Eric Lipkind helps travelers use points to fly for less. Then one fake email invitation helped scammers drain 330,000 points from his family’s frequent-flyer accounts.
Lipkind, known as “The Miles Man,” told ABC7NY that the message looked like a normal party invitation. He clicked, logged in, saw a blank page, and moved on.
By then, he said, scammers had what they needed.
Between Lipkind and his wife, 330,000 travel points were converted into gift cards worth about $3,300. The stolen United miles were used for Apple gift cards, while American Airlines miles from both accounts were turned into Sephora gift cards, according to the report.
The Blank Page Was Not The End Of It
7 On Your Side warns of summer scam that can leave your travel rewards wiped out https://t.co/oemt6yxnxU pic.twitter.com/W8h0bEsHqN
— Eyewitness News (@ABC7NY) June 20, 2026
Lipkind said the blank page did not seem important at first. “So, I logged in, didn’t think anything of it, and I got a blank page,” he told ABC7NY. “Didn’t think anything of it, and that was the end of it.”
The next move happened inside his email account. Lipkind said scammers set up filters so he would not see messages coming in. “The scammers went into my email account and set up filters,” he said. “So basically, I wasn’t seeing anything that came in.”
With the inbox hidden from him, the attackers were able to reset passwords on his United and American Airlines accounts and send the confirmation emails to the trash, he told the station.
The Miles Became Apple And Sephora Gift Cards
Lipkind said someone used the United account to buy Apple gift cards. His American Airlines account and his wife’s American account were used to buy Sephora gift cards.
Miles and points can often be redeemed for things that move quickly, including gift cards.
American Airlines warns on its security page that phishing messages may use false claims about accounts or flights, fake links, attachments, company logos, and urgency to collect usernames, passwords, email addresses, credit-card numbers, or other personal information.
The Invitation May Look Like It Came From Someone Familiar
AARP Fraud Watch Network’s Amy Nofziger told ABC7NY that this kind of scam can start when someone else’s contact list is hacked.
That can make the invitation look safer than a random message from a stranger. The name in the inbox may be familiar, but the link can still send the login to a scammer.
Nofziger said people who receive one of these invitations should call the person who supposedly sent it and ask whether it is real. She also warned against reusing the same username and password across accounts.
For anyone who clicks and lands on a blank page after entering a password, the email account should be checked first. Filters, forwarding rules, trash settings, recovery email, recovery phone number, and recent sign-ins can show whether someone quietly changed the account before going after airline or hotel rewards.
Reward-Point Messages Should Be Checked Through The App
The Federal Trade Commission warned in April that scammers have been sending messages claiming reward points are about to expire.
The agency said those messages push people to click a link, where scammers may try to steal personal information or install harmful software.
Travelers who see a gift-card redemption they did not make should contact the loyalty program immediately, change the account password, change the email password, and check whether the email inbox has filters or forwarding rules hiding security messages.
Lipkind eventually recovered the stolen points from the airlines, ABC7NY reported. He had to submit a police report before the points were restored.