Originally Posted by
chongcao
I feel so sorry for you. This is very bad. As I have said before the methods is not 'guarantee' but just some prevention steps. Unfortunately the fraudster really got your info. The account is locked is possibly due to many attempt by the fraudster. And I think you are lucky to notice the changes instantly.
With the inferior IT infrastructure of IHG, it is impossible to fight the fraud. The one step 4 digit PIN system is a guarantee that anyone can hack into the system without being an expert. Even if you change your IHG reward number and start a new account it will be compromised sometime down the line. But the saving grace is that you can try your best to prevent other account related to your IHG being compromised. That is why a separate email address for the IHG purpose only helps.
Again there is no other way to prevent IHG IT failure. You need to stand out with other victims to force IHG to make changes to its inadequate system. I think after the several years of hacking and fraud, this is the only way to go forward,
IHG is unlikely to invest in IT system if they are not forced to now. Victims need to act together and force the issue upon IHG.
Whats annoying is IHG seem to think accounts getting hacked is the users fault.
I guess there are people with passwords set at 1234, 1111 etc and equally weak email accounts with no protection on their computers.
But i have 2 factor authentication and where thats not possible passwords with 12 plus random capital letters and special characters.
As i said a new email account was set up with a very secure password after the first hack.
But the weakest link here is IHG and once they get through the limited IHG security have access to details including my new email i set up purely for IHG use. (i did notice someone had tried to access it from South Korea yesterday but failed to gain access)
The hackers already have my IHG number now, email address, home address, phone number etc so refused to change my email address again when the operator asked me to!
The operator i spoke to would not give details of how they gained access again, but just said the points had been returned to my account and emailed me another PIN. There was no history of these transactions in my account so not sure how many had originally been taken.
I did ask for a new IHG number but none of my current reservations would be moved. As i have hotels booked for Christmas and new year with no availability now i decided against this - after all whats to stop the new account getting hacked!
I have little confidence in IHG security at all but what is more annoying is how they try to pass blame to the end user. When its their crappy security which is to blame on most occasions.