Hackers Have A New Target: Your Frequent Flyer Miles

Hackers Have A New Target: Your Frequent Flyer Miles

Credit card account information, social security numbers, and drugs aren’t the only hot commodities on the dark web. Increasingly ill-gotten frequent flyer miles are in demand.

That’s according to Comparitech, the U.K. based researcher that reviews consumers products. In August it sifted through half a dozen illegal marketplaces online to get a sense of how much frequent flyer miles are worth. Their findings: there is a robust black market for the rewards, commanding in some case around $1,000 or more.


Delta, British Airlines Points Commonly Listed

Comparitech pointed to one dark marketplace On Dream Market as an example. There you can purchase rewards points from more than a dozen different airline rewards programs such as Emirates Skywards, SkyMiles and Asia Miles. One person was selling 100,000 miles from a slew of different rewards programs starting at $884. Comparitech figured it was originally priced at $1,000 but with declines in the value of bitcoin in August, it’s under that. “It’s fairly easy to get away with, ” said Paul Bischoff, editor of Comparitech in an email interview. “In many cases, the theft will go unnoticed for months since most of us don’t check our frequent flyer accounts that often. “

According to Bischoff, across all of the marketplaces Comparitech studied, Delta SkyMiles and British Airways Miles were the most commonly listed. Purchasing 100,000 British Airways Executive Club miles will set you back $884 but 200,000 regular British Airways Miles only costs $45. For 45,000 Delta SkyMiles, it cost $884 on the dark web while 2,000 miles were going for $31. “Both of these companies suffered data breaches in 2018, so it was easy for hackers to target customers with phishing emails and other sorts of attacks in order to steal their account passwords,” he said.

Airlines miles from international programs tend to fetch higher prices based on Comparitech’s research compared to domestic programs. That may be because U.S. based airlines have stronger anti-fraud systems in place compared to their overseas counterparts. It could also be because the primary market for stolen points is international. Still, Bischoff said prices for the miles seem to be based on seller preference more than supply and demand. Buyers purchase in bitcoin or Monero, two popular cryptocurrencies, so the actual price could fluctuate. Comparitech noted that one airline point is equal to between one and two cents. That means 100,000 miles is worth $1,500. “Across the board points sold for roughly half of their real-world value on the black market,” said Bischoff.

Hackers Cash Them In For Gift Cards

Stealing airline miles may not seem like it makes sense. After all, you need proof of ID to cash them in for travel. But what the bad guys are doing is redeeming them for gift cards that can be used at a slew of different retailers, said Comparitech. There are no ID or PIN requirements when spending the points and retailers don’t ask for IDs either. That makes it easy for criminals to steal and use the points. Last year Air Miles, the Canadian rewards program warned members that thieves stole cash miles and used them to purchase products in stores. Air Miles, at the time, halted the ability to cash in miles for gift cards as it investigated the issue.

In addition to redeeming miles for gift cards, there is a grey market in which brokers will purchase unused airline miles with an aim of getting business and first class upgrades, noted Comparitech. Bad actors are getting ahold of the miles by hacking into the personal accounts of reward program members. That can be achieved via a data breach of a server or a phishing scam in which the individual unwittingly hands over the digital keys to his or her castle. For the victims, there is little recourse. Once the miles are stolen they are gone unless the airline or reward programs choose to refund stolen points.

For frequent travelers who rack up miles and don’t want them falling into the wrong hands, Comparitech said there are a number of things they can do to protect themselves. For starters, shred your boarding pass after a flight and never post a photo of your boarding pass online. Sure you’re legions of followers want to know you are traveling but they don’t need to see the proof on social media.

Boarding passes often have frequent flyer numbers printed on them making it too easy for the hackers. Comparitech also urged consumers to use strong passwords for their frequent flyer account and monitor it for anything suspicious. If you are accessing your account, avoid doing so on a public WiFi, a haven for hackers. As to whether or not airline rewards thefts increase in frequency in the future, Bischoff said the answer lies in the hands of the companies. “ It’s up to them to better secure their systems and detect fraud,” he said….Read More>>>



Source:- forbes