Dodgy transactions on Qantas Frequent Flyer account

[poikilo]

Yesterday I logged into my QFF account and found that about 110000 points had been spent last week by persons unknown to purchase a computer that they had organised to be delivered to a caravan park in WA (I live in NSW). They had slightly changed both my email and moibile phone numbers, presumably to prevent me from getting order confirming messages. I've been in contact with QFF - they are investigating. I have not given my pin to anyone, so assume the account has been hacked somehow. I thought that members should know this seems to be possible, and suggest that a quick check of recent transactions might be in order.

 

[coyote25]

A good reminder to always take care. Change your pin occasionally, don't use unsecured equipment/Internet and check your account.

On the good side it's hard problematic for hackers to use points for flights (high risk of being caught dom, int must use passport) and goods need a physical delivery address making it easier for the police.

With the growth of QFF shopper options surprised this doesn't happen more often actually.

 

[MrJetset]

Have you been logging on from a shared pc, including a Qantas Lounge, or use any websites that store your login such as points.com?

 

[poikilo]

Have you been logging on from a shared pc, including a Qantas Lounge, or use any websites that store your login such as points.com?

I really can't remember doing anything like that, but I did stay at a resort in Broome for 2 days in Broome in June this year, and only in the last week or two got some points credited for that stay. I think it may not be a coincidence that the delivery address for the goods ordered is also in Broome.

 

[tuapekastar]

Yesterday I logged into my QFF account and found that about 110000 points had been spent last week by persons unknown to purchase a computer that they had organised to be delivered to a caravan park in WA (I live in NSW). They had slightly changed both my email and moibile phone numbers, presumably to prevent me from getting order confirming messages. I've been in contact with QFF - they are investigating. I have not given my pin to anyone, so assume the account has been hacked somehow. I thought that members should know this seems to be possible, and suggest that a quick check of recent transactions might be in order.

Thanks for reporting. Not had anything like that happen to me, but I do keep a fairly regular eye on my QFF account. I hope you have no issues getting the points recredited, and any miscreants are brought to account.

 

[MrJetset]

I really can't remember doing anything like that, but I did stay at a resort in Broome for 2 days in Broome in June this year, and only in the last week or two got some points credited for that stay. I think it may not be a coincidence that the delivery address for the goods ordered is also in Broome.

Sounds like you've had your FF identity stolen. Call Qantas and find out what calls may have been made in the last few weeks enquiring about your account.

 

[Mal]

I wonder if this is what could have happened:

Stay at a hotel that accepts FF cards and have this recorded.
Hotel takes a photocopy of your DL for identity purposes.
Then calls QF, identifies themselves as you. They have your address, phone number, date of birth and potentially the idea that your last flight was to X town.

Is this plausible?

 

[bugayev]

That's dodgy, hope it all works out for you!

 

[ChrisFlyer]

I wonder if this is what could have happened:

Stay at a hotel that accepts FF cards and have this recorded.
Hotel takes a photocopy of your DL for identity purposes.
Then calls QF, identifies themselves as you. They have your address, phone number, date of birth and potentially the idea that your last flight was to X town.

Is this plausible?

It's completely plausible - though I think it wouldn't take too long for QF or the police to identify a pattern (and calls would be extremely easy to trace)...

I always hand over my QLD 18+ card if they ask for ID (it's valid in all states), and let them enter the number into their system if needed for security etc etc... I also generally argue if they try to take a copy (and usually win if I've stayed at that property/with that chain before), though the 18+ card doesn't have my home address, so I feel slightly safer that way... also, all of my hotel reservations are made with my PO Box address, not my residential address, so they'd be missing that info too.

Slightly paranoid I know, but with many nightclubs also now using electronic ID scanners, I'd much rather they had as little information as possible to minimise the chance of this type of thing happening (the 18+ card was only ~$25, and with no expiry date - a great investment in my opinion)!

Best of luck to the OP in getting this issue resolved! And sorry, but I know too much about cyber crime not to say this - if you also used the public computer(s) (or open wi-fi) in Broome to login to internet banking, email, social networking, AFF, or any other site requesting a username and password, I STRONGLY recommend you change them as a matter of priority... also, if you happened to shop online and typed your credit card number when in Broome also, you really should call your card issuer(s) and request a replacement card with a new number as a precaution - none of them will charge you for this, as you'd be doing them a favour in preventing fraud that they then need to investigate!

 

[BAM1748]

Don't forget boarding passes have name and FF number so don't leave them behind, make sure you have a random PIN.

