Fake loyalty or reward points expiring phishing — fraudulent email impersonating an airline frequent flyer program, hotel loyalty program, credit card rewards account, or generic rewards platform claiming the recipient's miles, points, or rewards are expiring soon or have been forfeited — directing them to click a link, log in, or verify account details to claim, redeem, or save their points before they are cancelled — a credential-harvesting phishing attack exploiting urgency around loyalty program balances

Phishing emails impersonating airline frequent flyer programs, hotel loyalty programs, credit card reward accounts, or generic points platforms — claiming the recipient's miles, points, or rewards are expiring imminently, have already been forfeited, or will be voided unless they take immediate action — then directing them to click a link, log in through a fraudulent portal, or verify account credentials to claim, redeem, or save their balances. Loyalty point urgency is a highly effective social engineering trigger because points represent real monetary value. Key facts: (1) Loyalty program fraud grew 89% from 2019–2022 (Forter Fraud Index 2023); phishing is the primary credential compromise method, with targeted programs including United MileagePlus, Delta SkyMiles, American AAdvantage, Marriott Bonvoy, Hilton Honors, and Chase Ultimate Rewards; stolen loyalty credentials are sold in bulk on dark web markets for $10–$50 per account; (2) The "points expiring" trigger exploits a real legitimate behavior — airlines and hotels do expire inactive accounts — making recipients genuinely uncertain whether the warning is real; this ambiguity dramatically increases click rates versus purely fabricated threats; (3) Compromised loyalty accounts are primarily monetized by booking business-class flights and luxury hotel stays for resale (travel fraud), or by transferring points to attacker-controlled accounts; secondary monetization includes selling account credentials; (4) Legitimate loyalty programs never request account password or full payment card details via email to prevent expiry — account activity prevention is done by logging in, not by verifying credentials through an emailed link. Warning signs: expiry urgency with non-airline/.non-hotel domain, verify account credentials to prevent loss of points, link redirecting to non-official program portal.