Brian Krebs of Krebs On Security reports that there’s an ongoing effort to access email accounts in order to drain your gift cards and loyalty program accounts. By gaining your credentials they’re able to sell your points for cash. There’s a simple solution to this.
2/3: They'll even sign you up for employee wellness programs (if available), and file periodic progress reports on your behalf, all just to eventually get their hands on your $10 Starbucks gift card for hitting those wellness goals.
— briankrebs (@briankrebs) September 2, 2021
In most cases your loyalty program points are going to be protected – which is to say that eventually most loyalty programs make good, though you may have to go through layers of customers service and it may take some time. It’s a bad look for a company to shrug their shoulders when a program member is robbed like this. And it’s bad business, too, because balances worth stealing from belong to customers who are usually profitable.
The number one thing you can do to protect your loyalty accounts, in my view, is to sign up for Award Wallet. Put your accounts there so one click updates your balances. Do that every day. By making it easy to view changes (activity) in your account, you’ll know right away when the account has been compromised.
Your biggest enemy in loyalty program fraud is simply not knowing that it happened for some time. With a daily update of your balances you’ll know right away.
You should also, of course, check your credit report regularly even though it doesn’t appear that this hacker is opening financial accounts or making charges to existing accounts.
And if Google Chrome tells you the password you’re using on a given website has been compromised, by all means don’t use that password anymore. However most passwords that have been used have likely already been hacked or are easy to guess (12345 or password).