Have you checked your frequent flyer miles lately?
Loyalty points and frequent flyer miles might not seem like obvious targets for cybercriminals, but think again.
Miles and points are currency, as they can be used for many real-world transactions such as flights, shopping, gift cards and even cash. Connexion Loyalty estimates that the loyalty points accrued in the U.S. have a combined value of $48 billion.
Part of the problem is that many loyalty program sites don’t have the same levels of built-in security that protect bank accounts or other online accounts. But account-holders sometimes don’t help themselves, because they use weak passwords and PINs which can be quickly and easily cracked by professional hackers.
As if that weren’t enough, there’s the ever-present danger of email phishing. This not only puts your points at risk, but also any personal information you have stored in your loyalty accounts, such as credit card and trusted traveler numbers. The modus operandi is usually simple: you get a bogus email claiming to be from an airline, hotel, or travel agent asking you to verify your account information, perhaps to claim a prize. You fall for it, enter your credentials, and the thief gets access to your points and your personal information.
If you’d rather hang on to your points, here are a few tips to help you.
- Vigilance is critical: Monitor your loyalty accounts, and the data associated with them, as carefully as you manage access to your bank accounts. Check your balances regularly and report any suspicious transactions.
- Choose strong and unique passwords and change them regularly: Password managers such as LastPass can help with this.
- If the website offers two-factor authentication, sign up: It adds steps to the login process but offers greater security. There are different types; for example, you may be asked to create security questions you must answer in order to access your account.
- Take care with communications: If you are contacted by email or SMS and asked to validate an account or reset a password, be suspicious.