New SkyMiles Account Fraud and Account Takeover Targeting Delta Customers
Criminals create new Delta SkyMiles accounts using stolen identity details to accumulate fraudulent miles, or take over existing accounts to redeem earned miles for flights and gift cards before the real member notices.
Part of: New Account Takeover
Last reviewed: 8 June 2026
Delta SkyMiles accounts are created freely online with basic personal information, making them relatively accessible entry points for identity-based fraud. A criminal who holds a victim's name, email address, and date of birth can create a new SkyMiles account in that identity, enroll the real victim's travel history retroactively using flight receipts, and begin accumulating miles for fraudulent future redemptions.
New-account fraud at Delta can also involve applying for the Delta SkyMiles American Express card in the victim's name, obtaining a new credit line while routing the card to a mule address for the attacker's use. The victim discovers the fraud through a hard credit inquiry or when a card bill arrives at an unexpected address.
Account takeover — seizing an existing SkyMiles account through credential stuffing or phishing — is a more common and faster form of the same attack. An existing account with years of accumulated Medallion Qualifying Miles and a substantial balance is a more tempting immediate target than a newly registered account.
How this scam works on the Delta Air Lines brand
In new-account fraud, the attacker creates a SkyMiles account using stolen personal data and applies for the affiliated American Express card with a mule delivery address. If Delta's identity verification for retroactive mileage claims is inadequate, the attacker may also submit historical receipts to inflate the balance quickly.
In account takeover, the attacker logs in to an existing SkyMiles account through credential stuffing or after a successful phishing campaign. They immediately change the notification email address to prevent real-time alerts, then redeem the miles balance for the most liquid awards: flight certificates, seat upgrades, or Delta gift cards that can be resold.
Some attackers combine both: they take over an existing high-value account and also create new accounts as mules to receive transferred miles, obscuring the trail.
Common red flags
- You receive a SkyMiles account creation confirmation you did not initiate
- A SkyMiles login alert arrives from an unfamiliar device or country
- Your SkyMiles balance has decreased without a redemption you made
- A hard credit inquiry from American Express or Delta's card issuer appears on your credit report without your knowledge
- Your SkyMiles account email address or Medallion PIN has been changed without your action
- You receive a card in the mail for a Delta SkyMiles credit card you never applied for
How to protect yourself
- Enable two-step verification on your Delta SkyMiles account under My Profile
- Use a unique, strong password for your SkyMiles account that is not shared with any other service
- Place a credit freeze with all three credit bureaus to prevent fraudulent credit card applications in your name
- Review your SkyMiles balance and account activity regularly at delta.com
- Monitor your credit report at annualcreditreport.com for unexpected hard inquiries from card issuers
- Contact Delta's SkyMiles service at 1-800-323-2323 immediately if you notice any unrecognised account activity
How to report it
- Report account fraud to Delta SkyMiles at 1-800-323-2323 or via delta.com/help
- Report identity theft and new-account fraud to the FTC at identitytheft.gov
- If a fraudulent Delta credit card was opened in your name, dispute it with American Express and request an investigation
- File a report with the FBI at ic3.gov if financial loss occurred
Frequently asked questions
How do I know if someone opened a SkyMiles account in my name?
Look for unexpected SkyMiles welcome emails, hard credit inquiries from card issuers on your credit report, or a Delta credit card arriving at your address that you never applied for.
Can Delta reverse fraudulent SkyMiles redemptions?
Delta investigates reported fraud and may reinstate miles if the account takeover is confirmed. Prompt reporting significantly improves the chance of recovery, especially for unredeemed awards.
What is the most effective protection against SkyMiles account takeover?
A unique, strong password for Delta combined with two-step verification eliminates credential-stuffing risk. Most SkyMiles takeovers exploit password reuse from unrelated breaches.