Krebs on Security – Choose Adventure

Greg Ellifritz
October 28, 2020
No Comments

Crime Trends

Airline Boarding Passes

Airline Boarding Passes https://i0.wp.com/www.chooseadventurebook.com/wp-content/uploads/2020/10/deltabp-580x250-1.png?fit=580%2C250&ssl=1 580 250 Greg Ellifritz Greg Ellifritz https://secure.gravatar.com/avatar/e0796fbe64c5c54764b80b72b3148061?s=96&d=mm&r=g October 28, 2020 October 10, 2020

As more and more people are using cell phone apps to display boarding passes, this problem may eventually become non-existent. If, however, you still use printed boarding passes, you should probably shred, burn, or otherwise destroy them. Do not leave them laying around your airplane seat of casually toss them in the trash can at your destination gate.

According to the article linked below, there is a massive amount of personal information available on your boarding passes.

What’s in a Boarding Pass Barcode? A Lot

““Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory said. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”

The access granted by Lufthansa’s site also included his friend’s phone number, and the name of the person who booked the flight. More worrisome, Cory now had the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights.

The information contained in the boarding pass could make it easier for an attacker to reset the PIN number used to secure his friend’s Star Alliance frequent flyer account. For example, that information gets you past the early process of resetting a Star Alliance account PIN at United Airline’s “forgot PIN” Web site.”

Be careful out there.

Greg Ellifritz
October 6, 2020
No Comments

Crime Trends

ATM Skimmers

ATM Skimmers https://i0.wp.com/www.chooseadventurebook.com/wp-content/uploads/2020/09/header.jpg?fit=955%2C164&ssl=1 955 164 Greg Ellifritz Greg Ellifritz https://secure.gravatar.com/avatar/e0796fbe64c5c54764b80b72b3148061?s=96&d=mm&r=g October 6, 2020 September 20, 2020

ATM skimmers used to be pretty rare. They were large contraptions that fit over the outside of the card reader on the ATM. They were most commonly seen in tourist areas on “stand alone” ATMs that weren’t regularly serviced. Now it seems that the ATM technicians are installing small bluetooth compatible skimmers to steal your data inside the machines themselves, at least in Mexico.

My best advice is to avoid ATMs in obvious tourist areas and to use the ATMs that are inside a bank. Although not a foolproof strategy, doing this will at least limit your chances of having your card data stolen.

One other thing…for foreign travel, you want a traditional ATM card, NOT an ATM debit card. The traditional cards have daily withdrawal limits so the crooks can’t clean you out. With the debit card, they can take out more money and charge things to your account. The traditional ATM card will help limit the damages if your data is stolen.

For more information about skimmers in Mexico, read:

Tracking Bluetooth Skimmers in Mexico

Greg Ellifritz
July 1, 2020
1 Comment

Travel News

ATM Card “Skimmers” in Foreign Countries

ATM Card “Skimmers” in Foreign Countries https://i0.wp.com/www.chooseadventurebook.com/wp-content/uploads/2020/06/f2m-580x487-1.png?fit=580%2C487&ssl=1 580 487 Greg Ellifritz Greg Ellifritz https://secure.gravatar.com/avatar/e0796fbe64c5c54764b80b72b3148061?s=96&d=mm&r=g July 1, 2020 June 30, 2020

As far as travel questions go, one of the most common inquiries I get is regarding how to safely make currency withdrawals from the bank and how to convert American dollars into the local currency. I wrote an entire chapter on this topic in my book.

Needing local currency is not as important as it was 20 years ago. Even in the developing world, grocery stores and restaurants almost always accept credit cards.

To summarize, I recommend that if the traveler needs local currency that he or she should simply withdraw local currency from a nearby bank ATM machine. Exchange rates will be better than you get at the border money changers and ATMs are common in most cities.

The one thing you have to be aware of is the installation of a card “skimmer” on the ATM machine. The articles below detail how card skimmers work and how they are used in Mexico. The author’s advice holds true in most of the other world as well. Read these three articles to get a comprehensive understanding of the issues involved:

Tracking a Bluetooth Skimmer Gang in Mexico

Tracking Bluetooth Skimmers in Mexico, Part II

Who’s Behind Bluetooth Skimming in Mexico?

Now it seems that the ATM technicians are installing small bluetooth compatible skimmers to steal your data inside the machines themselves, at least in Mexico. My best advice is to avoid ATMs in obvious tourist areas and to use the ATMs that are inside a bank. Although not a foolproof strategy, doing this will at least limit your chances of having your card data stolen.

One other thing. For foreign travel, you want a traditional ATM card, NOT an ATM debit card. The traditional cards have daily withdrawal limits so the crooks can’t clean you out. With the debit card, they can take out more money and charge things to your account. The traditional ATM card will help limit the damages if your data or card is stolen.