Change your password to protect your airline miles from crooks: Internet Scambusters #659
Airline miles and points can be used for a lot more than just flights.
They can be used for all manner of gifts -- which makes them an attractive theft target for hackers and scammers. We'll tell you how they do this in this week's issue.
And if you use PC maintenance software, we have a warning about a new tech support scam aimed at accessing your computer.
Now, here we go...
How Scammers Steal and Trade Your Airline Miles
The theft of millions of airline miles from accounts at two big U.S. airlines provides proof, if it were needed, that you should never use the same password on more than one valuable online account.
As many as 10,000 accounts at American and United Airlines were accessed by crooks -- but not by directly hacking them.
They apparently got the usernames and passwords by hacking third party servers not connected with the airlines.
Then they used these to try to sign on to the airline accounts.
Where they succeeded, they stole the points, using them to buy gifts and book or upgrade flights.
If users had different passwords, this could never have happened.
The incident happened several months ago and the airlines say they will be notifying customers whose accounts were affected.
Even if you're not one of them, it's probably a good idea to change your password if you have a frequent flyer account with either airline and if you're using one that is duplicated for other accounts.
For more information about password security, check out this Scambusters issue, 10 Keys to Password Security.
Fortunately, it seems that other confidential information attached to people's accounts, including their credit card details, were not compromised.
However, the theft highlights the growing attractiveness of frequent flier miles to hackers, with one observer saying that points have become a sort of currency that is used and traded on black markets.
The fact that you can trade points for a wide range of products, not just travel, makes them extremely attractive.
Bogus Miles Awards
This isn't the only tactic scammers are using to try to steal frequent flier miles.
In both the U.S. and Canada, they're using robocalls to tell individuals they've been awarded thousands of extra points.
The calls claim to come from the Canadian company Air Miles, airlines Air Canada or WestJet, or online travel company Expedia.
The call invites recipients to press a key to proceed with the mileage points claim.
This connects them with an operator who asks for airline account details or other confidential information that might be used for identity theft.
Action: This scam has been running for several years and is ongoing.
It's easy to tell if you're being targeted.
None of the companies mentioned uses this type of robocall marketing -- it's illegal anyway in most cases.
So if you get a call, it's a scam.
Phony Sales of Miles
In yet another airline miles scam, crooks pose as brokers of unwanted miles, which they offer for sale via sites like Craigslist.
Or sometimes, they claim to work for the airlines industry and have more free miles than they will ever need.
By suggesting, for example, that they're senior crew, like pilots, they add an element of credibility to their con trick.
Often, victims are in a hurry to buy the miles, which makes them a perfect target, willing to either wire cash or use a prepaid debit card to pay for them.
You send the money and that's the last you hear of the "seller."
Action: Buying airline miles this way is highly risky. So, don't.
In the cases we researched, one victim received phone calls and even copies of a driver's license from the scammer.
This supposed proof of identity turned out to be worthless.
One clue to the scam is that the crooks usually offer the miles at extremely low cost -- the first red flag.
But the key, as ever, is the request to wire cash or use prepaid debit cards, both of which are untraceable.
Several airlines have posted warnings about mileage / points scams.
For example, American Airlines has a whole list of phishing emails with a list of characteristics of bogus emails.
United offers a customer care inquiry form.
A True Urban Legend
By the way, on the subject of airlines miles, you may have encountered an Internet story about a guy who supposedly bought thousands of desserts, to score more than a million miles.
The frozen food producer of the desserts offered buyers up to 1,000 free miles for each product barcode they submitted.
The enterprising shopper spent $3,000 on desserts and offered them to a charity in return for their removing the barcodes and sending them to him for submission by the food company's deadline.
He got his mileage points and, as a bonus, he achieved lifetime gold status with one airline.
Sound too good to be true? Not at all. In fact this clever guy also wrote off his $3,000 outlay against his taxes, saving a further $800 -- because he had given his puddings to a charity!
Alert of the week
Software company Iolo Technologies has issued a warning about a bogus tech support scam that uses its name.
It's a variation of the Microsoft scam in which victims are tricked into giving crooks access to their PCs after being told by a phony Microsoft tech that they have problems.
In this new version, the caller claims to be from Iolo, which produces the leading PC maintenance software System Mechanic, and says that the software has detected a fault.
But the request is the same -- he/she wants access to the PC so they can "fix the problem" or, in reality, steal information from the computer.
Iolo doesn't operate this way. So if you get this call, even if you have System Mechanic installed, just hang up.
That's it for today -- we hope you enjoy your week!