Help, My Aeroplan Account Was Hacked!
Apr 7, 2017, 7:56 am
#1
Original Poster
Join Date: Jul 2006
Posts: 28
Help, My Aeroplan Account Was Hacked!
My Aeroplan account just got hacked! They redeemed 472k worth of points in less than 30 minutes (from the time I received an email of the account change to reaching a contact center representative). I was told someone from the fraud department will be contacting in 24 hours and likely reverse the transactions.
Once I had the CS change back my contact info, I reset my password, changed back my contact information, only to have them all changed by the hacker again... so frustrating.
Guess I will have to wait for the fraud department to rectify the issue.
Has anyone experienced this?
Once I had the CS change back my contact info, I reset my password, changed back my contact information, only to have them all changed by the hacker again... so frustrating.
Guess I will have to wait for the fraud department to rectify the issue.
Has anyone experienced this?
Apr 7, 2017, 8:16 am
#2
Join Date: Oct 2015
Posts: 733
Any idea how they got access?
Did you click any purported "aeroplan" links in emails recently (phishing attempts)? Did you make any new accounts with the same password you use for Aeroplan or login on new websites with that password? Have any other accounts/services been affected? Did you change your email password after the first hack? Did Aeroplan check if anyone called their call centre to reset the password of the account claiming to be you?
Did you click any purported "aeroplan" links in emails recently (phishing attempts)? Did you make any new accounts with the same password you use for Aeroplan or login on new websites with that password? Have any other accounts/services been affected? Did you change your email password after the first hack? Did Aeroplan check if anyone called their call centre to reset the password of the account claiming to be you?
Apr 7, 2017, 8:18 am
#3
Join Date: Aug 2014
Location: YQB
Programs: AC SE
Posts: 2,139
Sorry to hear about that. I do have a lot of sympathy for the OP.
But on the other hand I find it a bit ironic and mystifing that someone would be able to redeem so many points in so little time given AE's famously poor IT!
But on the other hand I find it a bit ironic and mystifing that someone would be able to redeem so many points in so little time given AE's famously poor IT!
Apr 7, 2017, 8:25 am
#5
Original Poster
Join Date: Jul 2006
Posts: 28
As a rule, I do not click on any emails that I am not familiar with and if personal information is request, I will use a browser and log in separately to confirm the request.
When I called Aeroplan, they didn't share much information with me other than someone from Fraud would be calling me in the next 24 hours and likely reverse the transactions.
I did reset the password and changed to something different... so frustrating.
What I find amazing is that Aeroplan customer service cannot cancel fraudulent redemptions and needs the Fraud department to do so. Regardless, I hope Aeroplan is able to stop the shipment of the merchandises and deny the scammers of what they came for.
I am just hoping that I will hear from Fraud soon and resolve this issue.
When I called Aeroplan, they didn't share much information with me other than someone from Fraud would be calling me in the next 24 hours and likely reverse the transactions.
I did reset the password and changed to something different... so frustrating.
What I find amazing is that Aeroplan customer service cannot cancel fraudulent redemptions and needs the Fraud department to do so. Regardless, I hope Aeroplan is able to stop the shipment of the merchandises and deny the scammers of what they came for.
I am just hoping that I will hear from Fraud soon and resolve this issue.
Any idea how they got access?
Did you click any purported "aeroplan" links in emails recently (phishing attempts)? Did you make any new accounts with the same password you use for Aeroplan or login on new websites with that password? Have any other accounts/services been affected? Did you change your email password after the first hack? Did Aeroplan check if anyone called their call centre to reset the password of the account claiming to be you?
Did you click any purported "aeroplan" links in emails recently (phishing attempts)? Did you make any new accounts with the same password you use for Aeroplan or login on new websites with that password? Have any other accounts/services been affected? Did you change your email password after the first hack? Did Aeroplan check if anyone called their call centre to reset the password of the account claiming to be you?
Apr 7, 2017, 8:27 am
#6
Original Poster
Join Date: Jul 2006
Posts: 28
I did scan my computer and found no malware.
None of my other accounts (financial and otherwise) seems to have been compromised.
None of my other accounts (financial and otherwise) seems to have been compromised.
Apr 7, 2017, 8:35 am
#7
Join Date: Sep 2013
Programs: AC SE100K, AA EXP, SPG Plt, HH Dmnd
Posts: 1,507
Sorry. You were likely the one hacked. Not Aeroplan.
But fortunately it's hard for these hackers get away with it
a) these tickets have to be in somebody's name,
b) likely to be noticed before the flight date
But fortunately it's hard for these hackers get away with it
a) these tickets have to be in somebody's name,
b) likely to be noticed before the flight date
Apr 7, 2017, 8:38 am
#8
Join Date: Jan 2009
Location: YOW
Programs: AC E75 / Marriott Titanium Elite
Posts: 952
Not a big surprise, I had an issue with TD Visa fraud recently and had to deal with their fraud dept as well. Pain in the neck, but at least the fraud ppl are capable of taking the correct actions.
Apr 7, 2017, 8:40 am
#9
Join Date: Jul 2013
Location: MLL / AC Cafe
Programs: It's hard to get status when the website won't let me book flights.
Posts: 5,706
I put part of this on Aeroplan's bad attempt at security.
Heck, it doesn't even make a difference if you type your password in with capitals or not.
Heck, it doesn't even make a difference if you type your password in with capitals or not.
Apr 7, 2017, 8:40 am
#10
Suspended
Join Date: Mar 2002
Location: Canada, USA, Europe
Programs: UA 1K
Posts: 31,452
They could illegally sell them to a shady points consolidator.
Apr 7, 2017, 8:43 am
#11
Join Date: Aug 2014
Location: YQB
Programs: AC SE
Posts: 2,139
Apr 7, 2017, 8:48 am
#13
Original Poster
Join Date: Jul 2006
Posts: 28
Apr 7, 2017, 8:50 am
#14
Join Date: Oct 2015
Posts: 733
Sometimes the mule is someone participating in a get-rich-quick scheme they actually believe is legitimate, while others are victims of catfishing schemes or other online scams. Meanwhile the scammer is sitting in an internet cafe in Benin Republic or Nigeria and there are no traces to follow outside of NA. It's a billion dollar "industry".