Who leaked your flight information? -Circle of friends, personal privacy-IT information

When traveling, a lot of people in your circle of friends, "drying" beauty, self timer, and occasionally "bask" ticket, if the barcode is not blocked, and the trip is likely to leak of personal information.

"I'm sorry to inform you book August 24, 2016-Shanghai Pudong FM9462 flights in wanzhou, canceled due to mechanical failure, please contact flight change ticket line: 010-53815317, changed after the success of civil aviation to pay compensation for flight delay insurance 200 Yuan. ”

Is such a message, cheated of female college students in Chongqing xiaowen 6100 savings. Last year, similar to an endless stream of scam text messages, almost all airline passengers against, the business journal and many of my friends also received similar flight "delayed" or "Cancel" messages.

Who is the passenger's flight information to fraudsters? How to prevent the recurrence of this type of scam?

Know it all "customer service"

After the start of the new term, small paper is already a junior student at Shanghai East China Normal University. In July this year, she purchased through a third-party platform of 800 Yuan price from wanzhou in Chongqing to Shanghai Pudong FM9462 flight ticket, the departure time is August 24, at 11:30 A.M..

Just prior to the departure day (August 23), Xiao Wen received article at the beginning of the text message and the other number is +85266753430, was signed "Shanghai Airlines". Eager to Shanghai ready for school matters xiaowen hurriedly called the text "endorse the refund hotline" 010-53815317, a person claiming to be the "Shanghai Airlines customer service", and that Xiao Wen's information such as name, telephone number, identification card and flight number. This makes more off guard.

After the confirmation of the above personal information, this "customer service," asked Xiao Wen Bank ATM machines print the change needed on receipt of payment, then take the receipt to the airport counter ticket change.

Has small, unsuspecting hearts to the Bank, in accordance with this "customer service," operating tips step by step. The end result is, in each other's repeated urging, after rounds of operations, small card that 6100 was turned away.

Obviously, Xiao Wen suffered a typical "flights canceled text message fraud" fraudsters bought small text information is usually in the hands, it's already a mature industry chain.

In the search engine, with "airline data", "flight data", "internal data", such as keyword search, can show a lot of QQ Group of flagrant sale of flight information. To purchase book information from the contact information in the traffic in people, will be told, the price of each piece of information for a few Yuan to more than 10 per cent, regardless of which airline can get information including the customer's name, ID number, phone number, and flight number.

Beijing, Jiangsu Province and Xiamen police in May 2014, June and October uncovered the illegal use of passenger information for text message fraud case. Police to the criminal gangs in the three places in Danzhou, Hainan, largest fraud case involving more than more than 1.7 million Yuan. Inform the police in case said the suspects bought air tickets Xia men to receive large quantities of information is.

A circle of friends may disclose personal information

Fraudsters bought travelers and where flight information from leaking out? Under normal circumstances, we will first try to blame the airline or booking site. In fact, disclosure of passenger information there are many.

First of all, there are airline employees sell passenger information case. In April 2015, the Procuratorate in Jinan area prosecution of Gao and other 18 suspects on charges that they used the airline to sell passenger information to profit.

One domestic airlines is responsible for IT aspects of management layer on newspaper reporter said, airlines in the, General engaged in flights seat sales control of personnel, has query even modified passenger booking records of permission, they also can through airlines of internal customer management system (for example often passenger plans management system) get passenger more detailed of personal information; airlines in airport for passenger service of personnel, dang they for passenger for value machine, service Shi, can view passenger of full information, Even passenger's cell phone number and other information obtained on the spot; there are airlines call center staff, due to the need to view passenger's booking and personal details.

An airline ticket agent, especially black agent, is an important source of passenger and flight information. As many of the visitors are not using airline tickets, but to find an airline ticket agent, these companies take control of this part of the passenger's booking information and personal information.

In addition, whether in the country or airline booking site official website booking, travelers ' personal information will be made available to service providers of the nation's largest ticket distribution system--in the air. Eterm Travelsky development ticket sales system can make enquiries, bookings, tickets and change back, and so on. At present, apart from the spring airlines, domestic airlines are using this system, also by payments to air terminal and flight reservation information.

According to media reports, on December 21, 2015, the airlines employee was convicted of using the system account in illegal acquisition and sale of Shandong Airlines passenger information. Because of Travelsky in many staff need in their daily work to ensure the normal operation of the system, their master to query all of China Airlines passenger reservation system account and personal information.

However, reporter from which to hang the letter number of learned persons, Travelsky in recent years in strengthening management system account, not many employees are to obtain system account, and the permission finer control, the company has also been enhanced reinforcement systems, such as encrypted storage, account management and other information.

