Discarded paper boading passes hide a goldmine of personal information invaluable to identity thieves. However, the majority of us take little or no care to prevent the data falling into wrong hands.
In fact, the scammers don’t need to get hold of the pass itself: they just need to see a photo of it – something that’s far easier to do than you might think, given the depressing modern trend for people to share pictures of their pass on social media in order to brag about an upcoming trip.
Security blogger Brian Krebs recently highlighted how data can be gleaned by scammers using a barcode reader, which is freely available online.
It’s by no means a new phenomenon, but it’s once again in the headlines as it’s peak holiday season for most in the northern hemisphere.
What data is at risk?
By taking a screengrab of a friend’s boarding pass on Facebook, Krebs was able to obtain his friend’s personal contact information, frequent flyer number and his flight record number, which could be used to view future bookings and even cancel flights.
The findings were similar to those flagged by blogger Steve Hui last year. He documented how he was easily able to access a passenger's logins, personal information and partial credit card details.
Now, it should be stressed that neither of the above tricks would enable a scammer to carry out an identity theft attack on their own, but it would let them get one step closer.
You could attempt to access the passenger’s full airline account details by requesting a password reset. This often requires you to answer a security question, but again this could be all too easy to suss.
In his example, blogger Krebs found his friend’s question was simply his mother’s maiden name – which could be gleaned from social networking profiles.
How to stay safe
As is the way with most scams, exercising even a modicum of caution can keep you safe. Treat your boarding pass as you would any other important documents.
Rather than simply dumping it in a bin at the airport or leaving it on a table at the first restaurant you visit – something we’re often guilty of doing – tear it into pieces and dispose of it in a few different places.
If you have a paper shredder at home, you could keep hold of it and get rid of it there.
Another solution is to simply get a digital boarding pass if possible, which you can show to security and the delete.
And finally, don’t post a photo of your boarding pass on social media.
If you insist on annoying your friends and family, at least cover the barcode and some of your details.