Forget cheaper flights, discounts, and free tickets – loyalty rewards are now targeted by criminals
Cybercriminals also enjoy cheaper flights, shopping good deals, or tickets to concerts. Especially, if they’re all yours
The value of loyalty programs is often underestimated. They are not typically associated with high fraud risk because they rarely involve money transactions. However, the value created by these programs is appealing for cybercriminals.
“Thinking that we are getting something for free weakens our efforts to protect accounts of loyalty programs we participate in. Some loyalty programs provide tangible benefits, like gift cards, products, cheaper flight tickets, or tickets to theme parks or concerts. These are assets that have concrete financial value and they are targeted by cybercriminals,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
Loyalty program fraud comes in many different forms. For example, new account fraud is one way criminals use to benefit from companies welcoming new customers with bonuses they get after creating an account. Fraudsters may use this incentive to their advantage by creating fake accounts — often using information about real people — to claim these bonuses.
Nevertheless, there are more serious loyalty fraud types. For instance, account takeover involves fraudsters breaking into legitimate accounts and stealing customers’ points to buy products or withdrawing them as cash into the criminal’s account. Usually, account takeover attacks involve using social engineering techniques, like phishing emails, calls, or texts, to gain unauthorized access.
“Often, cybercriminals aim to sell their catch. In 2018, a cybercriminal stole millions of frequent flier miles from various global loyalty programs and sold them on the dark web. The miles from companies like Delta, British Airways, and Virgin Atlantic were bundled and sold in batches for $1,000 or more,” Warmenhoven says.
How to protect yourself from loyalty fraud
To prevent loyalty program fraud and avoid serious consequences, Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, advises to take these steps:
- Create strong passwords. Make sure your passwords are at least 12 characters long, with a good mix of characters. Don’t use common words because they’re the easiest to guess. If you’re running out of ideas for strong passwords, consider using a password generator or a password manager, like NordPass — it’ll create difficult-to-crack passwords for you.
- Avoid using public Wi-Fi. Public Wi-Fi in places like cafes, airports, restaurants, and hotels often doesn’t have the best security measures. Cybercriminals may target these public hotspots to eavesdrop on your connection or steal your data. If you need to use public Wi-Fi, make sure you connect to a VPN first to protect your internet traffic from snoopers and hackers.
- Keep an eye on your rewards. If you’re a member of a loyalty program, log in regularly to check your rewards and balances. By keeping an eye on your account, you’ll be able to spot suspicious activity quickly and take immediate steps to secure your account.
- Beware of phishing attempts. Loyalty program fraudsters may send phishing emails urging you to take action (like using points that are about to expire). Carefully review every email you receive and look for signs of a phishing attack. Don’t click on any links or attachments unless you’re sure the sender is legitimate.
- Stay away from scam websites. Scammers and hackers may set up scam websites to steal your login info, financial data, or rewards. Consider using NordVPN’s Threat Protection Pro to avoid entering scam sites. This feature blocks unsafe websites and shows you a warning instead.