Many of us log into our bank accounts each day to keep an eye on our spending and ensure there has been no unauthorized activity associated with our accounts, but how often do you check your frequent flier accounts for fraudulent activity?

When your account isn’t protected by a strong, complicated password or you use the same password for multiple websites, your loyalty accounts become vulnerable to theft. As many of these memberships do not provide monthly account statements, often times fraudulent activity goes unnoticed until it’s too late. While airlines typically will replace miles for consumers who have been hacked, a police report and prosecution proceeding must pre-empt any claims with the airline.

Cyber thieves stole millions of miles from thousands of accounts last year, prompting a number of airlines to change their login procedures in order to better secure their customers’ accounts; the number is expected to rise, especially as credit card fraud becomes increasingly more difficult. One crook stole more than $250,000 worth of airline tickets and luxury car rentals. These criminals use a number of ploys to gain access, including “phishing” emails with detrimental links and password theft in cases where users employ the same password for multiple accounts.

The airlines are working to balance security with convenience for clients; while the system needs to be secure, it also needs to be simple to not frustrate the user. United, in particular, has been vehement in enhancing the security around MileagePlus accounts. After implementing four-digit PIN numbers, the airline found that this method was actually less secure, because users were inputting easily guessed numbers like their birth year. United moved to passwords, along with a series of account questions, in order to provide a two-layer protection. It’s worth noting that United’s advanced security features are not an officially recognized “two-step authentication” process which entails a code being sent to your phone when a user logs in for the first time from an unrecognized device.

Aside from losing the miles you’ve shopped so hard to accrue, these cyber criminals can also gain access to important personal details, including your full name, birth date, address, credit card, and passport information. In order to best protect yourself from mileage fraud, ensure you have a strong password and vary your passwords from site to site. Security experts recommend using a password manager to capture all of your passwords securely.