Last Sunday, I received a text message from a rarely used hotel chain informing me of a hotel booking made with points from my account. I had not. It included a link of course which u did NOT click on, of course. Instead I went directly to the hotel website where I found a second booking “in progress”. I quickly changed the password (which I had not strengthened some time ago) and cancelled the fraudulent bookings. Also notified the company.

22 minutes later I receive an email from United where someone had asked to reset my password! The fraudster had apparently tried variations of hotel password too many times.

My airline passwords are much stronger, and none are the same. Changed it again anyway for good measure.

First time I’ve been attacked like this in over 15 years.

Good password management is a must!