Cyber thieves targeting rewards programs
The rewards programs that businesses offer to consumers are increasingly a target for hackers.
There is growing evidence of cyber thieves targeting the programs that businesses use to hold onto customers, according to security blogger and researcher Brian Krebs.
Rewards accounts tend to be less secure than other personal accounts, making them an attractive target for cyber criminals. Many only require a member number and a four-digit PIN to access the account.
{mosads}Hilton Hotels is among the companies that secure a rewards program with such a method. Krebs received numerous tips that Hilton customers were having their Hilton rewards points mysteriously emptied out and used to book hotel rooms around the country.
Krebs also found “plenty” of Hilton Hotel rewards points for sale on “shady forums” at about 3 to 5 percent of their market value.
Hilton did not immediately respond to a call requesting comment.
Siphoning off rewards points is not a new phenomenon. The Canadian government earlier this year issued a warning after arresting two ringleaders of an operation that hacked reward accounts in both the U.S. and Canada and used the stolen points to purchase gift cards, which are harder to track than credit cards.
Other media reports on similar schemes stretch back to 2012.
Companies have worked to bolster security on more traditional personal accounts, following a number of high-profile data breaches the past year at retailers such as Target and Home Depot and banks including JPMorgan.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..