Stolen frequent flyer accounts and rewards points are a hot commodity on the dark web, according to a study by Comparitech.
Looking at listings on Dream Market, Olympus Market and Berlusconi Market, the research firm found that dark net prices of stolen frequent flyer miles are resold “at a fraction” of their real-world value.
Airlines points are typically worth between one and two cents each, according to the Comparitech article, bringing the value of 100,000 miles to US$1,500-US$2,000.
This is compared to US$884 for 100,000 miles under the KrisFlyer, Emirates Skywards, ANA All Nippon and Asia Miles programmes, accurate at the time of Comparitech’s research.
Stolen miles are used for retail redemptions, resold to grey market mileage brokers, or exchanged for rewards such as flight upgrades, which are then sold on to unsuspecting customers on websites.
Unlike with flight purchases, “members are not required to enter a password or PIN number when spending points at retailers, and retail staff often don’t ask for an ID”, the article states.
It is this lack of verification that has made frequent flyer miles a profitable target for hackers and thieves.
“And because most of us don’t use or check our frequent flyer accounts very often, the theft can go unnoticed for months”, according to Comparitech.
While it’s against the terms of service for most rewards programmes, points are sometimes resold by grey market mileage brokers, who typically buy unused points and use them to get business- and first-class upgrades and other bonuses for their clients, stated the article.
Hackers steal miles by breaking into personal accounts. They obtain credentials through various ways, including breaching a data server or phishing individual account holders.
To prevent miles from being stolen, Comparitech has the following recommendations:
– shred your boarding pass after a flight
– never post a photo of your boarding pass online
– use a strong and unique password for your frequent flyer account.
– monitor your account for suspicious activity
– don’t put your airline account number on a baggage tag
– avoid using public Wi-Fi to access your account