Hackers are targeting frequent fliers and travel reward programs

Common password security practices suggest that use a unique, original password for every site and service, but I’ve maintained for years that you need to simplify by compartmentalizing passwords so you don’t have 200 different ones to remember. Sensitive accounts like your bank, credit cards, or even social network accounts and email should have unique passwords, but all of the little sites and services you sign up for that don’t have access to any real information can realistically use the same password.

Just don’t make the mistake of putting your frequent flier and travel rewards programs into that second category because those have value, and attackers are targeting them. I wrote about the concerning trend in this blog post:

Frequent fliers get all the perks—and all the attention from cyber criminals, apparently. United Airlines, American Airlines, and Park-n-Fly have all reported breaches in the past few days, pointing to an emerging trend of attacks targeted specifically at travelers.

Travelers can be an easy mark for cyber criminals, because they’re inherently off-guard and in unfamiliar situations. “Consumers may be somewhat easy targets, as we often cut corners protecting ourselves, fueled potentially by an urgency to complete tasks, travel-related stressors, and sleep deprivation,” explained Trey Ford, global security strategist for Rapid7. “Given these considerations, consumers have a tendency to favor time-saving behaviors like password re-use, while stress, distraction and exhaustion raise our susceptibility to phishing campaigns.”

Travelers and travel-related companies and programs are particularly valuable targets, too. Individuals who are vigilant about guarding and monitoring bank and credit card information may not consider things like frequent flier miles to be worthy of heightened security. Those miles and customer rewards, however, do have value and can be traded for goods and services. They offer cyber criminals an easier target than banks and credit cards, while still being relatively easy to monetize.

“Going after frequent flyer miles, Candy Crush gold, or virtual swords and armor in World of Warcraft may seem like a surprising tactic for attackers, but for them it’s an efficient way of monetizing low-hanging fruit attacks, such as phishing and credential theft,” explains Jon Oberheide, co-founder and CTO of Duo Security.

Read the full story on PCWorld: Travelers beware: Hackers are after your information.

Scroll to Top