What’s moving to the top of fraudsters’ holiday shopping lists this year? Reward points. With banks and credit card issuers making card fraud tougher than ever, fraudsters have set their sights on another target: loyalty points programs. And why not? Loyalty points accounts are easy pickings—typically guarded by little more than a username/password combination, and often forgotten by consumers until they’re ready to use them. Once acquired, they’re easily redeemed for flights, hotel rooms, gift cards and merchandise, or offered for sale on the dark web for a fraction of their face value.

Perhaps you have been building up travel points for a family vacation or hotel rewards for a romantic weekend getaway.  Unlike your bank or credit card, you are probably not checking the balance on your customer loyalty accounts, and fraudsters could be stealing reward points without you even knowing it. Recent reports of loyalty program-related airline and hotel data breaches suggest these types of attacks are on the upswing, and RSA research supports the idea. Our data analysis of one major dark web marketplace shows that travel/hospitality businesses and rewards programs collectively make up 13 percent of the types of accounts for sale.

Phishing is another source fraudsters use to acquire access to loyalty points accounts. RSA saw a 70 percent increase in global phishing attacks in Q3 which is typical as fraudsters look to harvest fresh credentials to use during the holiday shopping season. Here’s what you need to know about the kinds of tactics (Read more...)