The service even assigns a so-called passenger name record (PNR) to the booking - a six-digit alphanumeric code that goes by different names, depending on the airline: booking reference, reservation number, flight confirmation code, etc. However, the fraudsters don’t actually buy any tickets rather, they exploit the temporary ticket reservation service that’s used in many booking systems and costs no more than a few dozen dollars.
What’s more, after payment, the booking shows up in all systems - it’s completely real. Scammers posing as travel agency employees offer tickets at extremely attractive prices. This year has also seen a rather unconventional method of defrauding airline ticket buyers bound for the UK. So a password for an airline loyalty program account could well work for email. This method of hacking has a very good chance of success, since password reuse is still common, sadly.
Second, login credentials can be collected in order to hijack other accounts held by the victim. Phishing site that harvests credentials for an airline loyalty program accounts
