From getting pickpocketed in Barcelona to being trounced over a 10-minute cab ride in Bali, we’ve all been duped at some point while travelling. But forget all that: a Forbes investigation has just shown that you can get scammed before even leaving the airport.
Even worse: a common precautionary measure we all take is actually for blame for this personal security breach. What is it? Printing your boarding pass. Sounds smart, considering how many of us fly by the seat of our phone battery, but cybersecurity experts say it is anything but.
In fact, they’re warning travellers to reconsider printing their boarding passes (for the short-haul flights where it’s possible to print your own, anyway), sticking to the digital ones sent to phones instead.
Why? According to Forbes, travellers who don’t shred their paper boarding pass – or who share them online – are making it easy for hackers to crack into their frequent flyer accounts and steal points which are then sold on the black market.
This is because, as Caleb Barlow, CEO of cybersecurity consulting firm CynergisTek, told Forbes, to break into a frequent flyer account, “all you need is your name, your booking reference number and your frequent flyer number,” – all of which are on your boarding pass.
“There could be a couple of basic password reset questions – but I might be able to get the answers to those just by looking on the web. And now… I’ve got your frequent flyer account.”
The Points Guy, a frequent flyer points expert, recently gave a similar warning, after Qantas chose to get rid of frequent flyer numbers from its boarding passes: “If given access to a boarding pass, hackers can see a plethora of personal passenger information: your frequent flyer number, name, and your six-digit PNR (Passenger Name Record) code — and voilà!”
“Not only can someone hack into your booking, but also other personal details such as the last four digits of the credit card you used to book. In theory, a hacker could move your seat or cancel your trip entirely.”
And as Escape.com.au reported on Wednesday, “Finder.com.au editor-in-chief Angus Kidman recently told news.com.au how he had 47,000 Virgin Velocity points stolen from his account that a hacker used to buy an overseas flight.”
In other words: your boarding class #humblebrag could cost you more than your social media reputation.