Having recently been through the blackout-dates-and-hidden-fees cycle with my airline miles, I’ve grown fond of those credit card commercials that boast about saving me from that trouble. “Any flight, any airline, anytime,” the movie star purrs, and I want to believe her.
As it turns out, though, those restrictions aren’t the only headache associated with airline miles and credit card rewards. Just when you thought there couldn’t possibly be any more types of identity theft emerging, hackers are now trying to swipe your miles and points. Maybe the tagline for these attacks should be, “Any rewards, any cards, anytime.”
Although less-obvious types of identity theft like criminal theft or medical theft may have more dire consequences, losing miles and points still puts you at risk. Not only do thieves take whatever cash or miles you’re owed, but they can also use the information to get more details on you — which can lead to additional identity theft attacks.
Here’s How It Works
Some hacks involve cracking into big systems (for example, Starwood’s Preferred Guest Program, Lufthansa and British Airways have all been hit by breaches). But scammers looking for points and miles often prefer a more traditional approach: phishing.
Thieves send out phishing emails that look legitimate and may include invoices or vouchers for fake tickets. These attachments usually have embedded malware that can get into a user’s computer once the attachment is opened.
Unfortunately, thieves are also having luck with simply asking for user names and passwords, and then directing email recipients to fraudulent websites designed to capture information. In some cases, the thieves will take the user names and passwords and try them on numerous credit card and bank sites. Since people tend to use the same identifying details across multiple sites, there’s a chance they could unlock multiple accounts.
Even more modest reward programs can be a target. Starbucks recently reported that hackers had obtained customer user names and passwords for gift cards. Tapping into the users’ stored payment information, the hackers purchased new gift cards, then sold them.
Whether you’re still collecting enough miles just to get a ticket home for the holidays or you have thousands of dollars racked up in cashback rewards, it’s important to stay on top of all types of credit card fraud.
Be sure to check your credit reports frequently for suspicious activity, but also take the time to look through statements detailing your rewards and miles. Also, update your passwords so they’re unique for each site, even seemingly minor sites like those listing your airline miles. Remember, any information an identity thief can acquire to piece together a profile of you can be used in multiple types of identity theft.
Catching a thief early may prevent other types of credit card fraud and in-depth attacks in the long run. Now, that’s a real reward.
Image courtesy of StockMonkeys.com.