Abstract: Mr. Li just bought deep air ticket, he received a call claiming the Shenzhen Airlines staff, said the flight canceled, can be sent by the way of error verification code refund. When Mr Li found out that the flight had not been canceled, he suffered a telephone fraud. Because of
Mr. Li just bought the deep air ticket, he received a call claiming that the Shenzhen Airlines staff, said the flight canceled, can send "error verification Code" way to refund. When Mr Li found out that the flight had not been canceled, he suffered a telephone fraud.
He suspected that the airline had leaked the passengers ' information because he had accurately reported Mr. Li's name, ID number and flight number. In this respect, Shenzhen Airlines said the detection did not detect the background data leakage.
Pick up the ticket and get the refund call.
Mr. Li, who works in Beijing, is on a business trip and has just booked air tickets for Shenzhen Airlines, and he has received a call from a self-proclaimed "flight cancellation".
Mr. Li said that the other party accurately reported Mr. Li's name, ID number, flight number, and so on, said because the flight cancellation needs to refund the ticket money, and proposed to send "error verification code" to verify the passenger bank card refund method.
The other said that in order to ensure that the bank card provided by the passengers is my own, they need to refund the passengers to their designated bank card remittance. "They gave me a bank card number, saying that the money remitted was only slightly higher than the balance of my bank card, so the remittance would not be successful and will produce an error verification code." Mr. Li said, the other side said that as long as the error verification code sent over, you can return the ticket money to this card.
Confirmed that the flight was not canceled.
According to Mr. Li, the bank card balance of more than 1040 yuan, the other party asked it to remit 1500 yuan to its account.
As a result of working in IT companies and being familiar with telecom fraud, Mr Li is skeptical about the way remittances get "error-proof" code. After being verified by the official channel, Mr. Li learned that his flight had not been canceled.
"The other side is the fishing scam. Mr. Li said that seemingly insufficient bank card balances do not really generate remittance transactions, but the other side may be able to transfer to his account less than 1500 yuan, so that will be successful, do not produce error code.
Mr. Li said the other party knew the details of his personal information and therefore suspected that the airline had leaked it. He inquires the verification, found that the Shenzhen Airlines Micro-letter number opened the platform for the purchase of tickets, there can be leaked passenger information loopholes.
Network security Test platform also said that through the Shenzhen Airlines Micro-credit ticket system loopholes, can be traced to Shenzhen Airlines in the last three years, part of the booking information, the risk of leakage of passenger information.
The network security test platform staff said that after the discovery of the vulnerability, Shenzhen Airlines has been notified.
★ Deep Air Response
The public number ticket is fixed.
"There was a message scam before the passengers of the Shenzhen Airlines, but the information was not leaked to us," he said. "Shenzhen Airlines, a staff said," The last six months or months, Shenzhen Airlines passenger side does not have too much, or basically no longer receive fraud messages. ”
The staff said that Shenzhen Airlines launched the micro-credit ticketing function, there is a real technical loophole, "but through the self-examination of the entire system, and did not find information leaked background data." "He said the flaw was now fixed.
How exactly is Mr. Lee's message obtained by a staff member claiming to be "deep sailing"? A person in the industry said that passenger information could be leaked from agents.
"At present, most of the domestic airlines are using the China Aviation Letter booking system, the major airlines passenger data to be entered in the system," the industry said, "in addition to airlines, major airline agents can also see passenger data information, agents too many, bad supervision." ”
Gaff Huai, executive vice president of the Aviation Law Society of Beijing Law Institute, who has been acting as an agent of air passenger information leaks, said that there are many reasons for the leakage of passenger information, but there are loopholes in the relevant departmental management for any reason. ”
He suggested that passengers should first contact the airline customer service to confirm the authenticity of the scam message.