Cyber crooks' latest target: Frequent flyer miles
(CBS) CHICAGO - Travelers should be wary with upcoming vacation plans about what experts say is the latest twist in identity theft scams - stealing your frequent flyer miles.
Membership numbers and passwords must be provided and a security question must be answered to access an account. Tim Armstrong, a computer security expert at Kaspersky Lab, told CBS Chicago that cyber crooks can obtain this information by emailing someone a trip confirmation or a special offer, and asking them to enter their frequent flyer information.
"A sense of urgency is important, and that'll make people log in to those sites and give up their details," Armstrong said. "They can use these schemes to collect people's miles, to buy tickets, and then resell those tickets to third parties. And they'll collect money that way."
Carelessly disposing boarding passes can also provide crooks a way to easily obtain enough details to hack into a system and steal miles.
"Consumers probably ought to be taking those home with them, and disposing of them properly, instead of just throwing them in the trash bin at O'Hare," said Federal Trade Commission regional director Steve Baker.
One couple had their own frequent flyer horror story to share.
"I was very upset, and I'm still upset," Michael Hynes said.
Hynes and his wife Katherine thought they had racked up 175,000 miles, but United Airlines told them they only had 12,000. United said the rest of the miles had been spent on hotels in Singapore. They made countless calls to get their points back, only to be left frustrated.
Katherine said after CBS Chicago got involved United "suddenly called and said 'Okay, here's your points back.' That really is wonderful."
A United spokesman said it is consumers' responsibility to protect their passwords. However, when a fraud claim is validated, United says it will reinstitute the miles, or provide compensation when necessary. He said there have been other complaints about stolen miles, but he declined to say how many.