Select Page

In honor of my Caught Dead in Wyoming mystery series, my assistant Kay Coyte is writing for my newsletter and blog a series of consumer tips inspired by TV reporter Elizabeth Danniher.
– – – – – – –

It’s the time of year when many of us look forward to visiting faraway friends and family for the holidays. Some may have been saving airline or hotel points to buy multiple flight tickets or suite-sized lodging.

So you can imagine how it might feel when you check your reward points balance – and find it at zero. It can happen to anyone – even one of AARP’s Fraud Watch Network reporters, a frequent traveler who lost 140,000 hotel points. Her story was part of an NBC News report last month detailing how loyalty reward programs have become a “goldmine” for hackers.

The thieves rarely book flights or rooms, but instead buy gift cards or merchandise to use or resell or sell the stolen goods via an anonymous “dark web” to other criminals. “Crooks talk to one another and the word is out that they can make easy money very quickly this way,” Swiss-based Peter R. Maeder, co-founder of the Loyalty Security Association, told NBC. “And there’s not a lot of danger of being caught.”

The credit-reporting company Experian last year reported this trend, describing in detail how recent data breaches have made reward programs an easy target. Information gleaned from bank, store or credit card accounts – passwords, user IDs, addresses, etc.  – are used to gain access to a reward program, which may not have the same security defenses as its parent company. And though you may be diligent in checking your credit cards or bank for suspicious activity, how many times have you peeked at that Delta or Hilton account to see if your points are still there?

Other criminals get information through “phishing” emails. These are increasingly sophisticated, perhaps even mimicking the logos and URLs of your reward program, and they’re tailored to trick you into providing your login or other personal information.

How to safeguard your points and miles? Here are three suggestions from Nerdwallet and two from NBC:

    • Keep different passwords for different accounts.
    • Know your rewards balance. If you see anything unusual, contact your issuer.
    • Beware of phishy emails. If you get an email that raises a red flag, call the company directly, not from a number in the email. And don’t click on a link. Ever.
    • Use two-factor authentication when offered (note: few airlines do).
    • Safeguard your frequent flier or loyalty account number by shredding boarding passes and hotel invoices after your trip. And don’t put personal information on your luggage tags.

– – – – – – –

You can search for ongoing scams or report one to AARP’s Fraud Watch investigators here.