TAMPA, Fla. (WFLA) – Caroline Goode was shocked when she logged into her Allegiant Airlines account this week to book a flight. Three flights had already been booked the day before – for three men she had never heard of.
“This person had created an email account using my name, a fake email, and had also mimicked my phone number using the same area code to make it seem more legit,” Goode said.
Goode says Allegiant confirmed her account was compromised and her credit card was charged $868.40 for three men to have a weekend getaway departing Memphis International Airport. They were supposed to board the flight Friday for a one-way trip to Ft. Lauderdale.
The men even reserved a rental car and charged Goode for that, too.
Goode says Allegiant canceled the trips and refunded her money, but she was stunned by the depth of the fraud and wanted to warn others to change passwords and monitor their accounts.
Federal and local law enforcement say this scheme is sweeping the country. Flights are typically booked just a few days out from the day of travel and often victims don’t find out until they see a credit card statement, typically after the crooks have already taken their free trip.
Victims with accumulated, unused airline points are targeted most, investigators say.
Making this scheme even more brazen: since travelers have to show id to board flights, tickets are issued in their real names. But if you think that means a quick knock on the door by law enforcement, you’d be wrong. Investigators say it’s often difficult to prove that the person listed on the ticket was the one who hacked into someone’s account and, because of that, airlines don’t always pursue charges.
A spokesperson for Allegiant Airlines say the company will assist in any investigation if Goode files a police report, which she has done.
Allegiant confirmed it refunded Goode the money. In an email, the company said, “Allegiant’s website and mobile app use the highest levels of security and encryption technology available. But none of that can prevent scammers from accessing an account if they have your username and password. That’s why it’s critical that people protect their private information and the devices on which they store accounts and passwords. Also, never give out your password to someone you don’t know. Allegiant representatives will never ask customers to reveal passwords.”
The company added, “Sometimes, an individual’s password information is stolen from their computers or devices where that data is stored. Also, customers sometimes release their personal Allegiant account information (password and user name) to third parties, who then use the information to charge their credit cards fraudulently. Please let your viewers know that Allegiant doesn’t partner with third-parties such as Expedia, Travelocity, or any other travel-related website. Customers can only book with us on Allegiant.com or by calling our customer service department at 702-505-8888.”
An FBI spokeswoman responded in an email:
“We recommend the public increase vigilance/frequency in reviewing credit card activity. Also, we encourage multi-factor authentication for sensitive financial accounts and protection of financial information with complex passwords to reduce the likelihood of limited identity thefts like this. Please encourage your viewers if they suspect fraud or attempted fraud, to file a complaint with www.ic3.gov