Russian hackers have been having a good old time not just trying to influence elections in the United States and elsewhere but purchasing flights and fancy vacations using frequent-flier miles stolen from British customers, a British newspaper says.
The Times of London, citing research by the cybersecurity firm Flashpoint, says Russian scammers have been living it up at posh resorts by purchasing reward points and air miles that had been lifted from British customers’ hacked accounts and then sold on the dark Web. The problem has become so widespread that an unidentified U.S. bank has “quietly blocked” the purchase of flights in Russia with the banks’ reward points, the Times says.
Hackers have focused on stealing rewards points and frequent-flier miles because those accounts are generally softer targets than the credit cards themselves. The scheme is also effective because, rather than using stolen credit card data to buy a flight, the thieves tap reward points because their theft might not be noticed right away by a card’s owner, the Times reported. The rewards points are often nabbed by hacking people’s airline accounts or through phishing schemes that get unsuspecting credit card holders to give up their personal data to an official-looking email.
The Times says the dark Web’s wheeling and dealing is usually centered on the most expensive flights and hotel bookings, often for business-class airline seats and lodging in four- or five-star hotels. The newspaper also says victims have posted stories detailing the scam on Internet forums, such as Reddit, including an unidentified British couple who found that their Avios reward points had been used to take a room in Spain under the names of “Olga and Dmitry.” Grateful customers have posted photos and reviews of their ill-gotten vacations, the newspaper says.
The U.S. airline industry is not aware of any such Russian scams affecting their customers, a spokesman for Airlines for America, or A4A, said Wednesday. But the scam has surfaced here. Earlier this year, the Wall Street Journal reported that United had changed the procedure for logging into its accounts as reports of the crime become more common.
Read more of Tripping: