It was a dark and stormy night. I was just about to call it a day when she walked into my office, closed the door, looked frantically around her as if she was expecting the walls to close in and said, “It’s about my frequent flyer miles. I’m in trouble. Big trouble. The kind of trouble you can’t tell your mother about, the kind of trouble you can’t tell your father about and it’s sure not the kind of trouble you can tell your husband about.”

I was hooked, lined and sinkered. She was a redhead, but not just any redhead. She knew a thing or two about frequent flyer miles. Yeah, she was a dame right up my alley — or should I say — runway.

How far will you go to get miles?
We’ll fill you in on a few cautionary tales of how far some people will go to get free flights and look at legitimate, but what some might call extreme, ways to get miles. We’ll also give you tips on what you can do to protect your miles, and your identity, when traveling.

Bars and Miles
(And We Aren’t Talking about Booze or Snickers)
A recent case in England, reported in the Guardian, showed that even police officers can take a walk on the dark side when it comes to frequent flyer miles. A constable discovered a loophole in a grocery store’s club card program that enabled him to accrue 75,000 points in just two months that he converted to British Airways miles. He was subsequently convicted of fraud and may lose his job. Seems he discovered that coupons for the loyalty points could be used repeatedly because there was no barcode reader in the slot for the coupons on the self-service checkout machines — so, he made 154 transactions from December 2005 to January of this year and collected enough points to fly roundtrip six times between London and New York before the store’s computer flagged that there was a need for a security check. During one promotion for Bird’s Eye meals, the police officer bought 759 of the cheapest meals and got almost 38,000 points converted to miles. When his scheme was discovered, he claimed that he had planned to highlight the loophole to the grocery store and the transactions were meant to be examples of the problem. The judge in the case said that his claim was “preposterous” and added, “You were so greedy you would do virtually anything to obtain Clubcard points and turn them into air miles. You regularly traveled abroad and that is what attracted you.”

Another story, this time from Australia, concerns a man who was sentenced to six months in jail for fraud. He had been a customer services supervisor with Singapore Airlines and for almost seven years took advantage of a computer software loophole that allowed him to steal points from nine different frequent flyer programs. He managed to collect 1.76 million frequent flyer miles without ever flying himself — he cashed in by selling the miles to family and friends. The scam was eventually detected by Air New Zealand and he was found guilty at the Victoria state county court of nine counts of obtaining financial advantage by deception.

One Traveler’s Story
We talked to a frequent business traveler whose experience of stolen miles and points turned into a nightmare that lasted for months. Someone was able to hack into two of his accounts and book airline trips and hotel stays using miles and points. Not only was the hacker able to access the accounts, but he also was able to book reservations and charge fees to the credit card that was linked to the account.

The business traveler first became aware that something was amiss when he noticed that someone had made reservations through his frequent flyer account to fly to an exotic island. He cancelled the reservations, but was still charged the cancellation fees. He spent hours on the phone with the airline and hotel to get the situation resolved and described the companies as being in a “state of confusion.” There was no fraud or security department he could be referred to and the customer service representatives at the 1-800 numbers didn’t have answers for what steps he should take. It became apparent that the airline and hotel did not have policies or protocols to deal with hackers and mileage/points theft.

At the airline Web site, the business traveler was actually locked out of his own account. The hacker was able to answer the security questions with information listed in the person’s account to change the password, questions like “What’s your address on file?,” “What’s the last flight you took?” and “What’s your primary method of earning miles?” Even changing his password every day at the hotel’s Web site didn’t prevent the hacker from continuing to access his account information and book reservations. Not only was the hacker using miles and points, but he also knew where the person was flying and staying for the night — something that would certainly be disquieting for anyone.

The hacker left a name and e-mail address when he booked hotel reservations and they were able to do a search at the airline for a passenger with the same name and e-mail. It turned out that the hacker had purchased an airport lounge membership with the airline but had never actually flown. There was speculation that the hacker obtained lounge access to target the large mileage accounts of lounge members.

Eventually, the business traveler was transferred to people who were able to resolve the problem, some of whom he said were “incredibly helpful.” The airline said they would contact law enforcement officials to try to track down the thief, but he doesn’t know if the person has been caught. Currently, he has to fly under an alias at the airline the hacker targeted and is unable to use the check-in kiosks — which has made him much less likely to choose to fly that airline. He changed all of his financial information and it looks like the hacker has moved on. Through the whole ordeal, he found that few security measures are in place to prevent hacking and the ones that do exist are ineffective.

Because of this experience he has become more aware of the ways in which a person can become a target. He mentioned that the travelers he’s seen with one-million-mile luggage tags are advertising how many miles they have. He even noticed one person who had a million mile tag with a business card that listed his company name and e-mail. A thief looking for a miles-rich account would zone in on someone like that in a heartbeat.

Miles and Points Security
Although not every program responded to our questions regarding the safeguards in place for their members’ miles, we were able to speak with some. The general consensus is that the security measures in place are effective and there are few occasions when hacking has been an issue. As long as a member safeguards their PIN, their miles should be safe. The members need their PIN to access their account information online and sometimes when calling the service center, and if not, there are other security questions in place when calling to confirm the identity of the member.

We should point out that not all miles/points security is equal among the programs. Some programs have a dedicated team that monitors fraud or misuse on a full-time basis while others do not.

Historically, the programs have had more problems with internal mileage theft and have put systems in place to prevent employees from taking miles, mostly from inactive accounts, by internally restricting views of the accounts and through other measures.

From a customer service standpoint, the programs want to ensure that it is easy for a member to access their PIN if they’ve forgotten it. This is easy if the person has a current e-mail on file, if not, the member has to wait for the PIN to arrive by mail. That is why some programs ask members for key information in order to effectively offer immediate help when someone has forgotten their PIN — but with these types of questions, the electronic security has to be up to the task of protecting that information.

