Cybercriminals are using stolen credentials to get travel rewards

Cybersecurity researchers have found that cybercriminals are using credentials from specialty shops on the Dark Web to access a victim’s travel and hotel rewards points.
A large variety of companies don’t think of their reward feature as the first place hackers hit for fraud, and this is exactly black hat hackers count on when they want to steal loyalty and reward points to cash in for anything like vacations, products, and other services.

Only the presence of antivirus for Windows or antivirus for Mac gives you the protection against hacker attacks. Also, remember that tests like penetration test and ethical hacking tests are now available for any company that wants to tighten their security.
A recent report shows that 89% of travel websites fail to protect user data by not providing widespread cybersecurity features like two-factor authentication, a password strength assessment tool, or by having poor security practices. Hackers are always looking for the weakest point to access a user’s account. This is why companies have to make sure they don’t have a weak spot. Reward or loyalty points have become a significant objective since they don’t trigger a credit card payment event. If online companies are only monitoring the outcome of purchases and transactions, they are leaving themselves open to a whole world of risk they have no visibility into. Along with account takeover fraud, non-traditional risk points such as adding reward and loyalty points should be continuously monitored. All points of risk, not just the purchase, must be fully cyber secured to ensure that the company’s environment is not a target for cybercriminals.

To stay away from such threats, we recommend the install of antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests. Also, if your business exists 100% online, we recommend the use of cyber-secured web hosting services.