I have written numerous times in the past about the theft of frequent flier miles from the accounts of unwary customers.  Recently there has been a dramatic increase in the stealing of frequent flier miles from the accounts of unsuspecting airline customers who participate in the various airline frequent flier programs. The reasons for this is because this kind of theft is easy to accomplish, easy to avoid detection and quite profitable. Hackers often take advantage of the fact that many people use the same username and password for many accounts. With so many usernames and passwords available to identity thieves due to the many data breaches that have become common occurrences, identity thieves are able to use usernames and passwords that they buy on the Dark Web, that part of the Internet where hackers buy and sell such information, to easily access the frequent flier accounts from people who use the same username and passwords for multiple accounts. In other instances, identity thieves will use socially engineered spear phishing emails to pose as the airlines and lure the victims into providing their usernames and passwords to the identity thief, often under the guise of confirming information for the airline.  Because people so rarely monitor their frequent flier accounts, criminals who steal frequent flier miles often go undetected for long periods of time.

Once the criminal gains access to the account, they can profit from the information in many ways including redeeming the points for merchandise from retailers participating in the frequent flier program, transferring the points to another clean account from which they can use the points for themselves or redeeming the points for travel vouchers which they then sell posing as legitimate travel websites.

Now we are also seeing criminals not only stealing your credit cards and making fraudulent charges, but also stealing and using your credit card rewards points.    It has been estimated that a billion dollars a year of credit card rewards and loyalty program points are stolen each year.  Making it even worse, the criminals stealing your credit card reward points may make large purchases first using your credit card thereby increasing the reward points before they cash them in, often purchasing gift cards which they use to launder the stolen money.  And while the law protects you for all but $50 for fraudulent charges on your credit card (and most banks won’t even charge you anything) credit card rewards points and frequent flier miles are not covered by any federal law.  Once they are gone, they are generally gone.


In order to protect yourself you should have a unique username and password for each of your online accounts including your frequent flier accounts and credit card accounts. This is a basic tenet of online security that you should be following. If your program permits dual factor authentication, you should sign up for it. Also, monitor your credit card rewards and frequent flier miles accounts regularly to recognize any hacking as early as possible.Finally, in regard to your frequent flier miles, you should always shred your boarding passes. Don’t merely thrown them away in trash receptacles at the airport. The bar code on your boarding pass contains important information including your frequent flier account number that can be used to make you a victim of identity theft.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”