Exciting, fun, and fabulous! Those words only begin to describe the joys of an upcoming trip. Getting caught up in the whirlwind is easy and so is sharing a snapshot of your boarding pass online. Cybercriminals love finding boarding passes and itineraries posted on public platforms like social media, and what they can do with that information is, well, criminal. Nothing puts a damper on a vacation like finding your identity stolen and even worse, that you may have helped.

Boarding pass details enable several cybercrimes that can target you before, during, and after a trip. Your Personal Identifiable Information (PII) like legal name, address, and ticket number are all displayed and so is your passenger name record (PNR). A PNR is a six-digit numerical code representing an extensive digital file on the traveler. That file is available to a hacker who knows how to get it.

The personal data in a PNR includes all contact info (name, address, phone, email), frequent flyer and bonus miles info, travel itinerary, credit card numbers, and billing data. It’s all in a hacker’s possession thanks to posting an innocent picture of your boarding pass.

Identity Theft and Data Dynamite

Having your PNR number posted online can upend the best of travel plans. Identity theft allows a hacker to open credit and other accounts in your name, get a mortgage, or buy a new car. They can cancel or change your airline and hotel reservations and steal your travel miles and points. This happened to Hilton Honors members several years ago.

Even an email address in the wrong hands, especially when partnered with social engineering tactics, is like data dynamite. With a hacker pretending to be someone else, socially engineered phishing emails can lead to your job and employer. That connection can lead to financial fraud crimes and malware attacks like ransomware. Unfortunately, it’s not a stretch for these things to happen.

Smart Travel, Smart Vacation

Data theft is a crime with limitless opportunities and many social media posts inadvertently enable it. For travel, consider an electronic boarding pass rather than a printed one. That way leaving it in an airplane seat pocket or on the floor of the terminal won’t happen. Keep your travel itinerary off social media and other public internet spaces. It leaves a timeline of when your home will be empty and vulnerable to break-ins and a time when you may not be able to so diligently log in to check your accounts. Do your best to monitor your bank and credit accounts for unusual activity, even when traveling.

No one wants a cybercriminal going with them on vacation, so keep your travel PII where it belongs – with you.

Want to know more? Read additional Mid Oregon blog articles about online security and fraud protection.

As a reminder, Mid Oregon will never initiate a call asking for personal or account information via phone, text, or email.

Content based on an article by Stickley on Security