RALEIGH, N.C. -- When searching online for your next getaway, you need to be on guard. Cyber security experts have issued a summer travel warning saying criminals are draining airline and hotel loyalty accounts, then starting up travel agencies using those stolen points and miles.
Tony Sabaj with Check Point Software showed ABC11 one example that his company found that is a phishing email and makes it appear the email came from Southwest Airlines, but it doesn't come from that airline, but instead from scammers. "When you click on the link, it'll ask you to log into your Southwest account. You're not actually logging into your Southwest account. They're getting your credentials, and then they're obviously, you know, stealing the points, or we're taking over the account," Sabaj said.
He says once cybercriminals have access to your travel accounts they sell your points or miles on the dark web. Sabaj adds, "They're actually selling the credentials to people's accounts online and saying, hey, here's an American Airlines account with 1.5 million points and we're selling it for just under $500."
Sabaj says hackers are even creating online travel agency websites with all stolen information. He adds, "There's actually dark web travel agencies that are using stolen credentials and stolen points to actually book travel on behalf of."
He provided one example where scammers created a copycat website that looks exactly like the real airlines, but the scam URL ends in .org.
To protect your accounts and money, be suspicious of too-good-to-be-true deals. Scammers offer an amazing deal to get your attention and let your guard down. Before booking, also make sure you look at the URL of the website and look for HTTPS and the lock symbol as that means the site is encrypted and secure.
Change your password often, especially if you're notified it's been exposed in a data breach. If you can set up two-factor authentication on your accounts that even offers better protection.