When was the last time you changed the password and user name for your frequent flyer account? If you’re like most people, it was probably on the 12th of never.
Miles are like money, and that’s why, as this report explains, thieves and scam artists are stealing miles from unwary consumers’ accounts, spending them on flights, selling them, or using them for other nefarious purposes.
Whether you have 25,000 miles or 250,000 or 2.5 million, you need to protect them.
What’s amazing is that some people, for example those signed up for United’s MileagePlus program, only use an account number and a four-digit pin code to get into their accounts. If someone gets hold of your boarding pass with your frequent flyer account number on it, how hard is it for an experienced hacker to work through the possible four-digit combinations to get into your account? It’s probably the easiest password combination to figure out. So be sure never to leave a boarding pass where someone else can find it. Shred them just like you would any sensitive document.
In addition to hacking into accounts the old fashioned way, thieves are using phishing techniques, as this alert from Delta explains.
It’s easy to change your user name, PIN and password on some airlines’ sites. On United.com, for example, go to MileagePlus>My Account>Profile>Username>edit. It’s a good idea to change your password every so often, just as you would with any important account.
And airlines need to do their part too. Frequent flyer account security is woefully inadequate. They should start requiring members to set up challenge questions (“What color was your first car?”) and remind them to change passwords regularly. But consumers need to be alert, as well. Check your accounts as often as you check other assets, such as bank balances, to make sure nothing is amiss. If miles are missing, contact your airline immediately and ask for restitution, although this may not be a simple task.
Follow George Hobica on Twitter @airfarewatchdog