480,000 points stolen from account (for the second time)
#1
Original Poster
Join Date: Nov 2008
Location: Ipswich
Programs: BA GGL, Royal Ambassador
Posts: 311
480,000 points stolen from account (for the second time)
Hi all, am looking for some advice. I'm an IHG Rewards Royal Ambassador and I've now had points stolen from my account twice in the last few months. The first time it happened I noticed because access to my IHG Rewards Club account was locked, when I called the service centre they took me through loads of security and confirmed that someone had tried to make a fraudulent transaction on my account which they had intercepted and locked my account. After a lengthy conversation on the phone, they reinstated the points and I had to change personal details on my account.
I've just logged into my account again, and this time 480,000 points were missing from my account. I called the IHG Rewards Club up again (whilst changing both my email and PIN again) and after they took me through security they confirmed that their system showed 480,000 points had gone from my account. When I asked what these points had been spent on, as per numerous threads on the internet, they had been used to purchase an Amazon Gift Card, to the value of 600 GBP after some basic maths.
The customer service rep that I was speaking to then told me that 'no fraud patterns' had been detected and that as far as they were concerned this was an 'authorised transaction' to which I asked 'authorised by whom' as it certainly wasn't me that spent points on an AWS Gift Card, and no-one else has access to the account. They said that they would check some further things out and that was 20 mins ago (I am writing this whilst on hold to IHG Rewards Service Centre, although I have a strong suspicion that the agent I spoke to is not coming back to me to pick up the call. I'm going to leave it until I've been holding for an hour and then hang up and call back.
Am utterly shocked that IHG still use a 4 digit PIN for security to the account, and can't quite believe that they're telling me that this was an authorised transaction.
I was wondering if anyone has any advice for me on how to proceed here - reading online it seems IHG have a real problem with account security.
I've also Tweeted IHG Service to see if they are able to provide any guidance -
Here's hoping someone can provide some guidance as to how I should handle this, especially if as I suspect, IHG don't seem interested (now been on hold almost 25 mins since I last spoke to the agent telling them that this was most certainly not authorised).
Ed
I've just logged into my account again, and this time 480,000 points were missing from my account. I called the IHG Rewards Club up again (whilst changing both my email and PIN again) and after they took me through security they confirmed that their system showed 480,000 points had gone from my account. When I asked what these points had been spent on, as per numerous threads on the internet, they had been used to purchase an Amazon Gift Card, to the value of 600 GBP after some basic maths.
The customer service rep that I was speaking to then told me that 'no fraud patterns' had been detected and that as far as they were concerned this was an 'authorised transaction' to which I asked 'authorised by whom' as it certainly wasn't me that spent points on an AWS Gift Card, and no-one else has access to the account. They said that they would check some further things out and that was 20 mins ago (I am writing this whilst on hold to IHG Rewards Service Centre, although I have a strong suspicion that the agent I spoke to is not coming back to me to pick up the call. I'm going to leave it until I've been holding for an hour and then hang up and call back.
Am utterly shocked that IHG still use a 4 digit PIN for security to the account, and can't quite believe that they're telling me that this was an authorised transaction.
I was wondering if anyone has any advice for me on how to proceed here - reading online it seems IHG have a real problem with account security.
I've also Tweeted IHG Service to see if they are able to provide any guidance -
Here's hoping someone can provide some guidance as to how I should handle this, especially if as I suspect, IHG don't seem interested (now been on hold almost 25 mins since I last spoke to the agent telling them that this was most certainly not authorised).
Ed
#2
Original Poster
Join Date: Nov 2008
Location: Ipswich
Programs: BA GGL, Royal Ambassador
Posts: 311
I've just given up after 55 mins on the phone (30 mins after the Customer Service Agent said that they would put me on hold and be right back). I have now re-dialled their Ambassador Services number +1 888 211 7996 and am being transferred to the 'Specialist Team' as the agent could see that something had already been flagged on my account.
So the call has just been picked up by the same agent 'supervisor' who originally spoke to me and put me on hold. Amazingly she really had put me on hold and was expecting me to wait for longer than the 30 min period that I waited for before giving up.
