Most people don’t check their hotel or airline points accounts very often. That makes them a fat target for thieves.
Security experts say there’s been a surge in hacking of hotel and airline loyalty accounts over the past year, driven by two factors: Better protections against credit card fraud means criminals are looking for easier targets, and cybercrime rings have been selling tools to carry out attacks, enabling people without coding skills to break into accounts.
Cybercriminals using those tools are selling access to accounts they’ve compromised, often through Telegram and WhatsApp groups, with the number of points listed. Accounts are often priced at 80% of the value of the points or less, said Gosschalk. Some offer guarantees that the buyer will have access for a minimum number of minutes. If account security boots them out before then, they’ll get a similar value substitute or their money back.