High-Flying Phishing: How Hackers Are Scamming for Frequent Flyer Miles
Hackers are going after customers' frequent flyer miles.
Online criminals want your bank account data. They want your email passwords and your Social Security number and your IP address and your phone number.
They'll even peek over your shoulder to steal your iPad login info.
And now, they're going after a new type of currency: frequent flyer miles.
Researchers at the security firm Kaspersky Lab have spotted phishing scams that attempt to gain illegal access into the accounts of airlines in order to steal the frequent flyer miles accumulated by the company's customers.
The attacks come in the form of emails that promise either prizes or more points in customers' frequent flyer programs; recipients are asked to enter their login information on a fake website, and doing so effectively hands over users' account details to the scammers.
While cybercrime often yields immediate returns in the form of bank account credentials , stolen frequent flyer miles are a slightly different case.
In the hands of online criminals, the accumulated miles become a new form of currency, Kaspersky Lab noted.
Researchers looking at an underground Brazilian cybercrime forum found criminals selling access to a 3,300-computer-strong botnet in exchange for about 60,000 miles.
Another instance saw an online crook setting up an illegal barter: stolen credit cards for stolen air miles. Criminals are also purchasing flights and selling plane tickets bought with the stolen miles.
This particular scam is currently affecting customers of Brazilian airlines; one customer, according to Kaspersky Lab, lost about $7,600 worth of accumulated miles.
German cybercriminals have launched similar scams, and based on the method of attack, there's no reason that this type of scam wouldn't fly in the U.S.
If you receive an unsolicited message promising rewards from frequent flyer programs, do not click on or download anything, and instead contact the airline directly.