Fraud with the MileagePlus account

Discussion in 'General Discussion | Miles/Points' started by Slow_Mustang, Jul 27, 2014.  |  Print Topic

  1. Slow_Mustang
    Original Member

    Slow_Mustang Silver Member

    Messages:
    453
    Likes Received:
    760
    Status Points:
    745
    This morning I happened to check my United MileagePlus account for no apparent reason and there was a big surprise waiting for me. A hacker had gotten into my account and used up almost all of my miles to make a hotel reservation. I was able to have the reservation cancelled and have the miles posted back into my account. But it was a close call as the hotel reservation had been made today for a stay starting in two days. If I had found out about it after the hotel stay was over, I probably would have been out of all my miles in that account.

    The phone trail was as follows:
    Call to customer service for MileageMiles - advised to send an email to the corporate security team at securitytips@united.com. Since the miles had been redeemed for a hotel stay, I was also given the no. for the hotel award dept.
    The Hotel Award Dept. was unable to help me as the reservation was not in my name and I did not have the the hotel reservation no. The agent advised me to send an email to the security team and also gave me the web support team's no. to change my pin on the account.
    The web support agent guided me in locating the hotel reservation in my online account. The situation being urgent, she cancelled the hotel reservation and the miles automatically got re-posted into my account. What a relief!

    The security team's automated response was that somebody will get back to me in 7-10 business days. Although they are closed over the weekend, the email was replied to within a short time and I was asked to change my pin and to reply back after the pin change to get the hotel reservation cancelled and the miles re-posted. As it happened, the web support person's effort was faster because of phone contact instead of the back and forth email contact with security and everything turned out fine. Just a heads up for others who might get their accounts compromised and miles stolen.

    Thank you United for your help.
     
    Last edited: Jul 28, 2014
  2. IDGflygirl
    Original Member

    IDGflygirl Gold Member

    Messages:
    13,743
    Likes Received:
    21,514
    Status Points:
    16,520
    Wow, so glad you discovered this situation - quickly! That is very alarming to hear of the hacked a/c. Thanks for sharing the details & pleased that UA was so responsive!
     
    YULtide, Slow_Mustang and uggboy like this.
  3. Ed Chandler
    Original Member

    Ed Chandler Silver Member

    Messages:
    430
    Likes Received:
    501
    Status Points:
    645
    And thank goodness they didn't book a close-in plane ticket - those fees are annoying. ;-)
     
    Flyer1976 and uggboy like this.
  4. NYCUA1K

    NYCUA1K Gold Member

    Messages:
    4,747
    Likes Received:
    5,090
    Status Points:
    4,270
    Wow! It was a very close call, indeed. I just updated my AwardWallet alerts to notify me within 24 hr when there is a change in any of my loyalty accounts, except that this is useless for UA since United banned AW from accessing MP accounts directly:(.

    Thank you for sharing and for the heads up!
     
    Slow_Mustang and uggboy like this.
  5. MX

    MX Gold Member

    Messages:
    2,215
    Likes Received:
    4,805
    Status Points:
    2,545
    Did I understand it correctly that United does not send email confirmations of major account activities? If they did, there would be no such surprises.
    Also I would suggest making a list of all apps and services having your United access info, and figure out who compromised it.
     
    uggboy likes this.
  6. Slow_Mustang
    Original Member

    Slow_Mustang Silver Member

    Messages:
    453
    Likes Received:
    760
    Status Points:
    745
    I did not receive any emails either from United about the use of miles or the fact that a hotel reservation had been made, OR from the hotel confirming the reservation. Is it possible that the hacker was able to set up a temporary email address for a short time to have all the emails sent to him? Maybe?

    MX, thanks for your advice and suggestions. Fortunately, I kinda live in a vacuum as far as apps and mileage tracking services are concerned. The general consensus is that accessing your accounts from unsecured WiFis from hotels/restaurants etc. is the main cause of such compromises.
     
    Last edited: Jul 27, 2014
    Flyer1976, uggboy, 8MiHi and 4 others like this.
  7. MX

    MX Gold Member

    Messages:
    2,215
    Likes Received:
    4,805
    Status Points:
    2,545
    I also don't trust my personal account info to any tracking services. Good point about WiFi's as the major source of leaks. I would even add wired connections as risky, if the path is not entirely in your control (as with hotels, employers, etc.). When I use untrusted internet connections, I started going through Virtual Private Networks (VPN's). I believe that simple VPN setups can protect you from most casual data thefts, while more elaborate measures can even evade the data-sweeping 3-letter agencies. VPN subscriptions start at ~$4/month (less for annual subs).
     
    Last edited: Jul 27, 2014
  8. lapointdm

    lapointdm Silver Member

    Messages:
    367
    Likes Received:
    537
    Status Points:
    575
    I'm glad to hear that you were able to catch that! Hackers can certainly make our lives difficult. I recommend using anti-malware and anti virus software as well as using strong passwords. It won't stop a really determined hacker, but we need to do what we can to make it difficult for them!
     
    YULtide, Slow_Mustang and uggboy like this.
  9. iolaire
    Original Member

    iolaire Gold Member

    Messages:
    3,510
    Likes Received:
    5,767
    Status Points:
    4,170
    (cross post to FT, but I will not watch my post on FT)
    I had a 35k award issues on my account on Sunday that I did not make. Found only because I randomly logged into my account the on Monday. I emailed the provided email address from flyertalk (SecurityTips@united.com) on Monday and the same day someone responded stating the award was canceled and the miles were re-deposited. Great service, I'm glad that I found the email address via a google search on the FT wiki header...

    Also in my email I told them I changed my password and pin and the person did not ask me to do it again.
     
    profpeabody and YULtide like this.
  10. YULtide

    YULtide Gold Member

    Messages:
    2,747
    Likes Received:
    10,556
    Status Points:
    10,520
    Glad you got it sorted out. I imagine if the police showed up at check in time at the hotel they could find the fraudster.
     
  11. radonc1951

    radonc1951 Gold Member

    Messages:
    5,120
    Likes Received:
    11,630
    Status Points:
    11,070
    That may or may not (more likely) be true.
    Most scammers are looking to monetize their theft. This usually entails booking a room or buying a plane ticket for someone else (using their credentials) for a discounted cash price. The person getting taken is really the schmo who gives the fraudster cash for the "deal of a lifetime" which was initially funded by your stolen miles or points.

    The schmo doesn't find out about it until they do show up at the hotel and find out that their reservation has been cancelled and the fraudsters e-mail or web account has long been closed.

    The old adage "if it's too good to be true....." usually still applies.;)
     
  12. profpeabody

    profpeabody Silver Member

    Messages:
    186
    Likes Received:
    332
    Status Points:
    450
    I got a notice from the password program I use saying there was reason to believe United had been hacked and passwords should be changed. It is end of year so I try to update most passwords for the new year just as a protection policy. Glad you avoided losing your points. The cyber world sure does have its pitfalls (said the cranky old curmudgeon).
     
    iolaire likes this.
  13. iolaire
    Original Member

    iolaire Gold Member

    Messages:
    3,510
    Likes Received:
    5,767
    Status Points:
    4,170
    FYI when this fraud occurred they changed my email address from me@domain.net to me@domain.com... I did not notice it, but it was a good way to keep me from getting confirmations. I did notice it today because I made a booking last weekend and did not receive the confirmations... It even had that bad email address when I booked and I did not notice the change.
     

Share This Page