Airlines Battle Surge in Loyalty Program Fraud

Written by

Cyber fraudsters have been observed increasingly exploiting vulnerabilities in air miles and customer service systems across the EU, the UK and the US.

In 2022 alone, cases of loyalty fraud surged by 30%, impacting more than 75 airlines and involving over 2000 malicious resources, according to research published by Group-IB earlier today.

One common tactic employed by fraudsters is the customer service scam. Scammers impersonate airlines’ customer service through fake phone numbers. They lure victims into calling these numbers, often shared via various platforms, under the guise of booking flights or claiming refunds. 

Unsuspecting victims end up divulging their banking information, including credit card details. Fraudsters may even attempt to install remote access Trojans (RATs) on victims’ devices, potentially gaining control over sensitive data.

Fraudsters have also been observed employing tactics like phishing websites, promising victims enticing rewards or prizes. Once victims are redirected to these fake pages, they unknowingly provide personal information, which is then exploited by the attackers.

These fraudulent activities impact a wide range of stakeholders, raising concerns for national and international security authorities, such as Interpol and Europol. Such threats are reportedly costing airlines an estimated annual loss of over $1b, according to Europol.

Read more on threats targeting airlines: Third-Party Vendor Hack Exposes Data at American, Southwest Airlines

In a landscape where cyber-threats continue to evolve, airlines and loyalty program providers must invest in fraud detection and prevention measures.

Group-IB explained that monitoring for phishing pages, digital risk mitigation and the use of anti-fraud systems to detect unusual account activity and location spoofing are crucial steps in safeguarding the integrity of air miles and customer service systems.

As the airline industry seeks to secure the loyalty and trust of its customers, combating these fraudsters is an ongoing battle, with constant vigilance and proactive measures being the most direct way for organizations and individuals to protect themselves.

What’s hot on Infosecurity Magazine?