Is your Avios account safe from hackers? – how fraudsters are targeting miles accounts

avios and miles fraud

Some links on Turning Left for Less pay us an affiliate commission to support this blog

Many people are unaware that miles accounts are a tempting target for criminals to hack. It has been revealed by Flashpoint, the research company. that Russian hackers are targeting UK miles accounts in a highly organised way.

First, criminals hack your account in order use your miles to buy flights, hotels and car hire. The stolen holidays are then sold on the dark web at up to a 75% discount. Shady travel agents that seem legitimate sell the holidays to unsuspecting customers who are totally unaware they have been purchased using stolen points. The holidays are mainly high-end such as business class flights and 4 and 5* hotels as the margins would be too small to make it worthwhile on smaller amounts.

The report does not specifically mention Avios but there are reports on forums such as Flyertalk of people’s BA Executive Club accounts being hacked. BA will generally lock down an account if fraud is suspected and will usually restore the Avios eventually although this can take some time. This is obviously highly inconvenient if you wanted to use your Avios, so what can you do to protect yourself?

Protecting yourself

The main thing you can do is to check your miles and points accounts regularly for suspicious activity. If you have quite a number of these across your household it can be quite daunting.

You could consider using a service such as AwardWallet which is free for the basic service. This will check your miles and points automatically every week across a number of programs (including non-travel ones) and update your balances. You can also do it manually yourself if you want to do it more frequently. AwardWallet is available for desktop or iOS and Android apps. There is also a premium service which you can pay an extra $2.50 a month for. This gets you the expiry date of points tracked, and email warnings sent out if your miles are getting close to expiry. Note that you can track more than one person’s accounts using the same AwardWallet account which is a handy feature.



The other thing I would recommend is never showing your boarding pass barcode or booking reference on social media or blogs. It is easy to get a large amount of information from this even without seeing your name on the ticket. You can potentially access someone’s booking online using just a barcode.