such a picture, posted by a friend, and was able to decode the bar code quickly using a free online reader.
The information revealed included name, phone number, frequent-flyer number and flight information.
Even more alarmingly, according to Krebs, a cyber attacker can use the information to access an account, reset the PIN number used to secure the account – and thus gain control of it.