What Airline Execs
Need To Know About
Their Loyalty Programs
Bad Bots At-A-Glance
$48 billion in airline miles and other rewards sat unredeemed
in customer accounts in 2016, making loyalty programs a target
for malicious online bot activities, like loyalty program account
takeovers and acquisition of sensitive customer information. Bad
bots are programmed to steal customer information, and they'll
do anything to come up successful. Access to loyalty program
accounts opens up a whole new lucrative world for the criminals
behind the bots.
Bot is programmed to try
common passwords with
stolen email addresses
How It Works
Credential
Cracking
Bad Bot Tactic Characteristics Goal
• Attacks are 'low and slow'
• They can happen
around the clock
Run a list of paired
credentials (login +
password) against sites
across the internet
Credential
Stuffing
• Attacks are volumetric, spikey,
and last for a short period
• This means of account
takeover is extremely
prevalent on airlines
To gain access to
advantageous and/or
profitable information
Credential Stuffing
Volumetric account takeovers are more prevalent in the
airline industry than others:
• The airline industry is targeted 3-4 times per month
• All other industries are targeted 2-3 times per month
Larger airlines are a higher value target because they
typically have a larger database of loyalty program
members, which increases the likelihood of finding a
successful match from brute force credential stuffing.
What are the Stats?
In any given 30-day period, your IT team, your finance
department, and your customer service representatives
could be forced to deal with the consequences of
relentless loyalty program attacks, just like the airline
exhibited to the right. Without a comprehensive bot
mitigation tool, your staff could spend hours cleaning up
the messes that bad bots have made.
One Month of Credential Stuffing
Bad Bot Attacks:
What are the Stats?
Distil Research Lab
HOW BOTS AFFECT AIRLINES