woman using smartphone

In airline mileage theft, perpetrators illegally access and exploit individuals' frequent flyer accounts to steal accumulated miles or points. This type of fraud can result in significant financial losses and inconvenience for victims. Your points have monetary value, and their theft or misuse is a crime.

Criminals employ various tactics to steal airline mileage points, exploiting vulnerabilities in the system. Here are some standard methods:

  • Phishing: Criminals send deceptive emails or messages pretending to be from airlines or loyalty programs. These messages often contain malicious links or attachments. When users click on these links or provide their login credentials, the criminals gain access to their accounts and can transfer or redeem the points.
  • Account Takeover: Criminals can directly access an account by obtaining a user’s login credentials (through phishing, data breaches, or other means). Once inside, they manipulate the points balance, redeem miles, or transfer them to other accounts.
  • Social Engineering: Criminals may impersonate airline representatives over the phone or via email. They convince users to share sensitive information, such as account details or verification codes, under the guise of account security checks or promotions.
  • Insider Threats: Employees working for airlines or loyalty programs can misuse their access to steal points. This could involve altering account balances, transferring points, or selling them on the black market.
  • Malware and Keyloggers: Malicious software installed on a user’s device can capture login credentials, including frequent flyer account details. Keyloggers record keystrokes, allowing criminals to obtain sensitive information.
  • Data Breaches: When airlines or loyalty programs suffer data breaches, user information (including login credentials) becomes vulnerable. Criminals exploit this data to access other accounts where one has used a similar email/password combination and no multifactor authentication.
  • Third-Party Services: Some third-party services promise to help users manage their points or find better deals. However, some of these services may be fraudulent and steal points instead.
  • Unauthorized Activity: Check your frequent flyer account regularly for any unauthorized transactions, such as bookings or redemptions you didn't make.
  • Missing Miles: If you notice a sudden decrease in your mileage balance without any explanation, it could indicate that your account has been compromised.
  • Strange Communications: Be cautious of email, text or social media messages claiming to be from the airline or loyalty program and asking for personal information or login credentials. These could be phishing attempts to steal your account details.
  • Unexpected Changes: Any unexpected changes to your account information, such as password resets or profile updates, should be investigated immediately.
  • Use Strong Passwords: Create strong, unique passwords for your frequent flyer accounts and enable two-factor authentication if available.
  • Beware of Phishing: Be cautious of emails, text messages, or phone calls asking for your account information or login credentials. Verify the legitimacy of communications by contacting the airline directly through official channels.
  • Monitor Account Activity: Regularly monitor your mileage balance and transaction history for any suspicious activity.
  • Update Security Software: Keep your devices and security software up to date to protect against malware and other cyber threats.
  • Secure Personal Information: Avoid sharing personal information, such as account credentials, with anyone or on unsecured websites.
  • Enable Multi-Factor Authentication (MFA): Use MFA whenever possible to add an extra layer of security
  • Contact the Airline: Immediately contact the airline's customer service to report the unauthorized activity and request assistance in recovering your stolen miles.
  • Provide Documentation: Be prepared to provide documentation, such as transaction records and account statements, to support your claim of mileage theft.
  • Change Passwords:  To prevent further unauthorized access, change the passwords for your frequent flyer accounts and any other accounts associated with similar login credentials.
  • Follow Up: Stay in contact with the airline's customer service team to track the progress of your case and ensure that your stolen miles are returned to your account.

References: