QANTAS Cyber Incident

[kevrosmith]

Agreed most likely case.. albeit if one is going to spoof a number you'd think you'd choose an Aus one.

I also tend to ignore any mobile calls from higher numbered ranges as they tend to be more spam.

Here is QLD, I tend to ignore any numbers from Sydney or Melbourne unless I’m expecting a call

 

[swampy452]

Welcome to AFF.

What was the sender email address? That’s often the giveaway for phishing scam emails.

One of the first things I checked. [email protected]*

 

[SYD]

That, and the underlying links when you hover over the various links/buttons.

Yes, for a PC but less obvious on a phone/tablet…

Further to the above comment on sender “email”. The fake email will display something legit but just click on “From” to expand the actual email address.

 

[lovestotravel]

I'm sure they are trying. But equally a smart hacker will cover their tracks, delete logs etc

Certainly appears that the hacker has grabbed a large database file.
But it's also a question as to how accessible it is to any hacker - eg. Were DOBs and passwords cryptographically protected, which would be normal practice.

Appears that QF uses Salesforce
Appears that a consultant provided username/password to the system

Nothing would be encrypted here IMO

 

[DejaBrew]

One of the first things I checked. [email protected]*

I love it when scammers put so much effort into the email content itself, and then ruin all their good work by using the spammiest-looking email address they can find

 

[lovestotravel]

So I called their help advice line 2 8028 0534. Went to the UK. Chap said to call IDCare, who were 'looking after things'; gave a number starting with 2 (I corrected him and said it should be 02 outside of NSW).

I rang ID Care - 02 8xx_x number, so it too is offshore - Brit accent. Rather strange conversation. Didn't sound like he had been briefed, but then sorted it out. To cut a long story short, they were reassuring that nothing to worry about. Info leaked can't be used for identity theft. I challenged re hacker with data accessing third party accounts. No. When I summarised the call as "so its a case of 'don't worry, be happy' " ? He said 'That's right'.

I did note that in these things, what's said to have been disclosed early wasn't the end of it, and he agreed. Then gave me a client number 'so if I call back' ....

Ye Gods.

Yeah as I said 0 need to call Qantas for help.

IDCare is a total waste of time and banks and others handball to them for "help" when people have been victims of fraud

 

[kevrosmith]

Yeah as I said 0 need to call Qantas for help.

IDCare is a total waste of time and banks and others handball to them for "help" when people have been victims of fraud

Does it stand for “I Don’t Care”…?

 

[SeatBackForward]

IDCare is a total waste of time and banks and others handball to them for "help" when people have been victims of fraud

As useful as AI chatbots that just point to help articles that you've already read and tell you to ask the chatbot.

 

[DejaBrew]

Yes, for a PC but less obvious on a phone/tablet…

Yeah, that's true.

IDCare

IDCare = "Identity Document Care" or "I Don't Care"....?

Post automatically merged: Yesterday at 11:56 AM

Does it stand for “I Don’t Care”…?

Great minds

 

[kevrosmith]

I think you are referring to the Medibank hack here. The Optus one is said to be much simpler

Yes seems the anecdote I remember someone mentioning to me is more related to Medibank.

What Caused the Medibank Data Breach? | UpGuard

Learn the reason why the Medibank data breach was possible and the security measures you can implement to avoid a similar fate.

www.upguard.com

I’ve edited my original post.

More to the point I was trying to highlight that, regardless of how strong systems are, there are often ways we all work with computers that inadvertently compromise even the strongest security measures unwittingly.

We all might be quick to be aghast at how a corporate entity could be so careless, but a security expert could probably point out a dozen ways in which each of us expose our data unwittingly every day online because we are too lazy or not willing to change our habits to the recommended secure methods. (Not accusing all… some of you may be very good at this all… YMMV)

 

[lovestotravel]

So Qantas I'm waiting for 12 months free credit monitoring please....

 

[Flyfrequently]

Just a heads up for everyone else caught up in the hack. I just received an email offer from Qantas for a $99.50 credit on a NAB cc. Click on the "Claim Now" button. Very slick email, my FF status etc was noted. So its started.

""From the email.
How to Claim Your Gift:

• Click on "Claim Now" to begin.
• Follow the simple 3-step process to redeem your coupon.

