lohrmk

I logged into my Delta account yesterday and was caught off guard when I noticed my skymiles balance was below 10k. Well... I wasn't caught off guard as much as was completely confused since I usually keep a balance north of 300k.

So I went over the details page and saw that 347K were used to purchase something on the Delta marketplace. Now, I'm completely panicked because I know I did not do this.

So I called Delta and they were nice and said a fraud case was opened and once fraud was proven they would be re-deposited into my account. They were hopeful I caught it fast enough to stop the merchandise from being shipped. The transaction appears to have occurred on 12/21 and I caught it on 12/26.

Has this happened to anyone else? I'm not even certain how the person did it. Anyway to follow up directly with Delta fraud?

Thanks in advance for any assistance.

flyertalk77

Sorry to hear that.
Did they give you a case number or some thing when you opened a case with them?
If not, I guess they can still track it by your SM number. I would call them every two days to find out status until you get all your miles back.

Who knows how they got your info. It could be any number of ways this could be done.
Used a hotel PC and forgot to sign off?
Phishing scam - clicked on link from an email that was sent by someone other than Delta?

Anyway start making some preventive measures if you haven't already done so:

1. Change passwords for both Delta and your email.
2. Freeze your credit with all 3 credit bureaus. It's unlikely but who knows what else they're trying to steal. Not trying to scare anyone but it's just best protection you can have with your credit. Forget those wannabe credit monitoring services.

MarkCron

Happened to me, but the purchase was a flight. Several years ago. Issue was resolved easily and quickly in my case.

BobH

+1

I would also get the number changed for any credit cards you use to buy tickets from the Delta website .... and while your on the phone with them check to see if there have been any unusual charges.

It'll mean using a different card for a few days until the new one comes.

Bob H

MSPeconomist

Keep notes of any conversations with DL, including time, date, and name/location of the employee. I assume that you're talking to something like a fraud protection unit as well as the elite line or reservations/general FF people. Try to get the full name and phone number of the person responsible for your case. You might want to also file a report of the missing miles by email and even snail mail, just as you would do for any fraudulent credit card charges. (I think thieves have merchandise sent to drop addresses so it might not be so easy to catch the perpetrator, but you might want to file or make sure that DL files a police report in the appropriate jurisdiction. Consider also informing your homeowner's or renter's insurance carrier promptly if it looks like this might be a covered loss, after the deductible, on your policy.)

I haven't heard of this with DL, but there have been some threads in other airline fora on FT about miles being stolen from accounts, IIRC AA and UA. Reading those reports could be useful and suggest how such situations are generally handled in the industry.

jhayes_1780

Here is the UA thread:
http://www.flyertalk.com/forum/unite...ghlight=HACKED

Chrislorl

Just an update to this thread. In the past 4 weeks I have had miles stolen 2 times.
The first was for two tickets from an airport in Russia to Hong Kong. I found it withing 6 hours (when I woke up). They had gotten into my account, changed the email address and booked the tickets. Delta confirmed that the seats were not used due to lack of a proper Visa when checking on to the Air France flight. My miles were restored within 3 days.
All measures were taken, account password changed, all email, accounts and other items changed. Computer scanned twice and phone restored and scanned. Nothing was found on any device.
Next - last week 3 tickets from the same airport to Denmark. This time they were checked in and waiting for a KLM flight. Delta told me they had contacted the authorities in that airport and would handle it. Again I changed everything that night.
Delta told me my account was locked and safe. Just for my own sanity I went into my account, said I could not remember my password and it allowed me to reset it by entering my home address. Now this information was available to the hackers since they had been in there. I was pissed to say the least, called Delta and was assured that even though that happened my account was in "audit" and no miles could be used. They suggested I close that account and open a new one.

So now I am waiting for my roll over to hit and I will have to do that. Also change all my travel profiles, points programs, and accounts.

Keep your eyes out for emails that start with "Thank you for updating your Skymiles account". This is how I spotted the activity.
BTW - all miles have been credited back to me.

anaugle

Something similar happened to me a number of years ago (at least 10 years). An award ticket from Seattle to Akron was purchased from my account (of all places to go using stolen miles!). I called Delta, and like you, they opened a fraud investigation. As I recall, I had to complete an affidavit affirming the theft, but the process was pretty painless.

Following that incident, the agent advised me to protect my SkyMiles number--for example to not leave used boarding passes in the seat pocket.

I wonder if the involvement of merchandise, and thus real expense loss, makes it harder to get the reimbursement vs. lost DL revenue for a stolen ticket.

packetboy

I'm a cyber fraud investigator...I've actually done briefings on the Rewards Points fraud issue...it has been accelerating over the last couple of years.

There are three usual root causes to this issue:

1) You feel for a phishing attack and gave up your credentials (guessing this is NOT the issue)

2) Your machine (or ANY machine you used to login to your account) is compromised with a trojan that logs all your keystrokes (aka: 'keylogger') (this is why you should never login to your account from an untrusted PC like a hotel business center). BTW: Letting your kids use your PC now makes your PC untrusted.

3) You used the same password for your Delta account on other websites *and* one of those website got hacked into. Criminals routinely take passwords from these compromises and replay them against other web sites where there is money (or points) to be stolen. For more background on this issue Google: CyberVor

You should be made whole, but everyone should take steps to protect your accounts almost as well as you would a bank account...it is a prime target and I wouldn't be surprised if this problem escalates to a point where airlines stop taking the liability for this kind of fraud..they certainly have no legal liability to do so.

Chrislorl

Thanks, I appreciate the input.
I am a pretty savvy user and no kids, it is possible on the password thing, but that night of the first hit I changed it to a completely new password, scanned with two different programs and had my MIS team go through my laptop in the morning.

One big thing you left out.... My phone and Apps.
After the second hit I deleted the Delta App and also re-formatted my phone to the factory level. Actually I think this may be more likely in the case of this or even an entry from Delta's end.

What really upset me was the second hit after I had been told everything was locked down.

As far as them saying "tough, it's your problem and we are not doing anything", well If I told them a month later I could see something like that, but when a customer acts with due regard and notifies them as quickly as I did I think it would be a tough call especially when it is miles not a cash or merchandise type product. Delta does have a responsibility to also protect our accounts. They were great about handling this, the Agent in Chisholm was right on top of it and I believe she did all she could do.

I think everyone should watch all of the things you brought up, but most of all watch all your accounts.. Checking, Credit, Points, etc.

FlyingUnderTheRadar

Seems there has been a targeted effort:

http://www.sltrib.com/home/2049538-1...-in-attempt-to

The BNA Gentleman

Cool ...., I posted a phishing email I got earlier this year for Delta that I posted on here.

When you say Cyber Fraud? Are you working for a three letter or corporate? I'm more of a hardware guy (Wireless) but I do try to keep my pulse on things and do some cons, Defcon and some local SE ones.

I've wanted to test some stuff with GoGo's security but I don't want to venture towards the area of being unethical. I do think you can do ARP attacks though.

exwannabe

Read the end of that artical, I cracked up laughing.

UA requires the account number to log in (they say this like it is a security feature). Yeah, they do not require a username/password like any rational site (and most airlines were in the same place a few years ago).

HH has an anit-robot check (read some fuzzy number/word and type it back). This has nothing to do with security.

As long as these F'ing morons take security as a joke, this will get worse.

packetboy

I work for most of the major banks/brokerages doing outside intelligence and fraud investigations. Let's leave it at that as I prefer to say below the radar.

FlyingUnderTheRadar

Hey, this is Flyer Talk … so you should be flying under the radar.