The documents may appear to be nothing more than travel souvenirs outside of their primary use at the airport, but they are much more informative than many travelers realize.
If cybercriminals can get a picture of a boarding pass, they can exploit travelers in several ways.
Even while the information on the documents appears to be sparse, bad actors "can very easily bring up the rest of the things they need to know about you from public records, like your date of birth, your address, your phone number, or your email address," according to Amir Tarighat, CEO of cybersecurity company Agency.
“Frequent flyer miles are actually really easy to steal, and they don't have the same protection that banks have,” Tarighat said, adding that travel accounts are commonly sold on the Dark Web.
Hackers may be able to access your account using information from a boarding pass, such as your rewards account and confirmation numbers. According to Tarighat, information can also be removed by third parties using the barcodes on boarding passes.
According to him, social engineering assaults, which are " tricking people," can also be created using the information on the boarding pass.
So, he explained, "you might work for a company, and someone notices that, 'Oh, this individual is traveling. They can use that knowledge to trick you into doing something by sending spam, phishing, and social engineering emails to other firm employees saying things like, "Amir's in Paris this week," or something similar. This can entail granting them access to a specific account or sending them money.
The details may also leave behind digital breadcrumbs that attackers can use to trace the traveler's web connections and launch additional attacks.