Recently there has been a dramatic increase in the stealing of frequent flier miles from the accounts of unsuspecting airline customers who participate in the various airline frequent flier programs. The reasons for this is because this kind of theft is easy to accomplish, easy to avoid detection and quite profitable. Hackers often take advantage of the fact that many people use the same username and password for many accounts. With so many usernames and passwords available to identity thieves due to the many data breaches that have become common occurrences, identity thieves are able to use usernames and passwords that they buy on the Dark Web, that part of the Internet where hackers buy and sell such information, to easily access the frequent flier accounts from people who use the same username and passwords for multiple accounts. In other instances, identity thieves will use socially engineered spear phishing emails to pose as the airlines and lure the victims into providing their usernames and passwords to the identity thief, often under the guise of confirming information for the airline.
Because people so rarely monitor their frequent flier accounts, criminals who steal frequent flier miles often go undetected for long periods of time.
Once the criminal gains access to the account, they can profit from the information in many ways including redeeming the points for merchandise from retailers participating in the frequent flier program, transferring the points to another clean account from which they can use the points for themselves or redeeming the points for travel vouchers which they then sell posing as legitimate travel websites.
In order to protect yourself you should have a unique username and password for each of your online accounts including your frequent flier accounts. This is a basic tenet of online security that you should be following. If your program permits dual factor authentication, you should sign up for it. Refrain from providing your username and password even if it appears it is being requested from your airline’s frequent flier program. If you have any question as to whether such a request contained in an email is legitimate, you should merely contact the airline by phone at a number that you know is accurate to confirm that the request was a scam.
Also, monitor your account regularly even if you are not flying in order to become aware as early as possible if there has been a security breach in your account.
Finally, you should always shred your boarding passes. Don’t merely thrown them away in trash receptacles at the airport. The bar code on your boarding pass contains important information including your frequent flier account number that can be used to make you a victim of identity theft.
If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”