Flights are accompanied by a plethora of security measure these days. While these can prove frustrating they are often in place to ensure the passenger’s safety. However, there’s one thing passengers are asked to do that could prove very risky indeed. This is the latest travel advice.
If the paper boarding pass falls into the wrong hands there could be unpleasant consequences.
Rather than printing off the pass, the cybersecurity expert recommended downloading the digital version on your phone instead.
Caleb Barlow, president and CEO of CynergisTek, told Forbes: “All you need is your name, your booking reference number and your frequent flyer number. All three of those things are on the boarding pass.
“There could be a couple of basic password reset questions – but I might be able to get the answers to those just by looking on the web. And now I’ve got your frequent flyer account.
DON’T MISS
Barlow particularly warned globetrotters to never share pictures of their boarding pass on social media.
“If you print out a boarding pass and somebody picks it up, only one person is going to get your details,” he said.
“But when you put it on social media, you’re talking about thousands of people who now have your details.”
The barcode on boarding passes hides your full name, date of birth, flight number, source and destination airport, seat number and a six-digit PNR (Passenger Name Record) locator code, also known as a booking reference number.
It’s this PNR that contains a whole host of information about you and anyone you’re travelling with when accessed through the booking section of the airline’s website.
Details include: full name and date of birth, passport number and details, details of any car hire or hotel bookings made through the airline, email address and telephone number and last four digits of the payment card used and details of who paid for the ticket.
The PNR will also show any SSR (Special Service Requests) such as meal requirements and the reason why, as well as any disabilities or medical issues you have declared.
Savvy hackers can also access any frequent flyer miles passengers may have which can be sold on the dark web.
For instance, one website is selling 100,000 airline miles for around £680, according to Forbes.
Luckily there are ways to protect yourself. Firstly, avoid printing your boarding pass and don’t share images of the document on social media.
Secondly, enable two-factor authentication on your frequent flyer account to strengthen login security. Travellers should also be on the lookout for phishing emails.
Hackers can’t actually pay for anything when they gain this data nor can they alter the booking but they can use it to swindle you.
Forte writes: “Imagine you are an attacker. You know I have just flown from London Heathrow to Bangkok with British Airways for example. You know my return flight is in two weeks, I flew economy and that on the outbound flight I requested a vegetarian meal.
“You start to craft a malicious phishing email to me pretending to be British Airways: ‘If you require a vegetarian meal for your return flight too please click this link to order it now” or “your return flight to London Heathrow has been overbooked. As an important customer we would like to upgrade you to business class please click the below link to accept the offer.’”
