With the summer vacation season approaching, scam scams targeting airline mileage or hotel reward points are rampant, so caution is required.
According to the related industry, scammers steal miles or points from consumers’ loyalty program accounts and trade them through the dark web, a black market.
For example, when a consumer receives a phishing email purporting to be from an airline such as Southwest and clicks the attached link, they are prompted to log into their account with the airline.
When consumers log in by entering their username and password, they are connected to a fake website disguised as an airline website, and their personal information is stolen. Fake site addresses disguised as airline websites often end in .org.
Fraudsters resell the stolen miles in a way such as “American Airlines 1.5 million miles sold for $500.” Some scammers have the audacity to set up fake online travel agencies themselves to trade miles and points.
In addition, some fraudsters steal mileage by directly accessing the airline account with the customer’s username and password obtained through other routes. It is abusing the fact that many consumers repeatedly use the password they use in one account for their airline account. Besides, the method is different.
Scammers have been known to use robocalls to fake bonus miles from airlines such as Air Canada and WestJet, and online travel agencies such as Expedia.
When a consumer who answers the phone presses a key such as # to receive bonus mileage, a scammer disguised as an agent answers the phone and asks for detailed account information.
Airlines and security experts recommend carefully checking the website address (URL) for ‘https://’ or ‘lock symbol’ indicating that the site is encrypted to prevent theft of airline mileage or hotel reward points.