Main Menu


Try searching for

Identity theft

Social security protection

Credit monitoring

Reputation management

Blog > Internet Scams > Loyalty Fraud: Hackers Can’t Resist Shopping Rewards
 November 18, 2020

Loyalty Fraud: Hackers Can’t Resist Shopping Rewards

A man in a wheelchair is paying bills online using a credit card.

Discount cards at the corner grocery or pharmacy compete for your cash alongside rewards programs offered by big box stores. Cards at restaurants even track your spending to earn free food. Program benefits can be minor or major, but all rewards programs have one element in common – hackers want a piece of the prize with your personal data in their scope.

Significant value flows through these programs and billions of loyalty accounts exist today. This landscape presents a massive theft target.

The Beginning of it All

Fictitious homemaker Betty Crocker introduced one of the earliest rewards programs in the late 1920s. She encouraged bakers to switch to her cake mixes and collect box top points to earn catalog gifts.

Today’s offerings connect to credit cards, phone numbers or program-linked cards that are easy to carry and scan. Usage has exploded in part because of the simplicity, and the enticements grow and grow.

Are Rewards Programs Easy to Hack?

A number of hacks have already hit these programs. Many of this year’s data breaches employed stolen credentials to unlock accounts. Automated attacks succeed because over half of us reuse the same username/password combo for several websites and accounts. When one site is compromised, hackers technologically “stuff” those credentials to unlock other lucrative websites.

If hackers breach your credit card account, for example, earned rewards for spending are displayed clearly. You might be saving points for a fancy handbag, but the thief will select gift cards they can unload rapidly. With choices that include savings on top national retailers, they’ll spend your rewards quickly.

The hacker generally operates just like a consumer: They simply use your credentials to open the account to redeem electronic gift cards using the points you’ve legitimately accumulated. The criminal will also typically change your password to make it harder for you to get back into your account. They receive newly issued, hard-to-trace gift cards to pay for online purchases or in-store buys. Many simply get resold on legitimate websites that swap gift cards and your reward money disappears in less than 60 minutes.

Holiday Risks

If your gift list is lengthy this holiday season, new loyalty programs will tempt you. Whether you earn cash, airline miles, discounts or freebies, remember this absolute fact: businesses don’t offer free stuff because they like you. They crave repeat business; it’s far less expensive to retain a customer than to lure in new ones.

By offering you a card, retailers get insight into your purchases. Using these rewards programs lets companies know exactly how you shop. A lot of the data collected regarding spending habits can be sold, traded or used to enhance in-house marketing. An entire profile on you emerges from all the individual purchase bits.

Are loyalty plans worth your energy? Saving 30 cents per gallon on gas is sweet but each program’s business motives should align with your shopping and travel needs.

How to Keep Identity Thieves Out of Your Card Accounts

If hackers target your rewards, why not complicate the attempt for them.

  • Employ multi-step authorization or two-factor authentication (2FA) where offered. Even if hackers have your password, 2FA codes – sent to your cellphone or email – could stump them.
  • Don’t facilitate credential stuffing. Stop repeating passwords on multiple sites; one per site would cut down on a massive slice of data breaches.
  • Use a password manager if you can’t remember multiple codes.
  • Examine loyalty partner emails closely before you click and don’t respond to rewards communications if you don’t have time to give it your full attention.
  • Shred all airline tickets or receipts if they contain a frequent flyer rewards number. The same goes for hotel receipts and printed rewards statements.
  • Avoid public WiFi, especially around the holidays. Use your smartphone hot spot, a VPN, or browse from home. Hackers deploy man-in-the-middle attacks with fake WiFi to intercept financial data.

Those are your earned benefits; protect them. Learn about other online privacy and reputation risks we all encounter every day.

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan.  All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.


Related Post

View from behind of a large wedding party outside in a garden by a fountain while a photo is being taken. Shows cybersecurity wedding success.

Cybersecurity Tips for Wedding Success

The big day is on the way! You’ve been planning your wedding with love and care, and finally all your hard work is about to pay off. Or perhaps you are a wedding guest, prepared to attend this exciting event. Whether you are a member of the bridal party or a...

Man looking at a woman's photo on his phone via a dating app

Avoid These Common Romance Scams

It’s a universal truth that most people want to find love. The problem is, online fraudsters use that desire against unsuspecting, vulnerable people on dating apps and dating sites. Not to burst Cupid’s bubble, but dating and romance scams are blooming like love in...