Except above situation, also has many way may led to passenger information was leaked, like many network about car platform of shuttle machine service will let user entered by ride flights of information, this may became cheats Gets information of important source; out tourism Shi, many people except in friends circle "Sun" beauty, and "Sun" self-timer, sometimes also will "Sun" tickets, if not barcode for block, hacker recognition barcode or II dimension code is not difficult, if was decipher, passenger of personal information and the trip on will was leaked.

Be careful of "400" Start phone

Many industry insiders told the newspaper, in the civil aviation industry, passenger information data flow path is relative simple and clear, if related to the company's IT system suppliers to strengthen prevention, many flights and passenger information leakage channels are blocked. In addition, when users enter personal information the Web site content, and can also note whether the site with third party website security certification designation.

Spring Airlines, Minister Mao Yi told the newspaper that because many passengers are set in different sites with the same user name and the same password, if the hacker at another website user information, is likely to be common sense to use the same password to log into another site, for more information.

"So we will be prompted to register use case, numerals, special symbols in strong passwords. In addition, we have issued instructions to update the passenger service messages, the last added reminder, airlines will not for any reason on the text message requests for bank card number and passcode, if you have any questions you can contact the official service. "Mao Yi said.

Airfare expert says to the reporter, to avoid "flights scam", the first thing to verify the authenticity of the text messages in a timely manner. Passengers received notification of the change or booking website, telephone number that is provided to 400 at the beginning of the call. 400 telephone used to be some well-known enterprises in order to facilitate customer service, apply to the telecommunications sector by the enterprise overseas call, airline customer service call are not 400 opening.

Therefore, after you receive this type of information should be first confirmed by airline officials phone or ticket sites, never trust unsolicited information, let alone call suggests strange number in the SMS.

Secondly, in accordance with the provisions of the airline, for non-passengers cause flight delays or cancellations and handling change back is free, do not need to pay a fee. If texts or phone calls asking for fees, is very likely to be scams.

Once again, when it comes to payment, fraudsters tend to guide consumers through the input validation code, transfer of swindling, encounters a transfer request should be refused immediately, and do not provide their own bank accounts, card number and other information.

谁，泄露了你的航班信息？ - 朋友圈,个人隐私 - IT资讯

外出旅游时，很多人除了在朋友圈“晒”美景、自拍，有时还会“晒”机票，如果不对条形码进行遮挡，个人信息及行程就很可能泄露。

“很抱歉地通知您，预订的2016年08月24日万州-上海浦东FM9462航班，由于机械故障已取消，请及时联系航班改签退票专线：010-53815317，改签成功后，由民航赔付航班延误险补偿200元整。”

就是这么一条短信，骗走了重庆女大学生小文6100元积蓄。从去年开始，类似的诈骗短信案层出不穷，国内几乎所有航空公司都有乘客中过招，《第一财经日报》记者身边很多朋友也曾收到过类似航班“延误”或“取消”的短信。

究竟是谁将乘客的航班信息泄露给了诈骗者？又如何防范这类骗局的一再发生？

什么都知道的“客服”

新学期开学后，小文就已经是上海华东师范大学大三的学生了。今年7月，她通过第三方平台用800元的价格购买了从重庆万州飞往上海浦东FM9462航班的机票，起飞时间是8月24日上午11时30分。

就在航班起飞前一天（8月23日），小文收到了文章开头的那条短信，另一头的号码是+85266753430，落款是“上海航空”。急于到上海准备开学事宜的小文急忙拨打了短信中的“改签退票专线”010-53815317，对方自称是“上海航空公司的客服”，且知道小文的姓名、电话、身份证和航班号等信息。这让小文更加放松了警惕。

在确认了上述个人信息后，这名“客服”要求小文在银行ATM机上打印改签需要的付款凭条，再带着凭条去机场柜台办理机票改签。

已经毫无戒备之心的小文赶到银行后，按照这名“客服”的提示一步步进行操作。最终结果是，在对方的反复催促下，几轮操作后，小文卡内的6100元被全部转走了。

显然，小文遭遇了典型的“航班取消短信诈骗”，而诈骗者手中小文的信息通常都是买来的，这早已有一条成熟的产业链。

在搜索引擎上，以“机票数据”、“航班数据”、“内部数据”等关键词进行搜索，可以显示出大量公然出售航班信息的QQ群。如果以购买订票信息为由，联系群中的信息贩卖人，会被告知，每条信息的价格为几元到十几元不等，无论哪个航空公司都能弄到，信息包括客户姓名、身份证号、手机号和登机号。

