Airline miles become underground currency in loyalty fraud schemes

Airline miles, initially conceived as customer rewards, are now a valuable commodity in cybercrime markets. The process typically begins with credential compromise, leading to the quiet conversion of miles into flights and hotel stays, as reported by Bleeping Computer.

Flare researchers analyzed underground forums and found a structured trade in travel rewards, functioning like any other commodity. The fraud cycle involves gaining account control, often through infostealers or phishing, then identifying valid accounts. These compromised accounts are then sold to fraudsters who redeem the miles for flights or hotel bookings. These bookings are frequently resold at a discount. The monetization is attractive because loyalty points are often monitored less frequently than financial accounts, creating a detection gap.

Fraudsters price miles at approximately $1 per 1,000 miles, with sellers often providing full email access to the compromised account to hinder recovery by the legitimate owner. Major brands like United, American Airlines, and Delta are frequently targeted due to their large membership bases and flexible redemption options. Loyalty fraud represents a significant, yet often overlooked, financial loss to the travel and retail industries, with estimates ranging from $1 billion to $3 billion annually.

Source: Bleeping Computer