Hello Anonymous.
Today I want to tell you about an interesting case that will be relevant for a long time. And the sponsor of today’s article is the trend of posting photos with airline tickets. Their number will especially increase following the opening of borders. You just have time to prepare in advance, this topic does not like to be rushed + in the following articles you will learn about social engineering. A base that cannot be superfluous.
I think you have often seen such photos on the Internet, especially during the active tourist season. In today's article we will look at what functions the booking management form provides and why it is better to think twice before posting photos online.
If the user has not hidden the booking number, then all information is potentially available through the booking site. As a rule, in a fit of passion and anticipation of events, people's rational part turns off and all photographs end up online like a “blank” slate.
Our case starts with S7 Airlanes, which provides an online booking management service. Information on other companies can be easily found on the Internet. To obtain details, it is enough to know your last name or email and reservation number. There are no problems with the last name at all, since users most often do not hide it online, use it as part of a nickname, etc.
Let's take a closer look at a specific example.
So, one Instagram user posted a photo with a ticket in his story, where the reservation number was visible. In the screenshot below, this place is enlarged with a magnifying glass.
Finding a last name on Instagram is not difficult; most often it is indicated in the profile description. This is enough to gain access to the reservation management.
After entering the reservation number and last name, we receive a lot of information: email, phone number, date of birth and flight direction. But besides this, booking management allows you to perform other functions:
• Changing passenger data.
• Payment for the order.
• Purchasing additional products.
• Ticket exchange.
• Ticket return.
Naturally, we blurred out personal data, since there is no goal to annoy the person.
The airline's website states that by clicking on the booking management link, you can apply for a ticket refund, exchange a ticket, indicating other days and times, and also provide other documents. All this can be done in a few minutes. In fact, you can apply for a refund and this will greatly “spoil” a person’s plans. In addition to the potential ticket risks themselves, there may be other attack vectors.
Firstly, the user is psychologically prepared to fly. Therefore, any links in the letter to the mail, notifications of flight delays, additional details, etc. will have extremely high efficiency. Phishing in this case will work with a bang. Secondly, we receive a phone number and email. Using OSINT, you can quickly collect information and check for passwords in leak databases. In addition, you can also restore the SIM card.
I think you understand how many risks one photo can potentially cause. The conclusion is simple - it is better not to publish photos of documents that contain confidential data. After all, one stupid photo could in fact lead to the cancellation of a ticket, gaining access to confidential information, as well as other possible consequences. It is not always right to broadcast to a wide audience what has long been considered generally accepted. You must always have a head on your shoulders and not be fooled by pretentious trends. Give yours to your wife, bro)
Yes, the topic is working, this fact has been personally verified more than once. But, unfortunately, in our time it’s stupid to show off and people have much less opportunities... you don’t have to think about aviation at all for at least the next six months. To be honest, if it were relevant, then I’d be sharing it for free) no offense, anon.
You will learn about how to make money in karzha today, tomorrow, in a week and, God willing, in a month in past and future articles. For the impatient, there is my contact and training for a percentage of the profit. We write, we work, we live beautifully. While such a possibility exists. Contact
Today I want to tell you about an interesting case that will be relevant for a long time. And the sponsor of today’s article is the trend of posting photos with airline tickets. Their number will especially increase following the opening of borders. You just have time to prepare in advance, this topic does not like to be rushed + in the following articles you will learn about social engineering. A base that cannot be superfluous.
I think you have often seen such photos on the Internet, especially during the active tourist season. In today's article we will look at what functions the booking management form provides and why it is better to think twice before posting photos online.
How not to “screw up” your vacation?
On social networks you can find thousands of different photos from airports, train stations, concerts, etc. Many companies have a form that allows you to check the details of the purchase using your reservation number and/or last name. This functionality is available for many concerts, amusement parks, festivals, etc.If the user has not hidden the booking number, then all information is potentially available through the booking site. As a rule, in a fit of passion and anticipation of events, people's rational part turns off and all photographs end up online like a “blank” slate.
Our case starts with S7 Airlanes, which provides an online booking management service. Information on other companies can be easily found on the Internet. To obtain details, it is enough to know your last name or email and reservation number. There are no problems with the last name at all, since users most often do not hide it online, use it as part of a nickname, etc.
Let's take a closer look at a specific example.
So, one Instagram user posted a photo with a ticket in his story, where the reservation number was visible. In the screenshot below, this place is enlarged with a magnifying glass.
Finding a last name on Instagram is not difficult; most often it is indicated in the profile description. This is enough to gain access to the reservation management.
After entering the reservation number and last name, we receive a lot of information: email, phone number, date of birth and flight direction. But besides this, booking management allows you to perform other functions:
• Changing passenger data.
• Payment for the order.
• Purchasing additional products.
• Ticket exchange.
• Ticket return.
Naturally, we blurred out personal data, since there is no goal to annoy the person.
The airline's website states that by clicking on the booking management link, you can apply for a ticket refund, exchange a ticket, indicating other days and times, and also provide other documents. All this can be done in a few minutes. In fact, you can apply for a refund and this will greatly “spoil” a person’s plans. In addition to the potential ticket risks themselves, there may be other attack vectors.
Firstly, the user is psychologically prepared to fly. Therefore, any links in the letter to the mail, notifications of flight delays, additional details, etc. will have extremely high efficiency. Phishing in this case will work with a bang. Secondly, we receive a phone number and email. Using OSINT, you can quickly collect information and check for passwords in leak databases. In addition, you can also restore the SIM card.
Conclusion
These are not all the possibilities and vectors that can be realized with such information at hand. Some companies provide much more functionality, including the ability to buy something from a client’s card if it is linked to his profile (difficult to implement, but possible). Also, sometimes bonus cards are integrated into the booking management form and you can spend all your miles by purchasing additional services or privileges.I think you understand how many risks one photo can potentially cause. The conclusion is simple - it is better not to publish photos of documents that contain confidential data. After all, one stupid photo could in fact lead to the cancellation of a ticket, gaining access to confidential information, as well as other possible consequences. It is not always right to broadcast to a wide audience what has long been considered generally accepted. You must always have a head on your shoulders and not be fooled by pretentious trends. Give yours to your wife, bro)
Yes, the topic is working, this fact has been personally verified more than once. But, unfortunately, in our time it’s stupid to show off and people have much less opportunities... you don’t have to think about aviation at all for at least the next six months. To be honest, if it were relevant, then I’d be sharing it for free) no offense, anon.
You will learn about how to make money in karzha today, tomorrow, in a week and, God willing, in a month in past and future articles. For the impatient, there is my contact and training for a percentage of the profit. We write, we work, we live beautifully. While such a possibility exists. Contact