北京、江苏和厦门三地警方分别在2014年5月、6月和10月破获过违法利用乘客信息进行短信诈骗的案件。三地警方抓获的犯罪团伙都在海南儋州，最大一笔诈骗案涉及的金额超过170多万元。警方在通报案情时均表示，这些嫌疑人获得的大量航班信息都是买来的。

一条朋友圈就可能泄露个人信息

那么诈骗者买来的旅客个人和航班信息是从哪里泄露出来的？一般情况下，大家都会先去指责航空公司或订票网站。其实，泄露乘客信息的渠道有很多。

首先，确实存在航空公司员工倒卖乘客信息的案例。2015年4月，济南地区检察院对高某等18名犯罪嫌疑人提起公诉，罪名就是他们利用在航空公司工作之便倒卖旅客信息获利。

一名国内航空公司负责IT方面的管理层对本报记者表示，航空公司中，一般从事航班座位销售控制的人员，具有查询甚至修改旅客订票记录的权限，他们还可以通过航空公司的内部客户管理系统（例如常旅客计划管理系统）获得旅客更为详细的个人信息；航空公司在机场进行旅客服务的人员，当他们为旅客进行值机等服务时，可以查看旅客的完整信息，甚至能当场获得旅客的手机号码等资料；还有航空公司呼叫中心的人员，由于工作需要可以查看旅客的订票和个人信息。

机票代理，尤其是一些黑代理，也是旅客和航班信息泄露的重要来源。由于很多旅客并非通过航空公司订票，而是找的机票代理，这些公司就掌握了这部分旅客的订票信息和个人信息。

此外，无论是在国内哪个订票网站或航空公司官网订票，出行者的个人信息都会被提供给国内最大的机票分销系统服务提供商——中航信。中航信开发的机票销售系统eterm可以进行查询、预订、出票和退改签等操作。目前，除春秋航空外，国内航空公司都使用了这一系统，票代也通过向中航信付费来获得终端并查询航班的订座信息。

根据媒体报道，2015年12月21日，中航信员工曾被判利用系统账号非法获取和出售山东航空公司旅客信息。由于中航信内部的很多员工在日常工作中需要保证系统的正常运行，他们手中就掌握有可以查询中国所有航空公司旅客订票和个人信息的系统账号。

不过，本报记者从中航信多位人士处了解到，中航信最近几年在系统账号方面加强了管理，能够获得系统账号的内部员工并不多，且权限控制也更细，公司也一直在对系统进行增强加固，比如信息加密存储、账号分级管理等。

除了上述情况，还有许多途径可能导致旅客信息被泄露，比如许多网约车平台的接送机服务会让用户输入所乘坐航班的信息，这可能成为骗子获取信息的重要来源；外出旅游时，很多人除了在朋友圈“晒”美景、“晒”自拍，有时还会“晒”机票，如果不对条形码进行遮挡，黑客识别条形码或二维码并非难事，如果被破译，旅客的个人信息及行程就会被泄露。

小心“400”开头的电话

多位行业内人士告诉本报记者，在民航业，旅客出行信息的数据流动路径相对简单清晰，如果相关公司的IT系统供应商能够加强防范，很多航班和旅客信息的泄露渠道是能够堵住的。此外，用户在网站输入带有个人信息的内容时，也可以注意该网站是否带有网站安全认证的第三方标识。

春秋航空宣传部长毛懿告诉本报记者，由于很多旅客会在不同的网站设置相同的用户名和相同的密码，如果黑客在别的网站获取了用户信息，很可能会常识性地用同样的密码登录其他网站，获得更多信息。

“所以我们会提示旅客注册时使用有大小写、数字、特殊符号的强密码。此外，我们也把发给旅客的客服短信进行了提示信息更新，在最后一条加入提醒，航空公司不会因为任何原因在短信中索取银行卡号和验证码，如果有疑问可以与官方客服联系。”毛懿说。

机票专家则对本报记者表示，要躲开“航班取消骗局”，首先要及时验证短信的真伪。一般乘客接到的改签通知或订票网站，提供的电话号码多为400开头的电话。400电话原本是一些有知名度的企业为方便服务客户，向电信部门申请的由企业付费的电话，而航空公司的客服电话大多不是400开头。

因此，收到此类信息后，应第一时间通过航空公司官方电话或购票网站进行确认，切勿轻信来路不明的信息，更不要拨打短信中所提示的陌生号码。

其次，按照航空公司的规定，因非旅客原因造成的航班延误或取消时，办理退改签是免费的，不需要交手续费。如果短信或者电话中要求收取手续费，则极有可能是诈骗。

再次，涉及付款时，诈骗分子往往会引导消费者通过输入验证码、转账的方式实施诈骗，遇到转账要求时应马上拒绝，并且切勿提供自己的银行账户、卡号等信息。