Is Your Award Flight A Flight To Nowhere? Keeping Your Frequent Flyer Miles Safe

January 5, 2024


With all of the concerns about having your identity and financial data hacked, cyber criminals have been silently chipping away at something not on most people’s radar. Hackers are reportedly siphoning frequent flyer loyalty club miles from traveler accounts and then selling them to the highest bidder on the dark web. As we’re literally traveling for the holidays and down the information super highway, all the signs are pointing to the fact that if there’s a buck to be made with any type of cyber thievery, a hacker has already thought of it. Such is the case with airline travel and the perks that go with it, known as travel hacking.

A recent study by Comparitech takes a closer look at travel hacking and just how it’s done. Hackers transfer stolen airline miles into another commodity like gift cards for local merchants such as restaurants, rental cars, and hotel upgrades. Using airline miles for flights and hotels requires identification that hackers and those who purchase the points on the dark web can’t provide, so it’s much easier to make bank by turning those miles into something anyone can use. Although points can be resold for what they are on the black market, point values fluctuate depending on the airline, with the average price being one to two cents per mile. A purchase of 100,000 flyer miles retails on the dark web for about $1,500 in Bitcoin, with Delta SkyMiles and British Airways as the two most popular travel hacking resale points.

At the core of travel hacking is the lack of security inherent in the rewards systems. Whether it’s a data breach or an email phishing attack, login credentials are easily stolen–especially with accounts not using multi-step verification for identity purposes. Along with poor verification protocols, the fact is most travelers don’t keep a close eye on their travel points, especially if they travel infrequently. Most airlines have rules against selling miles, but not against giving them to friends or family members. Without strict enforcement of those rules, airlines often find the difference between selling and giving points is blurred and therefore much easier to overlook.

Keeping your travel miles as safe as can be requires regular monitoring of your account, much in the way we now know to regularly check our credit reports for suspicious activity. Vigilance may be the first step, but there are other ways to back that up that careful monitoring.

- Don’t take a pass on passwords. Keep those travel rewards where they belong by using unique, long passwords that change on a regular basis. There’s always the option to use a password manager for help. Just keep in mind that if your password manager account is breached, so are all of your passwords. That said, using one of those is better than using the same password for multiple accounts.

- Never use email to store or send account numbers or passwords to someone who legitimately needs access to them. Emails get hacked, so it’s always safer to pick up the phone and give the information directly to the intended recipient.

- Don’t toss your boarding pass. Shred it to bits after you’ve confirmed your loyalty points. The bar code on boarding passes contains a wealth of information, including your frequent flyer account number.

- Consider using apps that keep all your travel data handy and alert you to any changes in your account. Just do the research to find one that is legitimate before downloading and never sideload. Get those from the official app store.

- Don’t let your luggage tag give you away. Leave your frequent flyer account number off of the tag–the less your account number is put out in public viewing, the safer it will be.

Stickley on Security