| Airline accounts contain a wealth of sensitive data, including passenger names, contact information, passport numbers, and financial information. These accounts may be linked to loyalty programs that allow passengers to earn miles or points that serve as a form of currency. These accumulated miles or points can be redeemed for free or discounted flights, seat upgrades, hotel stays, rental cars, airport lounge access, merchandise, gift cards, and other benefits. As the peak travel season approaches with increased reservations and high-value transactions, threat actors are intensifying their efforts to target the aviation industry and its major brands—such as American Airlines, Delta, and United—potentially resulting in disrupted travel, identity theft, monetary losses, and loyalty fraud. |
| The NJCCIC observed an uptick in reported compromised airline accounts in the past month. Threat actors obtain credentials through phishing campaigns, infostealers, data breaches, or data sold on darknet forums. Once they take over accounts, they engage in loyalty fraud by converting the miles or points into travel or rewards. They seek redemption options that yield the quickest and largest face value. The reports indicate that the threat actors made one or more redemptions, primarily for gift card purchases, as a one-time transaction or separate transactions over multiple days. Stolen redemptions ranged from 12,000 to 500,000 miles, valued at approximately $120 to $5,000 across popular gift card brands like Google Play, Sephora, and DoorDash. Threat actors target loyalty programs because they are less frequently monitored. They may plan their malicious activity for the weekend, when customer service or fraud departments may be closed or have limited hours or staff. |