Recently there has been a dramatic increase in the stealing of frequent flier miles from the accounts of unsuspecting airline customers who participate in the various airline frequent flier programs. The reasons for this is because this kind of theft is easy to accomplish, easy to avoid detection and quite profitable. Hackers often take advantage of the fact that many people use the same username and password for many accounts. With so many usernames and passwords available to identity thieves due to the many data breaches that have become common occurrences, identity thieves are able to use usernames and passwords that they buy on the Dark Web, that part of the Internet where hackers buy and sell such information, to easily access the frequent flier accounts from people who use the same username and passwords for multiple accounts. In other instances, identity thieves will use socially engineered spear phishing emails to pose as the airlines and lure the victims into providing their usernames and passwords to the identity thief, often under the guise of confirming information for the airline.

However, sometimes victims of frequent flier miles scams merely turn over to the scammer their user name and password by clicking on links and responding to phishing emails like the one reproduced below.  As phishing emails go, this one is pretty well done.  The appearance, spelling and grammar of the email look legitimate and the purported reason for asking the victim to update their information due to new security features also appears legitimate.  But it is not.  It is a scam and people responding to this email by logging in to the site to which they are taken will end up providing their username and password to a scammer who will steal the frequent flier miles.

Because people so rarely monitor their frequent flier accounts, criminals who steal frequent flier miles often go undetected for long periods of time.
Once the criminal gains access to the account, they can profit from the information in many ways including redeeming the points for merchandise from retailers participating in the frequent flier program, transferring the points to another clean account from which they can use the points for themselves or redeeming the points for travel vouchers which they then sell posing as legitimate travel websites.

TIPS
In order to protect yourself you should have a unique username and password for each of your online accounts including your frequent flier accounts. This is a basic tenet of online security that you should be following. If your program permits dual factor authentication, you should sign up for it. Refrain from providing your username and password even if it appears it is being requested from your airline’s frequent flier program. If you have any question as to whether such a request contained in an email is legitimate, you should merely contact the airline by phone at a number that you know is accurate to confirm that the request was a scam.

In regard to protecting yourself from phishing emails such as this, you can look for red flags such as the fact that your account number does not appear anywhere in the email.  However, the safest tact to take is to never log in to any website from an email.  If you had any belief that the email was legitimate, you should merely go to the Delta website directly and not from an email that you can never be sure is legitimate.

Also, monitor your account regularly even if you are not flying in order to become aware as early as possible if there has been a security breach in your account.

Finally, you should always shred your boarding passes. Don’t merely thrown them away in trash receptacles at the airport. The bar code on your boarding pass contains important information including your frequent flier account number that can be used to make you a victim of identity theft.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Here is the phishing email presently being circulated.

Thanks for choosing Delta. Your Flight is confirmed.
Hello Member,
SkyMiles ® #**********>
Update Your Skymiles Account Access
Kindly update your Delta skymiles account access below to activate the new security features and updates.
Update Your Skymiles Account

È

Increase your mileage balance faster on your next flight.
Purchase up to 3,000 miles.
Earn 30,000 bonus miles and a $50 statement credit.
Terms apply.
Find, compare and book flights from your favorite mobile device with the Fly Delta app.
Earn Starpoints® when you fly and miles when you stay.
Register now for Crossover Rewards™.
Terms apply.
THE #1 AIRLINE APP. | Get the Fly Delta app today.
Terms & Conditions
Delta is not liable for losses resulting from unauthorized access to a SkyMiles account. All SkyMiles program rules apply to SkyMiles program membership, miles, offers, mile accrual, mile redemption, and travel benefits. To review the rules, please visit delta.com/memberguide.Email Subscription
You have received this email because you elected to receive your SkyMiles account notification sent to you via email. If you would like to take advantage of other Delta email programs featuring special fares, promotions, information and flight updates, please visit delta.com/emailprograms or delta.com/notifications.
Privacy Policy
Your privacy is important to us. Please review our Privacy Policy.
Copyright Information
This email message and its contents are copyrighted and are proprietary products of Delta Air Lines, Inc. Delta Blvd., P.O. Box 20706 Atlanta, GA 30320-6001. Any unauthorized use, reproduction, or transfer of this message or its contents, in any medium, is strictly prohibited.
This is a post only email. Please do not respond to this message.
© 2019 Delta Air Lines, Inc. All rights reserved.