{"id":12842,"date":"2016-08-25T09:00:18","date_gmt":"2016-08-25T13:00:18","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=12842"},"modified":"2019-11-15T22:50:04","modified_gmt":"2019-11-15T11:50:04","slug":"never-post-barcodes-online","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/never-post-barcodes-online\/12842\/","title":{"rendered":"Never post tickets with barcodes online!"},"content":{"rendered":"<p>Security experts and media pundits <a href=\"https:\/\/www.theguardian.com\/money\/2016\/mar\/21\/online-ticket-fraud-social-media-users-warned-twitter-facebook-get-safe-online\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">warn<\/a> people to avoid posting pictures of their tickets online. Many people follow this rule, but not everyone. Time and time again and again, and again, we see photos of tickets on social media, especially on Instagram. Just check the #tickets hashtag and you\u2019ll see.<\/p>\n<h3>Why is doing this a bad idea again?<\/h3>\n<p>The problem with these types of posts is that people post tickets for events happening in the future and forget to blur out or cover up the barcodes and figures beneath them. Bad guys can copy the this information from these photos and use them to duplicate tickets \u2014 and resell them or visit the event at the expense of the victims.<\/p>\n<p>The same rule holds true for airplane tickets: hooligans won\u2019t take your place on the plane but they can <a href=\"https:\/\/www.kaspersky.com.au\/blog\/dont-post-boarding-pass-online\/10495\/\" target=\"_blank\" rel=\"noopener noreferrer\">literally ruin your trip<\/a> \u2014 book the worst seats for you or even cancel your return tickets. All of the necessary information for this trick is printed on your airline tickets, so don\u2019t post them online. Just don\u2019t do it.<\/p>\n<h3>Is it really that serious?<\/h3>\n<p>Do you remember an Australian woman named Chantelle who won $825 at Melbourne Cup horse race? She <a href=\"http:\/\/petapixel.com\/2015\/11\/04\/woman-shares-selfie-with-winning-horse-race-ticket-has-the-825-stolen\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">posted a selfie with her ticket<\/a> and lost all of the prize money.<\/p>\n<p>Almost every huge event attracts cybercriminals attention. Last year British citizens lost \u00a35.2m to ticket fraud and the situation has not changed for the better. Major sporting events such as the Rugby World Cup or the Euro 2016 championships are <a href=\"https:\/\/www.theguardian.com\/money\/2016\/mar\/21\/online-ticket-fraud-social-media-users-warned-twitter-facebook-get-safe-online\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">on the top list<\/a> of ticket scams. Concerts and festivals come next.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">7 reasons you shouldn\u2019t post your boarding pass online <a href=\"https:\/\/t.co\/rjMLtV2vE1\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/rjMLtV2vE1<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/travel?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#travel<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Traveltips?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Traveltips<\/a> <a href=\"https:\/\/t.co\/wjntp7MazC\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/wjntp7MazC<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/662668076454932480?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 6, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Ticket services typically have rules that say that every client must not provide data from the ticket to third parties. Publishing a photo of your ticket online equals to sharing your data with anyone who sees the picture. So if you do it, don\u2019t blame the ticket services \u2014 they cannot do anything should you disregard their rules and give your ticket away to strangers.<br>\nPosting tickets online is also a great way to <a href=\"http:\/\/www.komando.com\/tips\/12469\/4-ways-burglars-use-social-media-to-target-you\/all\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">alert burglars<\/a> to the date and time that you will be away from your home.<\/p>\n<h3>Why do they make individual tickets with names if one can easily forge them?<\/h3>\n<p>When one person posts their ticket picture online, that can start a slippery chain of events where another one buys a fraudulent ticket from private sellers and the original purchaser or duplicate purchasers cannot attend the event \u2013 simply because someone else used their tickets and gotten there before them. Is there any way to solve this problem? Of course, event managers can verify your ID at the entrance \u2014 something like <a href=\"https:\/\/www.kaspersky.com.au\/blog\/what_is_two_factor_authentication\/5036\/\" target=\"_blank\" rel=\"noopener noreferrer\">two-factor verification<\/a>. But in real life, this approach is far from perfect.<\/p>\n<p>For starters, ticketholders can become irritated if there is strict control matcing tickets to names. Secondly, it\u2019s not practical. If the event gathers hundreds of people you can check their identities and not spend too much time doing that. If it gathers 30,000 people \u2014 it\u2019s almost impossible. Imagine a concert that doesn\u2019t start because visitors stay in queue for hours. Nobody would want to miss the beginning of the concert because of strict security measures.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Be carefull guys, always hide the barcodes when you post a picture of your ticket(s) online! You never know\u2026 <a href=\"https:\/\/twitter.com\/hashtag\/Dominator?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Dominator<\/a><\/p>\n<p>\u2014 Dominator Festival (@DominatorFest) <a href=\"https:\/\/twitter.com\/DominatorFest\/status\/584316164874104832?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 4, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In addition, it\u2019s plainly dangerous to have licenses, passports or other forms of official ID out in the open at mass events \u2014 thieves can easily steal such things in the crowd. From the other side, concert managers can meet victims halfway and offer them some seats \u2014 even if they won\u2019t be as good as those they\u2019ve bought in advance. This approach also has its own disadvantages. Some people abuse the situation: they give their tickets to the friends to let them come in for free and go to event managers to solve the \u201cproblem\u201d. That\u2019s why many ticket inspectors don\u2019t believe people with already used tickets.