Matt

 

[poikilo]

And sorry, but I know too much about cyber crime not to say this - if you also used the public computer(s) (or open wi-fi) in Broome to login to internet banking, email, social networking, AFF, or any other site requesting a username and password, I STRONGLY recommend you change them as a matter of priority... also, if you happened to shop online and typed your credit card number when in Broome also, you really should call your card issuer(s) and request a replacement card with a new number as a precaution - none of them will charge you for this, as you'd be doing them a favour in preventing fraud that they then need to investigate!

Thanks for the advice ChrisCH. I've remembered now that the "Free WIFI" at the resort I visited in June didn't work, so I had to go to an internet cafe at which I did check out my flight details through QFF. I'm in the process of changing all login passwords for all of my bank accounts - something I used to do about once a year but will now do more frequently.

Also last night I prepared a detailed description of events and faxed it to Broome Police Station - hopefully they sent some boys around to the caravan park and nabbed the ratbag. A satisfying mental image, anyway.

 

[ozmille]

Not good, making me even more paranoid about identity theft. Strongly considering getting a PO box as one of my colleagues letterbox got broken into... Also time to go and change all my PIN codes...

But in this case I think it would be easy for the police to go and have a look at the delivery address for the computer, maybe they didn't think this one through all that well...

 

[serfty]

I'm postulating the points credit at the hotel may be the source of the account hacking.

It's not difficult to get a new PIN once you have the QFF Account number, Surname and any three of:

• Flight number of one of last five eligible flights (Carrier, Flight Number, Date)
• Date of Birth
• First Line of Mailing address
• Date of Joining QFF (MM/YY)
• Mothers Maiden name

The first three should be quite simple and the 4th not too difficult if someone had access to the FF card.


Forgotten Your PIN - Security Information

 

[JohnK]

And no question marks from Qantas on the delivery address?

 

[erehwon]

Hope it all gets sorted for you. It will be interesting to see what transpires, especially how they gained access to your account. I recall about a year ago I logged into my QF FF (from home) to view a booking and up popped someone else's FF profile, giving me access to their bookings and account details. The lady I spoke to at Qantas didn't seem that surprised when I called them.

 

[poikilo]

Thought I'd provide an update.

All of my QFF points that were spent by someone else have been returned, and those that weren't mine have been removed from my account. Luckily, I was onto the situation quickly enough to prevent teh computer from being delivered, so the fraudsters in this instance got nothing. I did report the matter to the police in Broome. They investigated at a local level (the Broome officer actually seemed a bit chuffed to be investigating somthing out of the ordinary for his neck of the woods) and also liaised with a national fraud prevention team. I was advised that they had concluded that it was simply coincidental that I had stayed in Broome and the computer that the baddies tried to steal was to be delivered to Broome. I am therefore quite glad I did not name the resort, as it seems like it may have been unfair on them to do so.

I understand from the police that Qantas is undertaking its own investigation - I have not had this comfirmed by Qantas, and nor have I been provided by them with any updates (other than my account being returned to how it should be). They did tell me that in July this year someone made a password enquiry and were provided with my pin, presumably because they were able to quote my DOB and QFF ID number. It wasn't me!

I can now endorse (unfortunately through personal experience albeit not as bad as it could be) the comments of others that pin numbers should be changed regularly, and that personal details like DOB and membership numbers should be carefully guarded. However, I don't see how it is possible to do this when staying at accommodation that requires the provision of a drivers licence which they then photocopy, and if you also provide them with your card to collect the points - they then have all they need to contact QFF to ask for (and be given) your pin.

 

[Austashes]

From an earlier threat perhaps QANTAS should stop printing FF #'s on boarding tickets. I must admit that when taking my seat and with boarding pass in hand I often stow the pass in the seat pocket and dont always pick it up. I will be more concious of doing this in the future.

 

[rechoboam]

From an earlier threat perhaps QANTAS should stop printing FF #'s on boarding tickets. I must admit that when taking my seat and with boarding pass in hand I often stow the pass in the seat pocket and dont always pick it up. I will be more concious of doing this in the future.

I picked up someone else's comin back from SYD. SWMBO asked me what I had been doing in Karratha..

 

[Archphoto]

I keep my boarding passes - ever tried to claim missing points without one? It's a real pain, and the to and fro repeating the same information over and over nearly killed me. (Was CX not QF.)

Plus I keep to prove flights to the ATO for my business. . . . . . . . .

 

[puppysparkes]

The solution is simple, stay anonymous online. Download TOR and you will have no problems. Google TOR project
Sure the speed is a little slower but at least you'll be alot safer. Don't forget to act as a relay every so often to help out the network.

Taken from their website:

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.