Travel
Hackers are stealing travel and loyalty points. Here’s how to protect your hard-earned miles and rewards.
As the holiday travel season gets underway, you could risk losing hundreds, or even thousands, of dollars.
Experts warn that hackers are increasingly going after your hard-earned loyalty points and frequent flyer miles – cashing them in or reselling them on the dark web.
Considering how common data leaks have become, scammers can more easily access your login credentials and empty out your rewards balance than before, according to the personal finance website Bankrate.
Corrine Macauley reaps the rewards of her near-constant travel for work. She jokes she values her frequent flyer miles as much as the money in her bank account.
“That is one benefit of sleepless nights in hotels and getting home at two in the morning is at least I get the points and miles,” she said.
So when she received an email that the password on her American Airlines account had suddenly been changed, she knew she’d been hacked and feared the worst.
“Panic,” she recalled feeling. “I immediately thought, ‘Oh my gosh, the next step is they’re going to empty out my account.'”
Macauley said she quickly got on the phone with the airline and a representative was able to transfer her 200,000 points – holding a value of roughly $2,000 – to a new account before any damage was done.
“You’re lucky you called right away,” Macauley said the representative told her over the phone.
Experts like Clint Henderson, the managing editor of the popular travel site, The Points Guy, warn loyalty accounts can be easy targets. He learned the hard way when he discovered hackers had drained more than 400,000 miles from his American Airlines account.
“These programs are super valuable. Points and miles are the same as cash in many cases,” Henderson said. “The criminals have gotten smart, they are able to book trips, take those trips, and drain the accounts before the consumer is even aware of it.”
Hackers spent his miles on luxury car rentals, according to Henderson. But after a week and a lot of paperwork filed – including a police report – Henderson was eventually fully refunded.
His advice? Change your passwords.
“Learn from my mistakes,” he said. “Don’t use a password from the 90s for your accounts – they probably should be changed at least once a year.”
Henderson said more companies are also implementing two-factor authentication to log in – where you need a code sent through an email or a text before you can gain access to the account.
Experian warns any rewards program with points or miles that can be redeemed for cash, gift cards or something of value could be a target, including frequent-flier, hotel loyalty, gas station rewards, dining and supermarket rewards and retailer rewards programs.
Have a consumer problem you want us to look into? CBS New Philadelphia is in your corner. You can email Josh at josh.sidorowicz@cbs.com.