04 Dec Cheap mileage trade on the online black market
It is no secret that many people purchase airline mileage on the Internet as the price is generally much cheaper. These mileage rewards can be redeemed for free travel, accommodation, access to airport lounges, or upgrades to First Class or Business Class seats, which can add a lot of convenience to your journey.
According to Forceshield’s observations, the mileages of well-known airlines are sold at a much cheaper price than the market price on the online black market. But, have you ever wondered where these cheap miles are coming from?
Quietly steal your reward miles like the ghost
Several methods are being used to steal reward miles: one is to crack the user account login with credential stuffing attacks, and the other is using website vulnerabilities to get account control. Once the attackers gain access or take over the user account, they quietly remove the reward miles and sell them on the dark web.
Once the account take over (ATO) is complete, hackers will use credit cards that are on-file with the mileage account to purchase additional reward miles. The hackers will quickly move these newly purchased miles out of the account along with any previously earned rewards. The end result of the hack is usually a valuable frequent flier customer with a large credit card bill and zero reward mile balance. In most cases the airline will reinstate the stolen miles and credit card companies will remove unauthorized charges. However, the damage is more significant than the monetary loses experienced by the airline and credit card companies and also has intangible costs like a damaged corporate image that takes a very long time to repair.
Take Facebook 50 million accounts leakage as an example, data breach may let companies receive high-priced penalties
Coupled with the increasingly strict regulation of the Personal Information Protection Act, the recent leakage of Facebook 50 million accounts is likely to be subject to GDPR regulations, and may be fined up to NT$50 billion! Business operators should seriously consider how to deal with the losses caused by such hacking attacks.
In addition to reminding consumers to set up a highly secure password, “Enterprises should start by improving the security of the website itself. When effectively preventing hackers from invading the websites, they could also show their determination to actively protect customer information with practical actions. After all, it is the best defense to take the initiative to block all kinds of attacks from the server.”
How do companies protect websites? Forceshield has a coup here