Fake Loyalty Rewards Renewal Scam via Email
Emails impersonating airline, hotel, or retail loyalty programs claim reward points are expiring or a paid membership tier needs renewal, directing victims to a phishing page that steals login and payment details.
Part of: Fake Loyalty Rewards Renewal Scam
Last reviewed: 5 July 2026
Email is the natural channel for fake loyalty program renewal scams because loyalty programs themselves communicate almost entirely by email, giving scammers a template that is easy to imitate convincingly.
How this scam works on email
An email formatted to match a real loyalty program's branding claims the recipient's points balance is about to expire or that their paid elite membership tier requires renewal within 48 hours, with a prominent 'Renew Now' or 'Save My Points' button. The link leads to a cloned login page that captures the loyalty account username and password.
After capturing login credentials, the fake site often proceeds to a 'renewal payment' step requesting a credit card number to pay a small renewal fee, which is actually used to test or charge the stolen card, while the credentials themselves are used to access the real loyalty account and redeem or transfer any accumulated points or miles to the scammer's own account.
Common red flags
- Urgent expiration deadline of 24-48 hours for points or membership renewal
- Login page reached via email link rather than by typing the loyalty program's known web address directly
- Email requests both account login and a separate card payment for a 'renewal fee'
- Sender's email domain differs subtly from the real company's domain
- Generic greeting rather than your actual name or membership number
- Request to 'verify' your account by re-entering your password on an unfamiliar page
How to protect yourself
- Log into loyalty accounts by typing the company's known website address directly, never through an email link
- Check point balances and renewal status through the official app or website, not the email itself
- Never enter your loyalty account password on a page reached from an email link
- Enable two-factor authentication on loyalty program accounts where available
- Hover over or inspect links before clicking to check whether the domain matches the real company
- Report and delete suspicious emails rather than clicking unsubscribe links, which can confirm your address is active
How to report it
- Report the email as phishing through your email provider's report function
- Forward the email to the loyalty program's official fraud or abuse reporting address
- Report to the FTC at reportfraud.ftc.gov or your national cybercrime reporting center
Frequently asked questions
Do loyalty programs really email about expiring points?
Some do send legitimate expiration reminders, but always verify by logging in directly through the company's known website or app rather than clicking the email's link, especially if payment is requested.