Hey Lykkers! Quick question: have you ever gotten a notification about a massive points redemption you didn’t make? Or maybe you’ve spotted a suspiciously cheap offer for “10,000 airline miles” in a sketchy online forum? That sinking feeling is a sign of a real and growing downside to the rewards we love.

Today, we’re pulling back the curtain on how loyalty programs have become a hotbed for financial fraud—and what you can do to protect your hard-earned points.

The Loyalty Gold Rush: Why Points Are the New Cash

For criminals, loyalty accounts are a perfect target. Think about it: security is often weaker than on bank accounts, points can be converted into gift cards or high-value goods, and fraud detection systems are often less sophisticated than what you’d expect for something with real-world value.

Patrick Sullivan said that people should treat reward points like cash and protect them with strong, unique passwords and extra sign-in checks. In other words: if you’d protect your banking login, your points deserve the same respect.

Common Tricks in the Fraudster's Playbook

So, how are they doing it? Let’s break down the most common tactics:

1. Account Takeover (ATO): This is the big one. Using passwords leaked in other data breaches (because, let’s be honest, we reuse passwords), bots try those credentials across airline, hotel, and retail sites. Once in, they can redeem or transfer points in minutes.

2. Refund-and-Keep Loopholes: Some fraud attempts involve using compromised payment methods to create bookings that later get canceled or refunded—while trying to keep the rewards value generated along the way. Programs work to stop this, but it remains a recurring pressure point.

3. Manipulated Transfers: Fraudsters may merge points from a hijacked account with their own, or exploit transfer and “family sharing” features to make the trail harder to follow. It’s value mixing—but with travel rewards.

4. Phishing, Tailor-Made: You get a convincing email: “Your points are expiring! Click here to save them!” The link leads to a fake login page designed to capture your credentials. The urgency makes you drop your guard.

The “Points for Sale” Underground Resale Market

Where do stolen points go? Often into illicit resale channels and private groups where buyers try to purchase miles at a fraction of their value. This market fuels more theft—and it can also backfire on buyers when suspicious bookings get reviewed or canceled after fraud is detected.

Fighting Back: Your Defense Playbook

Don’t panic, Lykkers! You are not powerless. Here’s your action plan:

• Treat Points Like Cash: This is the #1 mindset shift. Guard your loyalty account credentials with the same seriousness as your online banking login.

• Password Power-Up: Use a unique, strong password for every single loyalty program. A password manager is strongly recommended.

• Enable 2FA (Two-Factor Authentication): If the program offers it (and sadly, many still don’t), turn it on. This adds a critical extra step for any login or redemption.

• Be a Points Detective: Regularly check your statements and point balances. Set up transaction alerts if available. Report any weird activity—a 500-point redemption for a subscription you didn’t request, a sudden password-change email—immediately.

• Beware of “Points Buying” Offers: If a deal to buy miles from a third party seems too good to be true, it is. You risk buying stolen points and could have your entire account restricted.

The Bottom Line: Secure Your Rewarded Self

Loyalty programs are meant to be fun rewards, not a source of stress. By understanding how points fraud works—and taking a few simple, powerful steps—you can keep your points working for you, not for someone else.

Now, go check your accounts, update those passwords, and breathe easy. Your future upgrade depends on it.