The case of the disappearing points: Do you know where your frequent-flier miles are?

Are your frequent-flier miles flying without you?
(Oliver Burston / Getty Images/Ikon Images)

It’s almost summer vacation time. Do you know where your travel rewards are? Because they may not be tucked safely in your account where you would expect to find them. They may have been stolen.

That’s the word from Kevin Lee, a trust and safety architect with Sift Science, which fights digital fraud.

Loyalty programs are big business in travel, of course, and many other companies (grocers, drugstores, clothing retailers, etc.). Those points you and millions of others have been stockpiling from a variety of sources are worth about $48 billion, Lee said.

Impressive number. Thieves think so too. But here’s where you and thieves may differ (besides the whole honesty thing): People who steal points and miles think of those awards as currency. You may think of them as a tool to get you where you want to go.

There’s a huge gulf between those two mind-sets, which may result in a failure to mind your points.

“Not me!” I thought as Lee was telling me this.

Yes, me. And probably you too.

Here is how you can protect your stash.

Check in them, Lee said. Just as you keep an eye on your bank account, you should take a look at the accounts that have your miles, and not just every few months but once a month or more. The bigger the account, the more often you need to check in.

Practice good password hygiene. You have long since stopped using 123456 as your password, of course, and you use a different password for everything, naturally.

But do you guard that information? “Let’s put it this way: I’ve seen [people] keep passwords on a sheet of paper under a laptop,” said Brian Lapidus, practice leader, identity theft and breach notification, for Kroll, which is in the investigation and risk-mitigation business.

That’s where a password manager comes in. I finally realized that if I have 125 accounts I have 125 passwords, no two alike. I need that space on my brain’s hard drive for more important stuff, like where I left my car keys.

There are all kinds of password keepers, some free, some at a small cost, some that allow you access across multiple devices. Lee suggests taking a look at Tom’s Guide for recommendations. You also can consult for its favorites.

— Set up an alert when points are withdrawn, said Emily McNutt, news editor at ThePointsGuy, a travel reward website that helps people maximize points and miles.

“I know if I get an email that says, ‘Thank you for using 50,000 of your points’ and that wasn’t me, there’s an issue here,” she said.

“I opt in for as many [alerts] as possible.” (Check under “settings” on a site to see if that’s where to opt in; otherwise, give your card company a call, she said.)

She also is a fan of, which helps you track your points and miles and will notify you of withdrawals.

Limit the amount of information you share on social media, said Lapidus, who said he was astounded at the number of people whose start-of-vacation selfies include their airline boarding pass.

Those passes may contain your frequent-flier number, and if your password is weak, you’ve set yourself up for trouble.

There is other information on that pass, none of it terribly secret, but why announce to other thieves — the kind who take stuff out of your house without your permission — that you’re not home and that Granny’s antique ring, hidden oh-so-insecurely in your sock drawer, is theirs for the taking?

Consider a program that monitors the dark web, where stolen information is a hot commodity, Lapidus said. This “underbelly of the web,” as he called it, isn’t a place for neophytes.

Instead, consider a service that monitors the dark web for your information so you don’t have to get your hands dirty.

But do be cautious. L.A. Times business columnist David Lazarus looked into Experian’s offer to do a scan to see whether your information is on the dark web.

In return, the credit agency gets to deluge you with junk email. You would know that, Lazarus said, if only you bothered to read the 17,600-word terms of service.

You may already have that service. LifeLock, for instance, just notified me about a data breach of a site I use often. “We detected identity information belonging to you on the Dark Web, a term used which may also include the deep web or a peer-to-peer file sharing network,” its explainer said.

“The information found is usually from a ‘list’ that’s being given away, traded or sold. The list could be old, so it’s important to see whether or not the information on it is out of date.”

Before you sign up with a company, check on the provider’s history and background, Lapidus said, adding, “Consumers can also look for independent verification, such as a high BBB [Better Business Bureau] rating to help them evaluate.”

These precautions may seem like overkill. But you’ll also never know whether what you do today prevents problems tomorrow.

Besides, that trip to Bora-Bora may be within reach with just a few more points. In that case, the only one who should have their fingers on your dream is you.

Have a travel question or dilemma? Write to We regret we cannot answer every inquiry.