Last updated: 05:00 AM ET, Thu July 16 2015

The New Summer Email Hack: Your Points and Miles

Features & Advice | Tom Bastek | July 16, 2015

The New Summer Email Hack: Your Points and Miles

Photo courtesy of Thinkstock

CIO is reporting that security company Agari released their “State of Email Trust Report” and that the travel industry is one of the most vulnerable industries to hacker attacks. The article goes onto say that points and miles are the issue of the day right now.

"Criminals have discovered that they can monetize all those wonderful airline and hotel points," said Patrick Peterson, Agari founder and CEO. "They are very busy doing some very nefarious things with that, and a lot of our hotel chains and airlines are up in arms."

How The Scam Works

The hacking methods have not changed, only the target (miles and points vs. money) has. The scammers are still out there phishing for passwords and usernames the old fashion way: A person gets an email that offers a free flight voucher or a coupon for a discount ticket and clicks through to what they think is the real company’s website, although it is actually a carefully crafted replica.

Trusting that they have landed at the real site, they enter in their personal information, handing scammers their username, password and access to all those points/miles. In addition, those who use the same username or password anywhere else on the web could now be looking at possible identity theft, fraud, and who knows what else.

What You Can Do

1. Remember that timeless piece of wisdom: If it seems too good to be true, it probably is. This is the exact case here.

2 Use websites instead of clicking a link in an email. If there is a problem with your account or a special bonus offer available, the company will tell you all about it when you log in directly on the website. It might seem easier to click the link in the email, but you don’t know how real or fake that email is, do you? And the report referenced above ranks the airline industry with a “relatively risky” email security. You have almost double the risk of receiving a fraudulent email than not.

3. Change your password from website to website and your screen name if you can, too. This way if someone gets into one account they can’t get into everything else.

4. If you are compromised, change your password across the board.  You don’t know how many other places they got into with your “universal password.”

It is just another summer hack and everyone knows that as soon as the hackers are sick of trying to get your points and miles they will be onto something else. But it doesn’t hurt to get a reminder every once in a while to wake up and get your online security in order.

Here is additional info provided by Agari:


You may use your Facebook account to add a comment, subject to Facebook's Terms of Service and Privacy Policy. Your Facebook information, including your name, photo & any other personal data you make public on Facebook will appear with your comment, and may be used on Click here to learn more.