HHonors Points Stolen Through Amazon.com
#151
Join Date: Dec 2018
Location: PHX
Programs: Delta DM, Marriott Lifetime Titanium, HHonrs Diamond
Posts: 1,336
Also, when an Amazon account gets linked, or when points are spent, you get this single image email with a single clickable link embedded in the entire image. Yes there is also an image footer that is blurry and looks like scam as well. What is to stop a phisher from taking this image and linking it to a site to steal your password. This image is so bad, it looked like a phishing attempt to me, yet in my case, it was real.
For Hilton IT to not know that an email with both image and text that mentions your name and account number somewhere to know it was generated by corporate is ridiculous.
For Hilton IT to not carry forward more data from the Amazon purchase or the number of points that were redeemed in the body of an email like this is also ridiculous.
For Hilton IT to not know that an email with both image and text that mentions your name and account number somewhere to know it was generated by corporate is ridiculous.
For Hilton IT to not carry forward more data from the Amazon purchase or the number of points that were redeemed in the body of an email like this is also ridiculous.
#152
Join Date: May 2005
Posts: 4,871
No recent reports of hacks. Were you a victim within the past couple of months or are your warnings based on older DPs?
#153
Join Date: Dec 2018
Location: PHX
Programs: Delta DM, Marriott Lifetime Titanium, HHonrs Diamond
Posts: 1,336
Someone added a second Amazon account to my HHonors account and drained the points 24 hours ago. It is STILL going on.
Hilton has replaced the points already, but they need to fix the problem.
Hilton has replaced the points already, but they need to fix the problem.
#154
Join Date: Jan 2013
Location: SEATAC
Programs: AS MVP Gold
Posts: 186
I had my account liquidated via amazon - 400k points - on 1/17. I've emailed the fraud email 7 times with no reply or indication of action as my balance remains 4 points. I've spoken to the diamond desk 3 times, who will only "open a ticket" for escalation. They say they cannot do anything else. They gave me a nonworking number for "Hilton corporate headquarters", which I then googled the correct number and called with no answer.
Does anyone have any other methods by which they could reach someone who would do anything? I don't see anything scanning through the thread. I wonder if the fraud department is one person who's on extended holiday?
Does anyone have any other methods by which they could reach someone who would do anything? I don't see anything scanning through the thread. I wonder if the fraud department is one person who's on extended holiday?
#155
Join Date: Dec 2018
Location: PHX
Programs: Delta DM, Marriott Lifetime Titanium, HHonrs Diamond
Posts: 1,336
I called the HHonors line and they transferred me to fraud who took it from there.
I did call them within hours after the points were taken, so not sure if that made a difference.
If they just say open a ticket, call during regular weekday business hours and ask to speak to the "Fraud" department.
I did call them within hours after the points were taken, so not sure if that made a difference.
If they just say open a ticket, call during regular weekday business hours and ask to speak to the "Fraud" department.
#157
Join Date: Dec 2018
Location: PHX
Programs: Delta DM, Marriott Lifetime Titanium, HHonrs Diamond
Posts: 1,336
What you should be asking is, "why would anyone have their HHonors username and password match anything they have ever used anywhere else". There are names and password lists from hacks available out there for pennies. Remember Starwood? Lots of people share their passwords between hotel accounts. That and other hacked data is out there. Dig around and you will find your name, common usernames you have used, and at least one password you have used since 2010.
They don't steal the points by breaking into your amazon account. They steal the points by breaking into your HHonors account, linking it to a dummy amazon account with a fake address and a burner email. They link your HHonors account with their burner amazon account. They buy gift cards with electronic delivery that can be easily resold on secondary market . Enough to drain your points. Thief remains anonymous since there is nothing physical to be delivered.
One poster here suggested linking your HHonors account to your own Amazon account so that it cannot get linked to another amazon account if HHonors is compromised. Well that didn't work because Hilton and Amazon added this "perk" that one HHonors account can be linked to up to 3 DIFFERENT AMAZON ACCOUNTS !?!? Who the heck has 3 amazon accounts?
Therefore, if you can hack into a HHonors account, and that account is not linked to 3 amazon accounts already, then you can drain the points anonymously in a few minutes.
HHonors needs to reduce the linking capability to one amazon account and hopefully offer 2FA soon.
#159
Join Date: Jan 2013
Location: SEATAC
Programs: AS MVP Gold
Posts: 186
Thank you for this helpful comment. I appreciate your advice. How could I think my job and family were more important than looking for possible fraud stories related to frequent traveler accounts? I'll get my ducks in a row now.
Last edited by mightyducksman; Feb 7, 2020 at 7:16 am
#161
Join Date: May 2005
Posts: 4,871
Smart move...that should serve you well.
#162
Join Date: Aug 2008
Location: MCO
Programs: DL-DM/1MM, HILTON-DIA, .HYATT-DIA/GLOB , IHG-PLT,HERTZ 5*, NATIONAL ES
Posts: 8,691
Apology Email
Did anyone else receive an email overnight from at least one the alleged perps in this crime? It is a letter asking forgiveness and gives an email..... seems a bit fishy to me, but I found it interesting th as t it came to the origin as l email the account was in when it occured. Naturally I changed the email and pw at that time.
just curios as there is a name and email attached to the email that one could "respond" to.
just curios as there is a name and email attached to the email that one could "respond" to.