Stolen rewards points

You could find your points missing when you’re ready to spend your loyalty rewards at a retailer. That’s because there have been recent data breaches at major companies, including T-Mobile, Marriott, MyFitnessPal, Facebook, and Orbitz.

By now, most people have had some of their credentials compromised. You can be sure that at least your current email or one of your previous emails has been hacked. Bad actors count on many of us using the same email and password combinations for all sites.

Once they’ve stolen your log-in information from one website, they use software to plug it into hundreds of other sites, looking for matches.

Such “credential stuffing” provides them access to your accounts with retailers and banks, for instance. Then, they can use your rewards to buy things for themselves or even open new accounts in your name.

Avoid this holiday scam: Vary your passwords and change them frequently. Consider using a string of words rather than just one or two. A password like MyComputer is more accessible to hack than MyComput3rNow1sMyF@vorite!

Better still, you can use a password manager. It securely stores and encrypts all your passwords, and you can use it to generate long, strong, unique passwords designed to thwart hackers.

The software also remembers PINs, answers to security questions, and CVV codes, those three- and four-digit security codes on the back of your credit cards.