Things to Know Before You Start:

• This gift coupon can be redeemed only once. Please do not share the link with others.
• You will need to verify your billing address.
• Choose your preferred method for redeeming the coupon.
• Complete SMS Verification to confirm your payment details.
• The coupon balance will be reflected on your statement within 24 business hours.

This one, and similar have been doing the rounds @swampy452
We know Qantas doesn't usually give "something for nothing " and welcome to posting on AFF

 

[albatross710]

Let's unpack the frivolous wording of the email.

Information that was accessed
Our initial investigations show the compromised data may include names, email addresses, phone numbers, birth dates and Frequent Flyer numbers.

Importantly, your credit card details, financial information, passport details, and Frequent Flyer passwords were not accessed. Your Qantas Points and account remain secure.

What was accessed was information that is impossible for me to change like my Name, my date of birth and difficult my phone number which has all those security codes getting sent to it.

And somehow it's ok because they were LUCKY the hackers didn't get

(one time use) credit card
undefined 'financial' information
(soon to expire) passport number
(easily changed) Qantas password

TBH though I'm not that worried since Medibank, Optus and others have already been before

 

[RooFlyer]

Yeah as I said 0 need to call Qantas for help.

Sure, but I'm bored and thought I'd see what happened.

I called the Qantas (offshore) number again and got a totally different response! Given ref # etc. Still not very helpful, but demonstrates what a cough show Qantas is in.

 

[Quickstatus]

Is it time for QF to reconsider onshoring their call centres?

 

[DejaBrew]

What was accessed was information that is impossible for me to change like my Name, my date of birth and difficult my phone number which has all those security codes getting sent to it.

<tongue-firmly-in-cheek>

I disagree. You can definitely change your name to "Hacky McHackface" by deed poll. Problem solved!

</tongue-firmly-in-cheek>

 

[Aeryn]

Is it time for QF to reconsider onshoring their call centres?

Yes, but not just onshoring but in-housing.

When a company doesn't outsource, the call center staff can use internal systems on the LAN removing the number of integration points over the internet and more directly control who can access what for which processes and the quality of those user interactions.

I personally do not think call centre roles should be allowed to WFH; given the nature of customer data they need to handle this should be done from secured premises, on company assets where only authorized/vetted staff are able to over-hear the conversations and supervisors are available for escalation.

We all know the quality of service provided by the in-house HBA call centre is miles ahead of the offshore outsourced ones where resources have different interface and insufficient training.

I dont even think the cost is that significant when instead of multiple calls issues would be solved on first call, and avoiding fines.

 

[SeatBackForward]

what a cough show Qantas is in

It's by design. Each organisation has a risk appetite and for Qantas (And daresay many others) they took the approach that the risk of outsourcing and having lax systems was worth the rewards it offered to the management team making such decisions.

The truly tragic thing is not that this occurred (its almost inevitable), but that the people who made those decisions will be held 0% accountable for them, if they're even around with QF anymore. Most likely they've moved onto their next victim to leech from.

IF Qantas wants to appear to be better, sorry let me pick myself off the floor, they would do some serious soul searching on how to avoid this in future, but no they'll follow the standard big corporate playbook of hiring a crisis management consultancy to just shut us up until we've forgotten about it.

We all know how this will play out. Some law firm will start a class action, get $20m in compensation and take most of it for themselves, leaving us with the hefty "compensation" of $1.56 per victim.

Post automatically merged: Yesterday at 12:17 PM

I personally do not think call centre roles should be allowed to WFH; given the nature of customer data they need to handle this should be done from secured premises, on company assets where only authorized/vetted staff are able to hear the conversations.

But that would mean fewer luxury yachts for the Board members!

 

[oz_mark]

We all might be quick to be aghast at how a corporate entity could be so careless, but a security expert could probably point out a dozen ways in which each of us expose our data unwittingly every day online because we are too lazy or not willing to change our habits to the recommended secure methods. (Not accusing all… some of you may be very good at this all… YMMV)

I also think that many don't understand just how relentless these attacks and attempts are. They may have repelled 1,000 or more attacks, but then one slips through...

 

[swampy452]

This one, and similar have been doing the rounds @swampy452
We know Qantas doesn't usually give "something for nothing " and welcome to posting on AFF

Ha ha, yeah, Qantas freebie...Thanks all for the welcome.