<\/p>\n<p>Unfortunately, there is no universal solution to this problem \u2014 we would have to invent a new ticket identification system to do that. Until that time all of us should be vigilant and never publish tickets and documents online.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Male arrested following sale of fraudulent concert tickets <a href=\"https:\/\/t.co\/LmuBSX8uWB\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/LmuBSX8uWB<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/fraud?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#fraud<\/a> <a href=\"https:\/\/t.co\/oyWplnxyYG\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/oyWplnxyYG<\/a><\/p>\n<p>\u2014 Ont Police Reports (@OntPoliceReport) <a href=\"https:\/\/twitter.com\/OntPoliceReport\/status\/753772360323465216?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 15, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Is there any way to post tickets safely?<\/h3>\n<p>Yes, there is a semisafe way. If you want to post a ticket online you need to know what to hide. That\u2019s why you have to be familiar with barcodes and how they work.<\/p>\n<p>There are 1D barcodes used to code small pieces of information and 2D bar codes \u2014 to pack big amount of data.<\/p>\n<p>1D bar code is based on the binary code. Well, ok, it\u2019s a bit more complicated: each denary digit is formed with 7 lines which can be either white or black. Sometimes black lines are not separated with white lines thus making thicker black lines. The last bars of the code usually denote check digits, that are used to confirm the reading accuracy. Cinema, concert and airplane tickets often contain several check digits that confirm data provided in the barcode.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How does Barcodes and Barcode Scanners Work\u00a0? <a href=\"https:\/\/t.co\/rs30ybjPN1\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/rs30ybjPN1<\/a> <a href=\"https:\/\/t.co\/M67I3dyxOu\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/M67I3dyxOu<\/a><\/p>\n<p>\u2014 Latest Hacking News (@7H3Wh173R4bb17) <a href=\"https:\/\/twitter.com\/7H3Wh173R4bb17\/status\/743129863196860417?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 15, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>One of the most widespread 2D barcodes is QR-code. Mostly it\u2019s used to quickly open websites on mobile devices, but not always: for example, you can find them on India\u2019s IRCTC train tickets. Many flight boarding passes also contain a 2D barcode (not exactly QR, but a PDF417). Here is a good page that tells about the use of 2D barcodes for ticketing on Quora.<\/p>\n<p>2D barcodes consist of black and white squares, which are \u2013 you\u2019ve guessed it \u2013 also 1 and 0. But 2D barcodes are more complicated than 1D, as they usually have not only some <a href=\"https:\/\/en.wikipedia.org\/wiki\/Check_digit\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">check digits<\/a>, but also special areas used for the cameras to recognize 2D barcodes as barcodes. For example, QR codes have these three distinguishable squares in their corners.<\/p>\n<p>If you want to post tickets online you need to blur out the barcode <b>entirely<\/b> together with figures below. Though ticket inspectors use scanners to read barcodes only, criminals can recover the code from the figures given below.<\/p>\n<p>https:\/\/twitter.com\/TheBanat\/status\/743483634070392832<\/p>\n<p>All in all we don\u2019t recommend posting tickets on the Internet before the event even if you blur over the code \u2014 criminals with proper experience in social engineering can lure the missing data out of you and your surroundings. If you want to share the joy with other people you can simply write something like this: \u201cHi, everybody! I\u2019m going to the Black Sabbath farewell concert!\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One Instagram post with a picture of a ticket can cost you a whole lot of time and money and ruin your day. This is how you can avoid it<\/p>\n","protected":false},"author":522,"featured_media":12843,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2646],"tags":[1777,1778,43,1557,97,1622,422,1776],"class_list":{"0":"post-12842","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-barcodes","10":"tag-criminals","11":"tag-privacy","12":"tag-qr-codes","13":"tag-security-2","14":"tag-social-network","15":"tag-threats","16":"tag-tickets"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/never-post-barcodes-online\/12842\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/never-post-barcodes-online\/5547\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/never-post-barcodes-online\/7569\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/never-post-barcodes-online\/7597\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/never-post-barcodes-online\/7570\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/never-post-barcodes-online\/8982\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/never-post-barcodes-online\/8843\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/never-post-barcodes-online\/12616\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/never-post-barcodes-online\/2571\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/never-post-barcodes-online\/12842\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/never-post-barcodes-online\/6002\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/never-post-barcodes-online\/6527\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/never-post-barcodes-online\/5296\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/never-post-barcodes-online\/8532\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/never-post-barcodes-online\/12329\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/never-post-barcodes-online\/12616\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/never-post-barcodes-online\/12842\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/barcodes\/","name":"barcodes"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/12842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=12842"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/12842\/revisions"}],"predecessor-version":[{"id":24453,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/12842\/revisions\/24453"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/12843"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=12842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=12842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=12842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}