Thieves Are Out To Sell Your Stolen Miles For Cheap

Sep 19, 2018

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

The dark web is flooded with stolen airline miles pilfered following data breaches or through phishing operations — and the thieves are willing to sell the miles for about half their value.

In a study published Wednesday, technology and research firm Comparitech examined black markets on the web in search of miles for sale. It found rewards points available on the dark web from more than one dozen different frequent flyer programs. Delta SkyMiles and British Airways Avios were the mileage currency most commonly listed.

Although prices frequently fluctuate and are not uniform across different black markets, one of the sellers Comparitech examined was selling 100,000 points from various frequent flyer programs for as little as $884. Based on TPG’s latest valuations, those points are being sold at a huge discount. Some of the miles programs listed at this price included:

To be clear, stealing frequent flyer miles is a crime, one that could land a thief in prison for years. It’s also unwise to purchase stolen miles. Comparitech says if you get caught, the airline could take away all your miles (even the ones you earned legitimately) and leave you with nothing for violating its terms of service.

Still, the threat of incarceration isn’t deterring criminals from either taking over consumer accounts or emptying out those accounts and transferring miles into new ones. They first break in by obtaining login credentials taken during a data breach or by phishing individual account holders, Comparitech said.

A phishing scam might go like this: The consumer will get an email claiming to be from an airline asking the consumer to verify their account information — because there was a problem with the account, in order to claim a prize, cancel a reservation or any number of other excuses to get you to comply. When the consumer sends the information, the thief gets access to their account.

People who buy the stolen miles likely don’t use them to purchase airfare or book hotel rooms, Comparitech noted, because those transactions typically require proof of ID. Instead, stolen miles may be easily converted into gift cards or products available through partner retailers. Some resell the rewards to so-called “grey market mileage brokers” that abound on the web. Those brokers then may turn around and use the points to get flight upgrades for their clients.

How to Protect Yourself

If you discover you’re missing miles, report it immediately to the airline. As TPG himself pointed out several years ago, although the airlines aren’t liable for miles stolen from your account, the sooner you report the theft, the better the odds are they can catch the thief and get you your miles back.

Comparitech also cautions travelers to do the following to protect themselves against an account breach:

  • Shred boarding passes after a flight.
  • Don’t post pictures of boarding passes online.
  • Don’t put frequent flyer account numbers on baggage tags.
  • Avoid airport Wi-Fi when accessing your account.

You’ll also want to regularly check your account and frequently change your strong account password. Because of the volume of data breaches, you’ll also want to make sure your airline account password is unique from other passwords. If not, you’re making yourself vulnerable to attack.

Featured image by Bill Hinton / Getty Images.

Chase Sapphire Preferred® Card

WELCOME OFFER: 60,000 Points


CARD HIGHLIGHTS: 2X points on all travel and dining, points transferrable to over a dozen travel partners

*Bonus value is an estimated value calculated by TPG and not the card issuer. View our latest valuations here.

Apply Now
More Things to Know
  • Earn 60,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $750 toward travel when you redeem through Chase Ultimate Rewards®
  • 2X points on travel and dining at restaurants worldwide & 1 point per dollar spent on all other purchases.
  • Get 25% more value when you redeem for airfare, hotels, car rentals and cruises through Chase Ultimate Rewards. For example, 60,000 points are worth $750 toward travel
  • Get unlimited deliveries with a $0 delivery fee and reduced service fees on orders over $12 for a minimum of one year on qualifying food purchases with DashPass, DoorDash's subscription service. Activate by 12/31/21.
  • Earn 5X points on Lyft rides through March 2022. That’s 3X points in addition to the 2X points you already earn on travel.
Intro APR on Purchases
Regular APR
15.99%-22.99% Variable
Annual Fee
Balance Transfer Fee
Either $5 or 5% of the amount of each transfer, whichever is greater.
Recommended Credit

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.