TeliApp
Back to Intelligence Feed
Airline accounts contain a wealth of sensitive data, including passenger names, contact information, passport numbers, and financial information. These accounts may be linked to loyalty programs that allow passengers to earn miles or points that serve as a form of currency. These accumulated miles or points can be redeemed for free or discounted flights, seat upgrades, hotel stays, rental cars, airport lounge access, merchandise, gift cards, and other benefits. As the peak travel season approaches with increased reservations and high-value transactions, threat actors are intensifying their efforts to target the aviation industry and its major brands—such as American Airlines, Delta, and United—potentially resulting in disrupted travel, identity theft, monetary losses, and loyalty fraud. The NJCCIC observed an uptick in reported compromised airline accounts in the past month. Threat actors obtain credentials through phishing campaigns, infostealers, data breaches, or data sold on darknet forums. Once they take over accounts, they engage in loyalty fraud by converting the miles or points into travel or rewards. They seek redemption options that yield the quickest and largest face value. The reports indicate that the threat actors made one or more redemptions, primarily for gift card purchases, as a one-time transaction or separate transactions over multiple days. Stolen redemptions ranged from 12,000 to 500,000 miles, valued at approximately $120 to $5,000 across popular gift card brands like Google Play, Sephora, and DoorDash. Threat actors target loyalty programs because they are less frequently monitored. They may plan their malicious activity for the weekend, when customer service or fraud departments may be closed or have limited hours or staff. Recommendations
  • Use strong, unique passwords for each account and enable multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes.
  • Check accounts regularly for unusual activity, such as suspicious logins, unfamiliar reservations, missing miles or points, or unauthorized redemptions.
  • If there is unusual activity, act quickly by contacting the account’s customer service or fraud department, filing a police report, and immediately changing the password for that account, the associated email account, and other accounts that use the same password.
  • If personal data was accessed, review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources.
  • Report malicious cyber activity to the NJCCIC and the FBI's IC3.