Are Thieves Stealing Your Frequent Flier Miles

Discussion in 'General Discussion | Miles/Points' started by sobore, Aug 24, 2012.  |  Print Topic

  1. sobore
    Original Member

    sobore Gold Member

    Messages:
    12,421
    Likes Received:
    33,847
    Status Points:
    16,520
    http://www.huffingtonpost.com/george-hobica/thieves-frequent-flier-miles_b_1822509.html

    When was the last time you changed the password and user name for your frequent flyer account? If you're like most people, it was probably on the 12th of never.
    Miles are like money, and that's why, as this report explains, thieves and scam artists are stealing miles from unwary consumers' accounts, spending them on flights, selling them, or using them for other nefarious purposes.

    Whether you have 25,000 miles or 250,000 or 2.5 million, you need to protect them.
    What's amazing is that some people, for example those signed up for United's MileagePlus program, only use an account number and a four-digit pin code to get into their accounts. If someone gets hold of your boarding pass with your frequent flyer account number on it, how hard is it for an experienced hacker to work through the possible four-digit combinations to get into your account? It's probably the easiest password combination to figure out. So be sure never to leave a boarding pass where someone else can find it. Shred them just like you would any sensitive document.

    In addition to hacking into accounts the old fashioned way, thieves are using phishing techniques, as this alert from Delta warns.

    It's easy to change your user name, PIN and password on some airlines' sites. On United.com, for example, go to MileagePlus>My Account>Profile>Username>edit. It's a good idea to change your password every so often, just as you would with any important account.

    Read More: http://www.huffingtonpost.com/george-hobica/thieves-frequent-flier-miles_b_1822509.html
     
  2. uggboy
    Original Member

    uggboy Gold Member

    Messages:
    50,172
    Likes Received:
    133,426
    Status Points:
    20,020
    Very good advice, always welcome.:)
     
  3. mtlfire

    mtlfire Gold Member

    Messages:
    1,322
    Likes Received:
    1,821
    Status Points:
    1,120
    This is something I would have never worried about. And then yesterday I go to pay for lunch and my credit card is refused for being over the limit -- which is pretty hard to do. I get back to the office and have a message from Visa, my card was apparently cloned and someone was using it to order Apple computers in the UK.

    On FT someone in the IHG forum recently had their priority club account liquidated. The company had no intentions of doing anything about it the last time I read the thread.
     
  4. Ed Chandler
    Original Member

    Ed Chandler Silver Member

    Messages:
    430
    Likes Received:
    501
    Status Points:
    645
  5. Espan

    Espan Silver Member

    Messages:
    532
    Likes Received:
    981
    Status Points:
    750
    Here's a vote for Last Pass.
     
    LauraPDX, marcwint55 and jbcarioca like this.
  6. sobore
    Original Member

    sobore Gold Member

    Messages:
    12,421
    Likes Received:
    33,847
    Status Points:
    16,520
    marcwint55 and jbcarioca like this.
  7. Ed Chandler
    Original Member

    Ed Chandler Silver Member

    Messages:
    430
    Likes Received:
    501
    Status Points:
    645
    I sort-of intentionally didn't say which one I used.
    a) Each has different strengths
    b) Keep the bad guys guessing ;-)
     
  8. Sweet Willie
    Original Member

    Sweet Willie Gold Member

    Messages:
    4,048
    Likes Received:
    8,739
    Status Points:
    7,270
    glad you brought that up, apparently IHG doesn't believe the account was hacked so hence the lack of doing anything.
     
  9. PointsCashMiles

    PointsCashMiles Silver Member

    Messages:
    129
    Likes Received:
    158
    Status Points:
    375
    I've always wondered if this was an issue - apparently I have some passwords to update...
     
    marcwint55 likes this.
  10. marcwint55

    marcwint55 Gold Member

    Messages:
    2,517
    Likes Received:
    4,573
    Status Points:
    2,570
    I have always been cognizant about bank and credit card accounts and have never given a thought to security on my mileage and hotel accounts. I will now be on guard thanks to your article.
     
  11. Surface Interval
    Original Member

    Surface Interval Silver Member

    Messages:
    1,318
    Likes Received:
    1,055
    Status Points:
    970
    Thank you for bringing this up. Lazy or just ignorant does not save your hard won miles. I just changed a couple of passwords that should have been done long ago . . .
     
