Cyber criminals are getting creative. We constantly hear about hackers stealing credit card numbers and even Twitter handles. Now, they have also added your loyalty rewards points to their list.
Brian Krebs wrote an excellent article highlighting a few of interesting cases where victims had rewards points stolen.
One victim reported that he had about 250,000 Hilton Honors points stolen from his account. These points were used to reserve a number of Hilton hotel rooms, and then the criminals continued to purchase additional points with the corporate credit card associated with the account.
Experts are also starting to see rewards points being sold in the online black market for a fraction of their worth. For instance, a hacker might sell points worth $1,200 in hotel reservations for $12.
So what does this mean for you? It is unlikely that stolen rewards points are going to overtake trends like mobile malware or medical identity theft as the “next big thing” to worry about. That said, we always recommend keeping up-to-date with the latest security trends and being proactive about protecting your identity and online accounts.
Some proactive actions you can take now:
- Keep an eye on your bank accounts and credit reports as usual. Stolen rewards points may actually be one small piece of a larger puzzle when it comes to identity theft.
- Avoid saving credit card information on websites with rewards programs, such as your favorite hotel, airline or retail site.
- Use a secure, unique password for loyalty program sites. Don’t reuse passwords.
- As a retailer or company that offers reward points, institute a CAPTCHA system to protect against hacking bots and scripts.