Aeroplan is the FF for Air Canada

Yes, it's happened before. Many people have posted here in the past with the same general story.

Neil

Thanks. Surprising Hilton cannot fix their holes. It looked automated as it was done so fast. Hopefully they enhance their security.

https://www.flyertalk.com/forum/hilt...ct-2014-a.html

https://www.flyertalk.com/forum/hilt...oints-com.html

Hilton account altered/hacked?
 

Long time reader, first time post. I am going into my 9th year as Diamond with Hilton so i am pretty well versed. Several years ago I had a run of 7 hacks to my credit cards. (PITA) Struggled to find the root cause and in the end, I truly believe it was a Hilton issue as many of you know they had a major issue. I had no liability but like I said, just a PITA!
I just went into my account and I was booking a room at the Hampton Inn State College, PA for Wednesday night. As I went to the final screen, I noticed my e-mail address had an extra letter A in the middle of it. I jumped back into my account where there are 3 e-mails on file, 2 of them were the same personal address and the last was my work e-mail which is my first-dot-last name @ my company. ALL 3 had an extra A in the middle. I called the Diamond Desk where they suggested I change my password and then correct the e-mail addresses which I did.
For note, I have NOT had an issue that I am aware of and all of my points and credit cards are intact. Not sure what diverting my confirmation e-mails would do for someone but I am not an IT person to understand it. I just wanted to share this so that everyone can keep your eye out for this. It is very odd and I, nor Hilton, have an explanation. I requested the Diamond Desk report this to their IT and Security departments just in case.

HTH!!

Thanks for your post. Yes, it's good to be aware of that kind of issue.

But it's actually your second post, not your first. :)

One advantage of having AwardWallet is that they notify me whenever a point balance changes.

I can't see why people think they can get away with making award reservations; why doesn't Hilton play along and arrest them when they show up?

I received this email this morning.

POINTS REDEMPTION ACTIVITY NOTICE

Dear [xxxx],

Thank you for your loyalty to Hilton! This is a courtesy message to confirm the point redemption activity on your Hilton Honors account. You may verify the specific activity and any changes made during the transaction by accessing your account on-line via Hilton Honors.

Your privacy is important to us, if you did not authorize the point redemption on your account or any changes during the transaction, please contact Hilton Honors at 1-800-446-6677 to speak with a customer service representative.

Thank you,
Hilton Honors


Despite this, I logged in and saw no activity on my account.

My account was previously compromised in the fall (around August 2017).

The guests showing up may (likely) be victims as well and honestly thought they had proper reservations after paying for the booking online in advance.

Then it can be determined who they paid and the money reclaimed (and the recipients arrested).

Maybe you need to watch a bit more TV movies... If someone is going to stealing points and selling them, they won't be using their real identity when dealing with the marks. Thieves put a lot of effort into hiding and making sure they are protected without regard for what happens to their victims.

How did the sucker pay? Anyone who pays cash to a stranger for a hotel reservation deserves what he gets.

There are tons of ways to complete a transaction without paying cash. Between CC, Debit Cards, Zelle, PayPal, etc. it's not hard to open accounts and bail when things get hot. This is one (of many) reasons why cardholder and merchant fees are so high. And even if the phony broker loses the last few transactions they are still ahead and the victims are out lots of money.

Most of those ways leave a trace that can be followed, if law enforcement is interested.

Ding ding ding! We have a winner. Very good chance the perp is in a different jurisdiction, if not a different country and hiding behind a couple of different identities. Unless you can identify many local victims I wouldn't expect much traction.

I know someone that commited extensive fraud and the LEOs weren't interested in more cases since they didn't expect them to add any more to the sentencing for the case.