You may think that your physical passport, boarding passes, and ID cards are protected from theft as long as you keep them safe and secure. But that’s not necessarily the case. If those documents are scanned or stored in the cloud, they’re just as vulnerable as other types of files.
Also: I never travel without these 5 security gadgets and accessories. Here’s why
A new report from NordVPN describes how your travel documents can be accessed and exploited and what you can do to better protect them.
How your travel documents end up for sale on the dark web
Based on a joint project between NordVPN and international eSIM provider Saily, the report uncovered the following ways that your passport and other travel documents can end up for sale on the dark web.
- Info-stealers. Are electronic copies of your sensitive travel documents stored or synced on your mobile device? If so, hackers could deploy malware designed to steal those files.
- Compromised travel sites. Airlines and travel agencies often scan your passport and other files to store them electronically. A criminal who hacks into a vulnerable server or website can access those scans and hawk them on the dark web.
- Fraudulent travel sites. Criminals can also set up phony websites that look like legitimate airline check-in pages. Using the right phishing techniques, they can trick you into providing personal information and uploading your travel documents.
- Unsecured cloud storage. Do you ever save your travel documents in the cloud for convenience? If the access isn’t secure or the file permissions are too loose, those documents are easily accessible. In the report, NordVPN cited a trick called Google dorking in which criminals use advanced search queries to track down exposed files.
- Physical theft. People can lose their physical passports and ID cards or improperly discard their unused boarding passes. In that event, a criminal who finds the documents could scan them and place them for sale on the dark web.
How much resale value is built into stolen travel documents?
That depends on the document itself.
Travel documents are prized by cybercriminals for several reasons, according to NordVPN. The files typically fetch a good price on the dark web. They’re simple enough to use and require little verification. Above all, they contain the personal information criminals can use to commit fraud and identity theft.
Scanned passport images usually sell for anywhere from $10 to $200, depending on the quality. Scanned IDs go for around $15. Those figures don’t sound like much, but the prices climb from there.
Also: I never travel without this AirTag accessory – and it’s saved me hundreds of dollars
Genuine passports, driver’s licenses, IDs, and permits typically sell from $20 on the low end to $1,800 on the high end. Passports for EU citizens are especially pricey, going for as much as €5,500 (currently more than $6,300). Adding other family members to the package can even earn buyers a 25% discount.
Airline loyalty accounts with high-mileage balances can range from $35 to $700. As one example cited by NordVPN, accounts with 1 to 5 million miles will fetch the top price of $700.
Also: 7 ways to lock down your phone’s security – before it’s too late
Want to know how to hack into airline and hotel booking systems? Instruction manuals known as “Flight & hotel cracking & booking manuals” can go for $150 to $250 on the dark web.
Even reservations made through sites like Booking.com are popular items. Here, criminals will resell pre-booked trips on these platforms at discounts of 40% to 50% off the original price — usually getting around $250 for each deal.
How to protect yourself
Now that you know how and why cybercriminals exploit travel documents, how do you protect yourself? Here are six tips from NordVPN.
- Secure your sensitive travel files. If you want to house your travel documents online, make sure you use encrypted storage or a private vault. Also, be sure to disable any sharing options for the files so that they remain private.
- Watch out for phishing scams. Scrutinize any travel-related email or web page that asks for your personal data. Use a link checker to determine whether a link is legitimate or malicious. Fire up a browser and run a search for “link checker” to find such services.
- Safeguard your devices. Make sure you’re using reliable security software to protect your devices from compromise. Also, be sure to keep your operating system and apps updated with the latest security fixes.
- Use a VPN on public Wi-Fi networks. Need to check on your trip or access your travel documents at the airport or another public place? Use a VPN to encrypt and secure your connection.
- Monitor your accounts. Periodically check your loyalty accounts and financial statements for any unusual activity. If you spot something amiss, contact the provider and lock down the affected account.
- Report lost or stolen documents. If you ever lose your passport, ID, or other important document, immediately report it to the provider before a criminal can access and exploit it.
Also: Best travel VPNs 2025: The top travel VPNs for unblocking services and avoiding censorship
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
