Yes the world's best hacker hijacked the LMT winners list and is playing games with us.
No, actually it's just another example of poor execution by LMT. Surprising? No.
The real question is, what if anything can we do to fight this? Clearly by the original T&C LMT didn't originally plan to 1099 everyone:
"Participation constitutes the Traveler's unconditional agreement to the Dollar Terms. Traveler must fulfill all requirements set forth in these Terms to be eligible to participate. The Dollar Terms are final and binding in all matters related to the Campaign. The Campaign does not constitute a prize, lottery, or sweepstakes."
Clearly they now cannot afford not to write off the expense of the promotion and want the winners to bear the tax burden. My guess is that a lot more people won than they expected.
Yes the world's best hacker hijacked the LMT winners list and is playing games with us.
No, actually it's just another example of poor execution by LMT. Surprising? No.
The real question is, what if anything can we do to fight this? Clearly by the T&C LMT didn't originally plan to 1099 everyone. Clearly they now cannot afford not to write off the expense of the promotion and want the winners to bear the tax burden.
You clearly don't understand. This is web site security 101. You do not ask for personal information like your SS# from your customers on a web site without it being encrypted. That is FLAT OUT insane!!!
This is the equivalent of taking your SS# to a random store, in a huge crowd with people looking over your shoulders, giving the SS# to them in clear text, and pray that they do not do anything with it. Meanwhile, a random person in the store who happened to be at the counter at the same time glances over and notices the number sitting there and writes it down.
This is how identity fraud works people. This is at the very least gross incompetence by Last Minute Travel at the highest degree. Even the most basic web master for a company knows that this information needs to be encrypted, on a valid domain, and a pretty damn good reason to ask for a SS#.
I know computers, I am a tech support specialist for my day job. I know when something isn't right and this is not right!
Yes it is clearly gross incompetence by LMT - that's what I was saying. But an attempt at fraud by a hacker? Clearly not.
I'm not suggesting anyone provide their SSN, especially on an unsecured website. But rest assured LMT wants it and this will not be their only attempt to get your SSN - unless there is something we can figure out to combat this!
Yes it is clearly gross incompetence by LMT - that's what I was saying. But fraud by a hacker? Clearly not.
I'm not suggesting anyone provide their SSN, especially on a unsecured website. But rest assured LMT wants it and this will not be their only attempt to get your SSN.
This is such gross incompetence I was trying to find a rational explanation for why it happened. A hacker would be something like that, it wouldn't surprised me if their web server account used "password" as the password at this point. I just can't believe their stupidity.
Well I am telling you right now. They are not getting my SS number. Not after proving how smart they are.
Hey everyone, this has to be a scam. Check the link on the tax e-mail. It brings you to a site that uses its IP address as the site address instead of a domain name. It isn't encrypted. AND it asks for your social security # among other personal info. All classic signs of fraud and a phishing.
It is e-commerce security 101. You give that info, unencrypted, to a shady web site address that doesn't remotely look legit, and they can open accounts under your name!!!
DO NOT fill that form out! We need to confirm that they sent this to us or they haven't been hacked. Even then, I have no confidence in them now if they failed e-commerce security 101.
They might be incompetant, but that IP address is actually registered to LastMinuteTravel or as they are also known as Tourico Holidays...
http://whois.domaintools.com/66.192.128.13
OrgName: Tourico Holiday Flights, Inc
OrgID: THF-12
Address: 220 E Central Pky
Address: Suite 4010 Floor 4 Room Telcom
City: Altamonte Springs
StateProv: FL
PostalCode: 32701
Country: US
__________________ My Blog | My Photos University of Central Florida Knights!
I did find the email requesting my SS# in my spambox.
I called LMT and a polite fellow was able to tell me
my prize was valued at $1014, 7 nights at 4* in Rio.
I am not employed, so expect to be in 15% bracket.
$150 for a week in Brazil 4* seems OK.
(well, I made less than $1/hour for time spent !! )
I would obviously prefer to pay $7 and not be a taxable winner.
However, I choose to not stand on principle and start talking lawsuits.
First I must confirm reward air ticket to GIG to make this work.
Then, based on above security issue warning,
will call my SS# into LMT rather than submit email form.
One question I forgot to ask:
if I cancel later (apparently only $25 or free 8 days or earlier),
will the 1099 be revoked easily or will it lead to
complications come tax filing time?
If anyone has info about this, it would be good to know.
They might be incompetant, but that IP address is actually registered to LastMinuteTravel or as they are also known as Tourico Holidays...
http://whois.domaintools.com/66.192.128.13
OrgName: Tourico Holiday Flights, Inc
OrgID: THF-12
Address: 220 E Central Pky
Address: Suite 4010 Floor 4 Room Telcom
City: Altamonte Springs
StateProv: FL
PostalCode: 32701
Country: US
Doesn't explain the lack of encryption on the site or why they didn't take the 5 minutes to setup a proper domain that would make the site at least look legit. That is inexcusable. They do not care about their customers one bit.
Doesn't explain the lack of encryption on the site or why they didn't take the 5 minutes to setup a proper domain that would make the site at least look legit. That is inexcusable. They do not care about their customers one bit.
I agree, their IT/Web folks should have known to get a certificate and encrypt the site and done this in the first place. In the end I will probably wind up giving them my SS# over the phone...kinda wish I could just drive over to their office and just hand them a W-9 form.
On the otherhand kinda wish I went a slightly cheaper hotel, but ~$750 in 1099 taxes (which I have had to pay for before) if I recall correctly didnt set me back too badly....
__________________ My Blog | My Photos University of Central Florida Knights!
Makes me wonder how they store all of this information at their office. Is all of their credit card and social security numbers in an Excel spreadsheet for all we know?
Even calling them at this point would freak me out. Improperly stored SS#'s and the wrong person coming across them can = massive identity theft.
If they cancel my booking, you bet it is... I've got the T&C on my computer that states all of the reasons they could cancel my reservation... not providing them with a SS# is NOT one of them.
They are claiming my "prize" is $920 ($230 per night) which is what they charge for the Conrad Singapore on their site BUT when I pull up my dollar booking on the Hilton website it says my rate is $169USD per night.
How can one dispute a 1099.
What would the reprocussions be if one were to have fat fingers and mistype a few digits of their SSN on their unencryped website.
They are claiming my "prize" is $920 ($230 per night) which is what they charge for the Conrad Singapore on their site BUT when I pull up my dollar booking on the Hilton website it says my rate is $169USD per night.
How did you get the Hilton Reservation number to access your reservation? Is it anywhere on the email confirmation?
Programs: DL PM, CO Plat, HH Diamond, MR Gold, FPC Platinum, National Exec Elite
Posts: 1,747
I have a $1 booking that's definitely over $600 value and have not received an LMT email regarding 1099. I've checked spam folders thoroughly. Anyone else book through this deal and NOT get the email today?
Quote:
Originally Posted by sebt
How did you get the Hilton Reservation number to access your reservation? Is it anywhere on the email confirmation?
![[EXPIRED] LastMinuteTravel.com Offers 15,000 Hotels for $1 Per Night](/forum/iconimages/hotel-deals/expired-lastminutetravel-com-offers-15-000-hotels-1-per-night_ltr.gif)
) 