  12. deltagoldLass

    deltagoldLass Silver Member

    Messages:
    507
    Likes Received:
    921
    Status Points:
    770
    Thank you for this important info !!!
     
    sobore likes this.
  13. mtlfire

    mtlfire Gold Member

    Messages:
    1,322
    Likes Received:
    1,821
    Status Points:
    1,120
    That's what I found a little disturbing about the story. Ultimately to redeem/liquidate an account the majority of ways (Hotel booking, points transfer, gift card) should leave some sort of physical trace to another individual, address, or something that should allow you to verify the veracity of the claim.

    It wasn't likely "hacked" in the sense there's a log of someone trying thousands of 4 digit pins on his account but more than likely someone knew what his PIN was and just logged in.
     
    Sweet Willie likes this.
  14. deltagoldLass

    deltagoldLass Silver Member

    Messages:
    507
    Likes Received:
    921
    Status Points:
    770
    Please PM me the best ways to protect
    Travel accounts with the least of
    Complications :)
     
  15. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,215
    Likes Received:
    61,743
    Status Points:
    20,020
    If it is trivial for someone to hack the PIN then changing the PIN doesn't make it any less trivial to hack it again. :confused:
     
    mailbroad, kwai and servo46250 like this.
  16. servo

    servo Silver Member

    Messages:
    736
    Likes Received:
    1,031
    Status Points:
    825
    Exactly. What does Mitto do that awardwallet doesn't, other than store pw's for sites other than travel sites? 500 websites (their claim) really doesn't sound like that many.
     
  17. aviator8

    aviator8 Silver Member

    Messages:
    287
    Likes Received:
    369
    Status Points:
    500
    Changed all of my passwords a few months ago. I would notice if someone pilfers my points as I use Award Wallet and update accounts almost every day. I know exactly which accounts should decline. Everything else should go up or stay the same. I do not allow AW to store my passwords on their servers. I store locally and backup routinely. It is such a pain to change passwords on 100 + accounts. That would be a nifty feature for Award Wallet to implement. Automated password changes. Place what you want the password to be in a field, or txt file, let Award wallet do the automated login and changing, then delete the file. I would pay extra for that feature.
     
  18. mtlfire

    mtlfire Gold Member

    Messages:
    1,322
    Likes Received:
    1,821
    Status Points:
    1,120
    So you login to award wallet on a daily basis? Since if they don't store your passwords, that's the only way you're going to get a daily update.
     
  19. Switch2

    Switch2 Silver Member

    Messages:
    265
    Likes Received:
    407
    Status Points:
    520
    maybe they all need to implement dual auth system across the board.
     
  20. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,215
    Likes Received:
    61,743
    Status Points:
    20,020
    More secure. And WAY more expensive. So very, very, very not worth the expense, either to the program nor the members.
     
  21. Flying Bat

    Flying Bat Silver Member

    Messages:
    389
    Likes Received:
    713
    Status Points:
    575
    I am surprised that attention has not been drawn to the theft of value by the airlines when they dilute the value of hard worn miles by regular and persistent offers of up to 100k miles via a minimal spending exercise. More miles chasing the same number of seats constitutes an effective devaluation

    http://www.dailymarkets.com/creditcards/british-airways-card/
     
  22. aviator8

    aviator8 Silver Member

    Messages:
    287
    Likes Received:
    369
    Status Points:
    500
    I do
     
  23. lunettes noires
    Original Member

    lunettes noires Silver Member

    Messages:
    33
    Likes Received:
    35
    Status Points:
    165
    So do I. Doesn't the 24-hour cancellation window mean that if you check your balances every day, your liability for fraud is effectively zero? I mean, you can always call the airline, cancel the thief's tickets, and leave him (or the dupe he sold them to) be stranded at the airport. Or are people actually booking tickets for same-day travel?
     
  24. Flying Bat

    Flying Bat Silver Member

    Messages:
    389
    Likes Received:
    713
    Status Points:
    575
    Are Thieves Stealing Your Frequent Flier Miles?


    Yes the last time it was an airline scheme imposing a rule about dormancy. I won't say which airline it was, but the rule was 20 months or you lost the account. Do they really have to do that? Je ne pense pas. They already enjoy the full benefit of all the non redemptions.
     
  25. Wageslave

    Wageslave Active Member

    Messages:
    21
    Likes Received:
    31
    Status Points:
    95
    Actually it depends on the companies. For all those un-redeemed points, it is considered a liability... regardless of the program, there is a dollar value of the points. If they don't expire, and are mass redeemed, there is a liability there. That's why there is a trend to have those points expire as it lowers their risks and costs.
     

Share This Page