Never Do This With Your Phone Before a Flight, Experts Warn
WHAT SEEMS LIKE AN INNOCENT WAY TO KICK OFF YOUR TRIP COULD PUT YOUR PERSONAL INFORMATION AT RISK.
Of all the items in your traveler's toolkit, it's hard to think of anything as important as your smartphone. The pocket-sized device can practically do anything you need for a trip, from booking your flights and snapping memorable photos to acting as a pocket translator and mapping your way around an exciting new destination. But before you even take off, there's one common technological mistake you should avoid at all costs. Read on to see what experts warn you should never do with your phone before a flight.
RELATED: Never Forget to Do This After Takeoff, Flight Attendant Warns.
Never post a picture of your boarding pass on social media with your phone before a flight.
One of the most exciting parts about travel can be when you've cleared through security and you're passing time in the terminal before boarding your flight. Often, this also provides the perfect opportunity to update your social media feeds with a quick snapshot to announce your pre-trip bliss to your friends and family. But according to experts, you should never use your phone to post a picture of your boarding pass online.
While it may look like random numbers and letters, your ticket contains very sensitive information that you wouldn't want to fall into the wrong hands. "Many airlines use only the data on the boarding pass, specifically the confirmation code and last name to allow full access to your online account," Mark Scrano, an information security manager at cybersecurity firm Cobalt, told Condé Nast Traveler. "These can be abused to access your personal data that is stored by the airline."
Even barcodes on your ticket could give hackers access to your personal information.
And it's not just the written information that should be your only concern. Even if you obscure your name, confirmation number, and flight number, hackers could still glean your sensitive data from any barcode or QR code on your printed or digital ticket.
According to privacy researcher Bill Fitzgerald, you should always assume that any scannable code "has information about you and your stuff and where you're going," even if that information is "going to vary barcode by barcode, airline by airline," he tells Condé Nast Traveler.
"It's good information that could be used in any type of identity theft or a targeted hack," he warns. "So if you're concerned about having your identity stolen, it's a really simple step to take, to not share barcodes in any way, shape, or form."
RELATED: For more up-to-date information, sign up for our daily newsletter.
Hackers could also use your information to change your itinerary, seat assignment, and steal frequent flier miles.
As if avoiding having your identity stolen weren't reason enough to avoid posting a photo of your boarding pass, there's also the possibility that hackers could seriously mess up your travel arrangements. During an exercise in 2019, Noam Rotem, an Israel-based security researcher, discovered a flaw in the Amadeus online booking system used to pass information between 200 major airlines, booking websites, and travel agents, Popular Mechanics reports. In this case, he could get the six-digit code used on boarding passes and luggage tags known as a passenger name record (PNR) by manipulating the code used to communicate between the booking system and the airline El Al.
"Just by guessing PNRs, I was able to access personal data and change contact details of customers," Rotem wrote in a blog post for security website Safety Detectives. "This was confirmed by both El Al's VP and the Amadeus team."
From there, it was also possible to inflict serious damage on someone's trip. The vulnerability allowed the team to "claim frequent flyer miles to a personal account, assign seats and meals, and update the customer's email and phone number, which could then be used to cancel/change flight reservation via customer service," he wrote. Amadeus says they have since repaired the security lapse, Popular Mechanics reports.
Make sure to properly dispose of any paper tickets after your flight.
Unfortunately, it's not just potential scammers on social media who could be after your personal information. Even a used ticket carries sensitive data on it once you've arrived. After you land, experts suggest collecting all of your paper documents and holding off on throwing them out until you get home or to your hotel. Ideally, Fitzgerald says you should shred them like any other sensitive document before putting them in the trash.
And while it may not be the most likely way your data is breached, experts say it's still best to play it safe with your travel documents. "Is it catastrophic if these get into the wrong hands? Probably not," Fitzgerald tells Condé Nast Traveler. "But with that said, if there's somebody coming after [your information] specifically, don't make it easier for them."
RELATED: This Is the Worst Place to Sit on a Plane, Flight Experts Say.