Frequent flyer miles are a hot commodity on the dark web, according to a report from Comparitech, a site that compares various tech products.
The company combed through six marketplaces on the dark web selling stolen goods and information, and found that hundreds of thousands of points are “on sale” with Delta SkyMiles and British Airways being the most commonly listed. Reports Comparitech:
On Dream Market, one of the largest black markets on the dark web, a single vendor sells reward points from over a dozen different airline reward programs, including Emirates Skywards, SkyMiles, and Asia Miles. Going by the handle @UpInTheAir, they sell a minimum of 100,000 points for the reward program of your choice, starting out at $884 [$AU1,218] as of time of writing (this was probably $1,000 [$AU1,378] originally, but Bitcoin price fluctuations caused it to go down).
Unsurprisingly, point prices vary depending on the seller, though they’re usually on sale for much less than their actual worth. For example, Comparitech found 200,000 British Airway points on sale for $62 (prices are based on Bitcoin or Monero, a popular cryptocurrency among criminals).
Thieves aren’t using the points to travel first class to their next beach vacation, according to Comparitech, because they don’t have your ID, for example. Instead they’re cashing the points in online for money and gift cards. They can also be easily transferred to someone else.
Paul Bischoff, editor at Comparitech, told Marketwatch this scam is common because it’s relatively hard to detect. “It’s similar to credit-card fraud in that the victim is unlikely to notice until they check their account to find their miles gone, or the thief triggers the fraud prevention system,” Bischoff told Marketwatch.
People generally don’t check on their miles frequently, meaning that the theft can go undetected for an extended period of time, and major data breaches — like the Equifax hack — have made the information much more easy for hackers to find.
Here are some of Comparitech’s suggestions to protect your frequent flyer miles:
Shred your boarding pass after a flight.
Never post a photo of your boarding pass online.
Monitor your account for suspicious activity. If you’re a member of more than one award program, an app like AwardWallet can help you manage all your accounts in one place.
Don’t put your airline account number on a baggage tag.
Avoid using public wifi to access your account.
And please, pick a unique password for your account. Because emails and password information is largely available or easy to get for many hackers, you want to make sure you’re never reusing passwords across sites.