Blog
/
The Rising Threat of Loyalty Rewards Hacking

The Rising Threat of Loyalty Rewards Hacking

Hackers exploit phishing tactics to drain loyalty accounts, targeting frequent flier and hotel points. Learn how to safeguard your rewards.

Summer is the travel season when people visit new locations around the world. Summer travel always comes with some amount of anxiety and this year, travelers can add one more item to the worry list: cybercriminals targeting their awards and loyalty program accounts, AKA loyalty hacking. 

Hackers around the world are increasingly focusing their efforts on consumer loyalty accounts for high-ticket items like air travel and hotels. By tricking travelers and loyalty program members into revealing their account credentials, cybercriminals drain these valuable points and sell them on the black market. This sophisticated form of cybercrime is becoming more prevalent, affecting thousands of people worldwide.

In this blog we’ll explore this growing crime and how you can protect yourself. 

This sophisticated form of cybercrime is becoming more prevalent, affecting thousands of people worldwide.

How loyalty hacking works

Hackers use a variety of tactics to take over consumers’ accounts utilizing various degrees of sophistication. Some employ broad automated campaigns, while others utilize very specific social engineering attacks, to deceive users into revealing sensitive information. These phishing tactics can take several forms such as:

  1. Spoofed emails: Hackers create emails that appear to come from legitimate airlines, hotels, or other loyalty program services. These emails often mimic official communications with authentic-looking logos and branding.
  2. Urgent messages: These emails include urgent messages, such as warnings about account security or notifications of supposed issues requiring immediate action, prompting recipients to act quickly without scrutinizing the email’s authenticity.
  3. Malicious Links: The emails contain links that lead to fake login pages designed to steal credentials. These pages look identical to the legitimate websites of loyalty programs, making them difficult to distinguish.
  4. Attachments: Some phishing emails include attachments that, when opened, install malware on the recipient's device. This malware can capture keystrokes or take screenshots, allowing hackers to gather login information and other sensitive data.

Of course, accessing accounts doesn’t always require that users give up their access directly through phishing trickery. Hackers can take advantage of unrelated breaches. If you use the same password across multiple services, they can match your email account from one breach to gain access to your unrelated loyalty accounts. This is why it’s crucial to use unique passwords for different services.

Once hackers obtain login credentials, they log into loyalty program accounts, change passwords to lock out the legitimate user, and quickly transfer or redeem the points. They then sell these points on the black market or use them to book flights, hotel stays, and other services, leaving the account holder with significant losses.

Signs that you might be a victim of loyalty program points theft include unexplained changes in your account, such as missing points, altered account details, or unauthorized transactions.

How to know if you’ve been a victim

Signs that you might be a victim of loyalty program points theft include unexplained changes in your account, such as missing points, altered account details, or unauthorized transactions. You might also receive emails or messages about account changes or bookings that you did not initiate.

What to do if you’ve been affected

If you suspect your loyalty program points have been stolen, take immediate action:

  1. Change your passwords: Update your account passwords, ensuring they are strong and unique.
  2. Notify the loyalty program: Contact the customer service of the airline, hotel, or other loyalty program to report the breach and seek assistance in recovering your account.
  3. Monitor your accounts: Regularly check your loyalty and associated email accounts for suspicious activity
  4. Enable two-factor authentication: Add an extra layer of security to your accounts to prevent unauthorized access.

How to protect yourself with Upfort

As the old saying goes, an ounce of prevention is worth a pound of a cure. To safeguard your loyalty program accounts from these phishing attacks, employing advanced email security solutions like Inbox Defender by Upfort is crucial. 

Inbox Defender uses advanced AI to analyze incoming emails for signs of phishing, such as suspicious links or spoofed sender addresses. By identifying and blocking these threats before they reach your inbox, Inbox Defender helps prevent hackers from gaining access to your valuable loyalty points.

Inbox Defender's real-time threat detection and continuous learning capabilities ensure that it adapts to new phishing techniques as they evolve, providing robust protection for your email communications. Additionally, its user-friendly interface makes it easy for individuals and businesses to implement and manage their email security, offering peace of mind in an increasingly digital world. Prevention is the best defense, and using a reliable tool like Inbox Defender is a proactive step to protect your loyalty accounts.

As cybercriminals continue to innovate, the theft of loyalty program points through phishing attacks is a growing concern. Protecting your accounts requires vigilance and advanced security measures. Inbox Defender by Upfort offers a comprehensive solution to keep your email communications secure and your loyalty points safe from hackers.

Sign up for our newsletter

Subscribe