Hacker News new | ask | show | jobs
Scammed for my airline reservation info
19 points by spicypancake 1377 days ago
The scammers are at it again, and they’re getting more creative and ruthless. Today my gf wanted to upgrade her flight on a major commercial airline. She wasn’t able to do so online, so immediately googled the airline, in the sponsored google results there was a toll free number to call. She called the number and gave the “agent” her booking reference number and her last name. The "agent" asked for additional flight details like flight number and destination, but those weren’t really necessary.

After she gave the details the “agent” hung up immediately. It was soon apparent that this was a scammer. Immediately panic set in, what could they possibly do with that information? Upon further investigation, they can do quite a bit. They can add food to the flight, change the seat, pay for an upgrade, all of which require payment and make life better. However, they can also cancel the flight without verifying any further information. Evidently the scam is to cancel the reservation and resell the travel voucher since it’s only a 13 digit code and transferable. Be vigilant out there, and be sure to use ad-blockers to block sponsored Google ads.
6 comments
toast0 1377 days ago
> She wasn’t able to do so online, so immediately googled the airline, in the sponsored google results there was a toll free number to call.

Not trying to blame the victim, but this is a very dangerous pattern of behavior and should be discouraged. Ideally, Google wouldn't accept these ads at all, but curation isn't something Google will do willingly. Using contact information from a search snippet is potentially dangerous too, even if it seems like it's from the correct site, it's better to load that site yourself and use the number, etc. Or I'd look for a contact number in the booking confirmation, etc.

link
archi42 1377 days ago
It's often faster to search the number on Google instead of typing it from a sheet of paper. Plus with some companies I often feel like they don't want you to call them, so they hide the number on their website behind some AI that points you to guided FAQs. Add to that how ads look more like organic results every year, and companies actually buying ads if you search for them... It's a recipe for abuse.

While you're technically right (and I agree with you), Google is often the most straight forward and simplest solution. I don't ever bother saving the number for our favourite pizza place...

link
metadat 1377 days ago
Wow, truly next-level terrible and desperate to rip people off in this manner.

What is Google's liability in these cases? This is egregious negligence on part of Big-G.

link
spicypancake 1377 days ago
Indeed, terrible to the maximum degree. I think Big G does indeed need to be responsible, but with such scale it could take time for them to even catch on that this happening. I run ad-guard on her device, but after the latest iOS update neglected to enable the adguard extensions. Sometimes when traveling you're in a frustrated/frantic mindset and just not thinking clearly.
link
pkrotich 1377 days ago
Not only sponsored ads - also - be very careful not to post a selfie on social media with flight info visible!

Apparently the six-digit booking code (Passenger Name Record) plus your last name is sort of a password! And someone can do a lot of damage with it! [0]

I’ve heard of someone flight getting cancelled while they were at the airport because of an IG post with flight related hashtag!

[0] - https://www.vice.com/amp/en/article/qvvxv3/why-you-should-ne...

link
r0fl 1377 days ago
"Be vigilant out there, and be sure to use ad-blockers to block sponsored Google ads."

I often say that there are two different internets these days. The one with an abundance of adblockers seems somewhat safe and surfable. No adblockers and a few vulnerable searches, god forbidden on a small no-name search engine and you are going to have one hell of a ride!

link
spicypancake 1377 days ago
Agreed - it's been ages since I've used the Internet without wearing these digital condoms.
link
gxt 1377 days ago
Scammers and fraudsters must be treated like maritime pirates and punished with the maximum punishment law allows.

Additionally phone infrastructure needs to be fully authenticated end to end, to trace scammers and enabler carriers, which must be charged with recel and punished with debilitating fines.

Without these two measures it's just going to get worse.

link
spicypancake 1377 days ago
I echo this sentiment exactly. I have a lot of technical expertise in phone systems, and I can assure you, spoofing is ridiculously easy. The sheer level of creativity of these pirates is dumbfounding.
link
rondrabkin 1377 days ago
This should have been blocked by google (possible it was like Bing?) If you try to load ads in there are automated checks for example the url displayed must match your site url and any redirects are also cause for the ad to be rejected automatically. Phone numbers should be the same.
link
spicypancake 1375 days ago
Definitely Google, the URL was not the airline, but the title of the ad had the airline and the number was in the title; sneaky.
link