Why You Should Never Share A Photo Of Your Boarding Pass On Social Media

Sometimes, we just can't help it. We're so excited for that once-in-a-lifetime dream vacation that we snap a photo of our boarding pass and passport at the airport and post it online. While the vast majority of likes and comments are from family and friends, influencers and users with public profiles may have no idea who sees their posts. Most of us wouldn't knowingly give random strangers unfettered access to our personal lives and identities; however, posting a photo of your boarding pass on social media can do just that, even if it is unintentional.

In addition to your name, flight number, and seat assignment, your boarding pass has plenty of breadcrumbs that malicious actors can follow to find out more about who you are, from secret codes like S/O and SPTC, or how many airline miles they could steal. In 2004, the International Air Transport Association (IATA) largely standardized boarding passes across the aviation industry by using a 2D barcode. These barcode boarding passes (BCBP), used by over 180 airports worldwide, make the entire airport rigamarole, from checking in online to boarding your flight, much more efficient. However, the standardized system means that criminals and bad actors can access a treasure trove of your personal information with a clear shot of the bar code or your six-digit confirmation number. Since most major airlines have little security when a passenger manages their flight online, anyone who has your name, confirmation number, QR code, or barcode can gain access to your personal information in the airline's system. After a few clicks and keystrokes, a hacker can disrupt your flight or, even worse, steal your identity.

The biggest danger that surrounds posting your boarding pass online is personal and creepy. Hackers and criminals can use your personal information to build a profile for cyberattacks against you, your family, and loved ones through social engineering. Hackers can mine your information on social media to seem more trustworthy for a targeted spear phishing attack. For example, by posing as someone working for the airline that you recently used. They may then use your contact information on file to send a malicious email survey that has malware or pose as a reservations agent asking you to verify your credit card information for your return flight.

Hackers could also use your personal flight information to target your loved ones, saying that you're hurt or stranded abroad and need money. The FBI's Internet Crime and Complaint Center (IC3) reported that over $16 billion was stolen from Americans last year, primarily seniors who were duped into sending money to someone. Every single post that reveals personal information helps criminals build a potential profile on you, including what you like and where you go. Don't forget to check your privacy settings before posting! 

We've seen and heard it time and time again: be careful about what you post on social media. Once something is out there, you have no control over who can see it. If you have the urge to share your airport experience, snap a picture of the departure monitors and post any photos once you're safe at home.