It’s been a while since we’ve double-tapped on an arty photo of a friend’s boarding pass, but with the news of a travel bubble finally opening between Australia and New Zealand, not to mention the prediction of more travel bubbles to follow, you can bet the cliché snap will reappear on your feed soon.
You yourself may be excited to capture that pic of your own boarding pass — holding it up to the plane window in a wistful manner, glass of bubbles in hand, as you head off on your first international trip post-pandemic.
But doing exactly that can result in your details being scammed, and in some cases, your money stolen. Here’s how.
While your boarding pass may look to you like an arbitrary series of numbers and codes — flight numbers, time and date stamps, gate numbers — the documentation also holds some key information about you, too. And not just your full name.
Your boarding pass gives hackers an easy way into your frequent flyer account. According to Forbes, all a hacker needs to access and log into your account is your booking reference number, full name, and your frequent flyer number, all of which are printed right there on your boarding pass.
Someone looking to mess with you can then view your booking itinerary, change or cancel your flights. They may be able to view details about your ticket purchase, like the date you purchased your flights, or even the last four digits of your credit card.
Depending on the airline, a hacker may be asked a few basic reset questions to access your full account, but Caleb Barlow, president and CEO of cybersecurity consulting firm CynergisTek, says a scammer could quite easily find out this information from you from your social media accounts.
From there, they may choose to sell your hacked account, transfer your hard-earned points into another account, or redeem them on hard-to-trace items like gift cards. And since we tend to check our rewards accounts far more infrequently than a bank balance, it could be months or even years before you even notice a theft like this has taken place, by which point there’s very little you could do.
The takeaway: “You should think of your frequent flyer number like a credit card or a bank balance,” Barlow tells the publication. “Would you carelessly throw away a piece of paper with your credit card number and your name on it? Of course not.”
Just in case you thought covering your frequent flyer number was enough to safeguard you, you should know the barcode presents an additional way for hackers to dive into your data.
Basically, any online barcode reader can scan and read the barcodes on a printed boarding pass, and instantly bring up passenger details including a full name, booking reference, ticket number, frequent flyer number and more.
So yes, it’s unwise to post a pic of your boarding pass on Instagram, but it’s also just as silly for you to leave it behind on the plane or even discard it without shredding, cutting or ripping it up.
As a second level of protection, it’s best to turn two-factor authentication on for your frequent flyer account, and use mobile boarding passes (not printed) for future travel.
Read more stories from The Latch and subscribe to our email newsletter.