Credit card and Social Security numbers aren't the only types of data being bought and sold illicitly online. Hackers have now started infiltrating frequent flyer accounts and are selling stolen reward miles on the dark web, according to a report by Comparitech.
Frequent flyer miles, or reward points, are awarded to members of travel loyalty programs in exchange for doing business with a company, like an airline, or spending on a co-branded credit card. Rewards miles and points can be redeemed for travel awards, cash back, or discounts on various products from participating retailers.
How Are Frequent Flyer Miles Stolen?
Like with many other types of identity theft, hackers use the illegally-obtained personal information to gain access to people's frequent flyer accounts.
As the number of data breaches continues to increase, personal information is becoming increasingly easy for thieves to obtain. Just last year, 1,579 data breaches exposed nearly 179 million records, including 158 million Social Security numbers.
Once hackers have enough personal information to access one of your accounts, they can take control and in some situations wipe the accounts clean.
Monitoring your credit file for changes and inaccuracies is one of the best steps you can take to ensure that fraudsters aren't using your personal information.
What Can Thieves Do with Stolen Frequent Flyer Miles?
In most cases, it is difficult for hackers to use reward points for their own travel because travel must be booked in the account holder's name. However, thieves can still use the stolen points for other rewards or transfer them to other account holders who can then book travel in their own names.
Once fraudsters gain access to someone's account, they can use the stolen miles to purchase things from retailers and can often do so without needing to show ID. In addition, hackers are stealing reward points and reselling them on the dark web.
The dark web is a hidden network of websites where visitors use encryption and virtual private networks (VPNs) to remain anonymous. It's host to various black market sites that are known to sell illicit goods—including sensitive personal information like credit card and Social Security numbers—to unknown buyers using cryptocurrency.
Comparitech searched the dark web in August 2018 and found that a vendor was selling stolen reward points from more than a dozen major reward programs on the black-market website Dream Market. A review of other dark web marketplaces revealed points from a total of 19 different rewards programs listed for sale.
Miles from popular airlines like Delta, British Airways and Virgin Atlantic were listed for sale for upwards of $1,000. For 100,000 Virgin Atlantic Flying Club miles, one vendor was asking for $884. Another listing offered 45,000 Delta SkyMiles for $884.
According to Comparitech, airline miles when redeemed legitimately are typically valued between one and two cents each, which means 100,000 miles could be worth as much as $2,000. So when it comes to the dark web listings, the stolen miles are being sold at a considerable discount.
How Are Frequent Flyer Miles Sold on the Dark Web?
Fraudsters can sell stolen miles by transferring them to a different user, or by selling direct access to the hacked account.
Once hackers get into someone's frequent flyer account, they can create a new account and transfer the miles there, Comparitech wrote. Then, they can sell the miles to someone else and transfer the balance from their new account.
Hackers can also sell the account's login and password information so a buyer can choose how to use the miles. Whoever buys the account information can transfer the miles out or can use the rewards to make purchases at retailers.
According to Comparitech, buying a hacked account was more common and less expensive.
How Can I Protect My Frequent Flyer Miles?
Frequent flyer mile theft is just another example of how you can be affected when hackers obtain your personal information. Many people monitor their credit scores to look for signs of identity theft, but in most cases, few people think to check their frequent flyer accounts for fraud. One way to monitor the rewards points across multiple loyalty programs is to enroll in a service like AwardWallet, which helps you track your points and book loyalty travel.
Consider these tips to help protect your personal information:
- If your frequent flyer miles have been stolen, that probably means your personal information has been compromised. Checking your credit report and monitoring your online presence is key to making sure no one is using your personal information.
- Protecting your personal information starts with making sure you are using strong passwords and secure websites.
- Use Experian's free dark web scan to see if your personal information is floating around the dark web.
Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.
This article was originally published on October 25, 2018, and has been updated.