Brits are being warned how fraudsters could use boarding passes posted on social media to commit identity theft. Sharing seemingly innocent travel pictures may expose travellers to major security and privacy violations by giving hackers and fraudsters access to private data.
Richard Daniels, director of fraud at TSB, said fraudsters can use the personal information on boarding passes, such as names, passport number, date of birth, email and phone numbers, to “unleash a wave of nasty impersonation fraud”. He added that in some cases, scammers have even used the tickets and that fraudsters can use the personal information to follow up with a phishing attack.
Fraudsters attempt to steal people’s money or identity by tricking victims into revealing more personal information about themselves.
Attackers may try to uncover credit card numbers, bank information, or passwords, and cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.
Richard added that criminals may use personal information to take over a bank account, or even take over services and utilities in the victim’s name.
A study into the dangers of posting pictures online, published in Partners Universal International Research Journal, revealed “cybercriminals have the ability to modify flight reservations and even terminate them using the PNR (Passenger Name Record)”.
The PNR is a unique code that identifies a flight or train booking, and the study warned it could also provide access to confidential passport information “that may lead to identity fraud”.
Richard told The Sun that posting images with a QR code could also be risky because these could be used to create fake passes.
He strongly advised against posting pictures online of the passes, and to add them to the digital wallet on phones, because this requires biometric data, such as face recognition, to access.