Thieves target travel loyalty accounts; here’s how to protect yourself

Travel loyalty accounts are becoming some of the newest targets for cyber hackers. Researchers are finding a growing market on the dark web of people selling and buying hundreds of thousands of miles or points, most of which are likely stolen. These miles or points are then usually redeemed for gift cards and other loyalty rewards that are hard to track. The whole process can take just seconds and the victims of these cyber hacks often do not realize their accounts have been drained of their earnings for weeks or even months after the fact, making it even harder to investigate or recoup losses.

The following tips can help you protect your loyalty account:

Keep your loyalty account information secure
Protect your loyalty account numbers and passwords as you would other financial account numbers. Don’t share copies of your boarding passes on social media as your account number may be printed on the pass. After your trip, shred your boarding passes or itinerary copies, which also may list your loyalty membership numbers.

Use unique passwords
While we all struggle with keeping track of passwords, it is important not to use the same password for each travel account. Also use strong passwords that combine numbers, special characters and letters. Change your passwords, especially if you might be included in one of the many travel related data breaches.

Monitor account balances
With so much email filling today’s inboxes, it’s easy to overlook the periodic emails you may receive that include your account balances, but before you click delete, be sure to take a quick look at the balance to verify the amount is what you think it should be. For loyalty accounts that do not automatically send these notices, set up a schedule to quickly check your balance; the sooner you notice any trouble, the better the chances are that you may be able to recoup any losses.

Immediately react to notices regarding changes to your account
If you receive a notice about a change to an email address or password for your loyalty account that you did not initiate, contact the provider immediately. Do not, however, automatically respond to the prompt in the notice as you need to be on the watch for possible phishing scams. Instead, call the provider using the regular contact number and ask to speak to the security department if they have one.