If you haven't checked your Aeroplan account balance lately, you might want to do that sooner rather than later.

As first reported on CTV Atlantic Monday night, scammers have targeted some Aeroplan accounts in the Maritimes, booking tickets that are then sold somewhere else.

The company is returning points to victims as quickly as it can, and warning customers to be wary of so-called phishing schemes.

When it comes to loyalty programs, Canadians are a dedicated bunch, racking-up tens of millions of points every year, but we’re less enthusiastic about spending them.

A report published last year suggested Canadians had an estimated $16 billion in unredeemed points sitting in our accounts, and, increasingly, scammers are looking to cash in on that.

“There's a growing awareness of just how much money is locked away in these loyalty programs by people,” says Luke Sheehan, the vice-president of marketing for ratehub.ca.“And I think a lot of headlines like the Aeroplan situation with Air Canada is definitely something that brings that up to the public consciousness.”

Aeroplan members are among the latest to be targeted.

Experts say hackers will generally get into the accounts through a phishing email.

“All you have to do is click a button and then it takes you to a website that also looks very much like Aeroplan, and it asks you to log in,” says social media expert and strategist Ross Simmonds. “And once you log in, that information goes into a spreadsheet, and once they have that information, it's pretty much checkmate from there.”

The company acknowledges the problem, but insists protecting member information is a top priority.

In an email to CTV News, Aeroplan says “incidents such as these are often a result of the member's password being exposed through phishing, weak passwords or third-party websites where the same password is used.”

It is difficult to get a sense of how widespread the problem is, but the company says it's a very small percentage and typical of other loyalty programs.

Air Canada says it, too, is aware of the problem, and “is working closely with Aeroplan to ensure that booked reward tickets are cancelled and that miles are returned to member accounts.”

“We actually spend a huge amount of time, effort and money in some cases, building up these points basis,” said Sheehan. “But then really, when it comes to understanding their true value and how we should actually manage them ongoing, it can be a very different subject.”

The company recommends changing passwords regularly, don't keep them too simple or use the same one for multiple sites, and make the changes in the actual company website.

Simmonds warns people to pay close attention to URLs and e-mail addresses, which can often have slight variations on the genuine accounts to make it look legitimate.

“You have to look very close to see if they happen to have two periods in there, see if they have a double-m at the end of ‘com,’ and things like that, because that's where you can start to figure out whether it was real or fake.”

With files from CTV Atlantic’s Bruce Frisko.