Can someone steal my Aeroplan points?

Yes. Loyalty points have real cash value, so accounts are a target for fraud. The usual method is not hacking the program directly but tricking you into handing over your login, or reusing a password leaked from another site. A strong unique password and two-step verification stop almost all of it.

How do I spot an Aeroplan phishing message?

Watch for urgency, a request to log in through a link, or an offer that sounds too good, such as a surprise points bonus or an account that is about to be closed. Real programs do not ask for your password by email or text. Go to the official site or app directly instead of clicking the link.

What should I do if my points are gone?

Act fast. Change your password immediately, turn on two-step verification, and contact the Aeroplan Contact Centre to report the fraud and freeze the account. Programs can often investigate and reinstate points taken without your authorization, and acting quickly improves the outcome.

Protect your points

Q: Does two-step verification really help?

A great deal. Even if a scammer learns your password, two-step verification means they also need a code sent to your phone or app to get in. It is the single most effective thing you can switch on, and it takes a couple of minutes.

A full Aeroplan account can be worth thousands of dollars in flights. That makes it a target, and points are easier to move than a bank balance. The good news: almost every account takeover is preventable with two settings and one habit. Here is how to lock it down, and what to do if someone gets in.

Why points are a target

Scammers go after loyalty accounts because the value is high and the security is often low. People guard a bank login carefully and then reuse a weak password on a points program. Once inside, a thief can drain points into gift cards, merchandise, or flights for someone else, and it can take a while to notice.

The attack almost never breaks the program itself. It tricks you, or it reuses a password that leaked from an unrelated website. Both have simple defenses.

Spotting a phishing attempt

Phishing messages arrive by email, text, or even phone, dressed up to look official. The tells are consistent.

Urgency and threats

"Your account will be closed," "suspicious activity detected, verify now." Pressure to act immediately is designed to stop you thinking. Real programs give you time.

A login link in the message

Any message that wants you to sign in through its link is suspect. The link can point to a lookalike page that captures your password. Open the official site or app yourself instead.

An offer too good to be true

A surprise points bonus, a prize, a "reactivate your expiring points" link. Greed and fear are the two levers, and a fake bonus pulls the first one.

A request for your password or full card

No legitimate program asks for your password by email, text, or phone. If someone does, it is a scam, full stop.

The one rule that beats phishing. Never log in through a link someone sent you. Type the address yourself or use the official app. If the message were real, the same alert is waiting for you when you sign in directly.

Lock the account down

Turn on two-step verification

This is the big one. With it on, a stolen password is not enough: a thief also needs a code sent to your phone or app. It takes two minutes in your account settings and stops the large majority of takeovers.

Use a strong, unique password

Never reuse a password from another site. If one site leaks, every account sharing that password is exposed. A password manager makes a long unique password effortless and removes the temptation to reuse.

Keep your contact details current

Make sure the email and phone on the account are yours and up to date, so security codes and fraud alerts reach you and not an old address a thief could exploit.

Check your balance now and then

Glance at your points and recent activity occasionally. Catching an unauthorized redemption early makes it far easier to reverse than finding it months later.

If your points are already gone

Speed matters. Programs can often investigate fraud and reinstate points that were taken without your authorization, and acting quickly improves the odds.

Change your password right away, and turn on two-step verification if it was not already on.
Contact the Aeroplan Contact Centre, report the fraud, and ask them to freeze the account and open an investigation.
Document what you see: the redemptions you did not make, the dates, and any suspicious message you received.
Check anything that shared the password, including your email, since a compromised inbox can be used to reset other accounts.

Your rights and obligations as an account holder, including unauthorized-use provisions, are set out in the Aeroplan program terms. Read them so you know where you stand before a problem happens, not after.

Common questions

Can someone steal my points?

Yes. Points have cash value, so accounts are a target. The usual method is tricking you into giving up your login or reusing a leaked password. A unique password and two-step verification stop almost all of it.

How do I spot a phishing message?

Watch for urgency, a login link in the message, or an offer that sounds too good. Real programs never ask for your password. Go to the official site or app directly instead of clicking.

What if my points are gone?

Act fast. Change your password, turn on two-step verification, and contact the Aeroplan Contact Centre to report the fraud and freeze the account. Quick action improves the chance of getting points reinstated.

Does two-step verification really help?

A lot. Even with your password, a thief still needs a code sent to your phone or app. It is the single most effective setting to switch on, and it takes a couple of minutes.

Keep reading

Aeroplan, explained

How the program works, start to finish.

Change or cancel a booking

When to call the contact centre.

Points vs cash

What the points you are protecting are worth.

Status qualification

Higher tiers get faster support.

Worried your account is exposed?

Come in for a free conversation. We can walk through locking down your account and making sense of your points balance, so the value you have built is safe.

Book a time → Aeroplan guide →