December 30, 2020

The 12 Days of Holiday Fraud – Day 11: Stolen Rewards Points

We’re closing in on the end of the winter holidays and wrapping up The 12 Days of Holiday Fraud - our version of the holiday classic The 12 Days of Christmas. We’re warning about the top scams that leverage the holiday season to target you and how to avoid falling victim to fraudsters.

“On the eleventh day of the holidays, my scammer targeted me with . . .”

DAY 11: Stolen Rewards Points

Many companies will reward “points” that can be used to make purchases from that company.

Most of these reward programs allow you to see how many points you have and mange those points through a website you log into.

The list of companies with rewards programs that have had data breaches in recent years is long and 2020 includes Marriott, MGM Resorts and Barnes & Noble among others. If your account was accessed in one of these breaches, your reward points might not be there when you go to access them.

While there’s nothing you can do to stop a data breach such as this, you do have the power to limit the scope by practicing strong password management. For many online accounts, the user ID is your email address – it is your password that makes your credentials unique.

Cybercriminals know many people use the same password for multiple websites so if they can capture a username and password in a data breach, they might get access to much more. Software that performs “credential stuffing” can be used by cybercriminals after a data breach to plug-in a stolen user ID and password into thousands of websites in a few minutes.

If you’re using the same user ID and password for your banking sites as one of the sites that had a data breach, the impact could be significant.


  • Do NOT use the same password or slight variations of a password more than once.
  • Many people have more than 100 passwords. Creating and remembering that many passwords becomes impossible. Utilize password management software that will allow you to securely store and encrypt passwords, as well as create unique ones.
  • When available, especially for websites you use to manage money and finances, activate two-factor authentication, so if your password is stolen fraudsters will not be able to gain access.

Stay tuned for 12 Days of Holiday Fraud – Day 12.

Check out Day 1: Secret Sister Gift Exchange.

Check out Day 2: Requests for Charitable Gifts.

Check out Day 3: Secret Santa Shopper.

Check out Day 4: Fake Holiday Marketplaces.

Check out Day 5: Package Delivery.

Check out Day 6: Gift Cards.

Check out Day 7: Fake Apps.

Check out Day 8: Holiday Shopping Spree.

Check out Day 9: Puppies.

Check out Day 10: Travel.

By clicking on any of the links above, you acknowledge that they are solely for your convenience, and do not necessarily imply any affiliations, sponsorships, endorsements or representations whatsoever by us regarding third-party websites. We are not responsible for the content, availability or privacy policies of these sites, and shall not be responsible or liable for any information, opinions, advice, products or services available on or through them.

© 2020 Buckingham Strategic Wealth®