It happens to the best of us. Literally, the best of us.
“I received a confirmation email for a Holiday Inn in Connecticut, booked with my IHG points,” Honig told HuffPost. “I called the hotel to make sure it wasn’t a mistake, and they told me the guests had just arrived.”
Turns out someone had hacked into Honig’s hotel rewards account and used his points to book a room for themselves. His story illustrates a point that travel experts have been discussing lately: It’s easy for hackers to get into your airline and hotel rewards accounts, then use your hard-earned points and miles for their own gain.
In fact, hackers stole airline miles from thousands of accounts last year, the Wall Street Journal reports. They might mine user passwords from lower-security sites like shopping platforms or chat forums and try those same passwords on frequent flier accounts, or they might send out phishing emails to trick customers into giving away account information. And airlines’ own websites are also fraught with security issues: a college-age hacker was given honors this week for finding somewhere around 15 bugs in the current United Airlines system.
Needless to say, your airline and hotel accounts are likely at greater risk than you realize. Here are three ways to keep them safe:
1. Never, ever post a picture of your boarding pass online.
Even if it’s just an image of the barcode, hackers can use the info on your boarding pass to change your flight reservations and potentially rifle through your rewards account. The best practice is to avoid posting photos of boarding passes or hotel reservations altogether.
2. Use a different password for each of your rewards accounts.
This will prevent hackers from using a single password to unlock all of your hotel and airline accounts, not to mention bank accounts or other important portals. Some experts recommend a password manager to help generate strong passwords and keep track of all your logins.
3. Check on your rewards accounts often.
Opt in for emails that include updates on account activity, and make sure they don’t get sent to your spam folder, Honig says. It also doesn’t hurt to log in to your rewards accounts frequently to make sure everything is in good order.
If you do find strange activity and suspect someone has hacked your account, contact the airline or hotel group immediately. In cases like Honig’s, they’ll work with you to get your miles reinstated, and you’ll be on your way with a valuable lesson in tow.