We expect programs to be vigilant in guarding members’ miles or points and so should members guard their PIN from others they know who might take advantage of the information. We’re sure that the programs have all heard from the occasional member going through divorce who has lost some miles to their soon-to-be ex. And, as always, everyone should make sure that the number you choose for your PIN is not an important number such as your date of birth. We’ve all heard that you should change your passwords often, but we rarely do. Keep in mind, it’s not about what password you’ll remember easily, it’s about security.

Strangers on a Plane
According to an unreleased Harris Interactive Survey, 35 percent of consumers with wirelessly-enabled laptops use them at the airport and 12 percent use them on the plane. And with several airlines looking to offer wireless connections on flights, the number of people using their laptops on the plane will certainly increase. This means that flyers will face the threat of hackers even at 35,000 feet. Hackers use computer-to-computer networks to gain access to victim’s computers — no Internet connection is necessary. According to a report by Symantec Internet Security, the most common threat facing travelers who use their laptops in flight is that their computer may become infected with viruses, bugs or worms. But there is also the threat of identity theft, and the more wireless-enabled devices in a confined space, the more significant the risk. You should not have important information such as bank information, social security or credit card numbers, or anything else you would not want a thief to see on your Blackberry, laptop or any other wireless device. And use caution when using wireless networks at the airport — it’s possible for hackers to create dummy wireless connection points with real-sounding names — do not be tricked into giving passwords, credit card numbers or other confidential information.

Final Cautionary Tale
While researching for this article, we heard from a frequent traveler, Ari Magedoff, who had this to say about guarding your miles. His concern matches closely with our advice to be on guard when frequenting airport lounges:

I have noticed in Delta Crown Room Clubs that a number of individuals use the public computers available in the lounges. On any given day, you can double click in the input box where you enter your SkyMiles number on Delta.com and see a drop down list of quite a few frequent flyer numbers. Of those, I would say half have saved their PINs to that computer as well. This pretty much gives people free access to their accounts. And when people can book online award travel, someone could be halfway across the world before it is even figured out that they have used someone else’s miles to get there.

Also, for those who don’t necessarily save their information, they may get up quickly and leave their account open which is just as bad.

I think being mindful of public computers, especially those in airline lounges, is particularly important. It leaves frequent flyers quite vulnerable and it is not like the lounge staff is going onto these computers everyday and making sure that information is deleted.

True Confessions of Extreme Mileage Quests
We finish up our tour of Miles Metropolis on the sunnier side of the street — well, mostly sunny — there are some rather cloudy areas. Below is a listing of a few of the ways in which members have gone out of their way to add to their mileage/points balances. Yes, these people by their own admission might be a bit crazy and their methods might be a bit questionable, but the end result is often one very happy frequent flyer.

“I can’t believe I went with purchasing my wife’s engagement and wedding rings online through an airline portal, just to get more miles,” one traveler told us. But he continued to say that she loves the ring, thinks it’s “perfect,” and that he was amazed at the customer service, quality and price he got. “But still, when I first went looking, I was mostly torn between crediting AAdvantage or OnePass and dismayed that I couldn’t credit WorldPerks from bluenile.com.”

Another frequent flyer had this to say after telling us of his extreme mileage run, “What’s more amazing, though, was that when I got to the transfer gate at Gatwick, the guys there immediately knew I was on a mileage run when they found out I’d just come off a flight from DFW and was immediately returning. I guess it’s not that unique, after all!”

This frequent flyer had this to say about his segment run to retain elite status: “Gold Elite had been secured, although my sanity was still very much in question.”

Here’s a good excuse to sell your car: “I rented an Avis car last year almost every weekend for the last 35 weeks of 2006, as part of a promotion for the 25th Anniversary of the AAdvantage program. I earned well over 100,000 miles in doing that.”

A miles-savvy shopper mentioned that he’d bought his last four cars with a credit card to get miles. “Two years ago, UA was offering a Chrysler/Jeep 70,000 mile bonus…so a Cherokee benefited me over 100,000 miles.”

“I bought $600 worth of cheese and donated it to a local homeless shelter. Got me 100,000 miles and a tax deduction.”

Another frequent flyer had this to say about his lucrative, but somewhat “gray area” gift card mileage earnings that required him to buy the cards using multiple addresses and make lots of phone calls and trips to the bank. “They finally cut this off after a Wall Street Journal article (thankfully) or I’d still be at it.”

“$1,800 in magazine donations to my local library turned into 250,000 AA miles, plus a nice tax break!”

And this from FlyerTalk, “I’ve known incidents where friends were so upset with other friends not getting miles that they signed the friend up for an airline program, traveled with the friend, the friend earned miles unknowingly, then transferred the miles into their own account via Points.com all without the friend ever knowing it. But this is a risky business that many should not get into.”

And another “friend of a friend” story from FlyerTalk: “A friend’s brother lost 450,000 miles and Star Alliance Gold status for selling lounge passes on eBay.”

“I had to use a spreadsheet to keep track of all the various long distance accounts I set up just for miles.”

An example of getting miles the hard way: “Since the beginning of the year, my coworker has eaten at the nearby bowling alley at least every weekday to get his qualified dines.”

A long-time InsideFlyer reader was able to earn miles through a Diners Club promotion wherein he earned miles with every new, accepted Diners Club card applicant who used the direct link from his Web site. “Bottom line, over the course of a year, I earned a little over 1.5 million miles.”

And from a self-confessed mileage junkie, we heard a confession that started like this: “I recruited 20 rice farmers and handicapped people from Northern Thailand to fly…” Enough said.