Leave a comment

Hackers targeting your frequent flyer miles

Hackers targeting your frequent flyer miles

There isn't a much scarier thought than having your personal or banking information stolen. It doesn't even feel safe to go to the grocery store anymore with all of the data breaches that have been discovered recently.

Keeping your credit card details safe is getting harder and harder. Cybercriminals are trying to steal your information no matter where you use your card. In the last year, we've seen attacks on restaurants, retail stores, hotels and even hospitals.

With that in mind, banks made the move to EMV (Europay, MasterCard, and Visa) cards, a.k.a chip-equipped cards. EMV chips are intended to make it a lot tougher for criminals to steal your information, and to exploit retailers' payment systems.

Stronger banking security has led cybercriminals to look for victims in unconventional places. A recent "Wall Street Journal" article says that thieves are now targeting your frequent-flyer miles. We checked into it and it turns out to be true, this is really happening.

Stolen frequent-flyer miles

When I think of cybercrime, stolen airline miles isn't the first thing that comes to mind. However, as we become more aware of traditional digital threats and strengthen our security, thieves are looking for less secure places to steal from. Hence the world of stolen frequent-flyer miles.

The worst incidents were reported last year when frequent-flyer miles were stolen from customers of American and United Airlines. Only about three dozen accounts with United had miles stolen. American Airlines wasn't as lucky, as nearly 10,000 customer accounts were compromised.

The cybercriminals didn't actually breach the airlines' databases or servers. They were able to steal credentials from other sites and found those account holders were using the same passwords for their mileage accounts.

Thieves who got their hands on these miles were able to use them to book vacations, car rentals and other mileage transactions. Both American and United Airlines said they would restore the stolen miles to affected accounts.

In response to these types of attacks, United Airlines changed its security practices. It used to have customers use a four-digit PIN instead of a password to log in. They changed to passwords along with having customers answer questions from a pull-down menu.

United called its new security procedure a two-factor authentication system when in reality it doesn't use a second-device backstop check. United says the typical two-step authentication process wouldn't always work for travelers because they wouldn't get a text message while on an airplane.

Some people have complained about United's security as being too easily defeated. The airline is looking into implementing even better security.

Next page: Don't make these frequent mistakes
Sponsor: 5 safety tips for living by yourself
Previous Tips

Sponsor: 5 safety tips for living by yourself

My mom was almost rental-scammed
Next Tips

My mom was almost rental-scammed

View Comments ()