She has reiterated to me that it would appear that as far as they were concerned this was a 'valid' transaction, and said that the delivery email address for the voucher was the email address that they had on my profile, but I can find no record at all in any of my emails of any email suggesting that anything has been ordered.
The whole thing seems very very strange, IHG Rewards have closed (locked I think they meant) my account whilst the investigate further what has happened here - they assured me that they will call me back within 24hours. I will update this thread if/when I have further information, but I can't help but feel that IHG have a serious problem here !
So the call has just been picked up by the same agent 'supervisor' who originally spoke to me and put me on hold. Amazingly she really had put me on hold and was expecting me to wait for longer than the 30 min period that I waited for before giving up.
She has reiterated to me that it would appear that as far as they were concerned this was a 'valid' transaction, and said that the delivery email address for the voucher was the email address that they had on my profile, but I can find no record at all in any of my emails of any email suggesting that anything has been ordered.
The whole thing seems very very strange, IHG Rewards have closed (locked I think they meant) my account whilst the investigate further what has happened here - they assured me that they will call me back within 24hours. I will update this thread if/when I have further information, but I can't help but feel that IHG have a serious problem here !
#4
Original Poster
Join Date: Nov 2008
Location: Ipswich
Programs: BA GGL, Royal Ambassador
Posts: 311
So interestingly IHG are claiming that the Amazon Gift Card was sent to my email address that’s registered on my IHG Rewards Account, but I have nothing in my inbox, nothing in my Spam folder.
i could challenge them to confirm the email was sent via the headers, or I could ask them to cancel the Gift Card, but suspect privacy laws would prevent Amazon from disclosing where any purchases made were sent. Seems from research that these Gift Cards tend to be sold on to un-suspecting individuals rather than used by the fraudster.
Frustratingly IHG tweeted back saying that account security is one of their top priorities. Sadly given they use just a 4-digit PIN and no two factor authentication (which even my Uber app manages), I fear account security is actually very low down their features list.
Lets’ are what tomorrow brings from them if/when they call back.
i could challenge them to confirm the email was sent via the headers, or I could ask them to cancel the Gift Card, but suspect privacy laws would prevent Amazon from disclosing where any purchases made were sent. Seems from research that these Gift Cards tend to be sold on to un-suspecting individuals rather than used by the fraudster.
Frustratingly IHG tweeted back saying that account security is one of their top priorities. Sadly given they use just a 4-digit PIN and no two factor authentication (which even my Uber app manages), I fear account security is actually very low down their features list.
Lets’ are what tomorrow brings from them if/when they call back.
#5
Join Date: Mar 2012
Location: Isle of Sheppey, UK
Posts: 317
As usual when these things happen, I would look at your email account security first. I've a strong suspicion that these "hacks" are actually happening when people compromise your email account (either through phishing, use of a common password or use of a password used on a haveibeenpwned account), meaning it's the easiest thing in the world to reset PINs or change email address details so you don't get any more notifications etc.
Last edited by Retron; May 1, 2019 at 9:36 pm
#6
Join Date: Dec 2012
Location: YVR, HNL
Programs: AS 75k, UA peon, BA Bronze, AC E50k, Marriott Plat, HH Diamond, Fairmont Plat (RIP)
Posts: 7,828
As usual with these, I would look at your email account security first. I've a strong suspicion that these "hacks" are actually happening when people compromise your email account (either through phishing, use of a common password or use of a password used on a haveibeenpwned account), meaning it's the easiest thing in the world to reset PINs / change email address details so you don't get any more notifications etc.
#7
Join Date: Jan 2015
Location: UK
Programs: BA Nada, HH Diamond, IHG Spire AMB, Marriott Plat, Accor Gold
Posts: 510
IHG security is a joke and I’m paranoid about this very thing. My strategy takes a bit of care and planning; I make cancellable bookings for high end hotels 11 months away to leave my account ‘empty’, every 3 months or when I need the points I cancel and rebook.
#8
Join Date: Feb 2014
Programs: Amex Plat, Hilton Diamond, SPG Gold, Carlson Gold, CM Presidential / *A Gold, Hertz 5*
Posts: 1,643
If you use gmail: https://support.google.com/mail/answer/45938?hl=en
or google “gmail last account activity” and hit the result from google itself (might be the 2nd one)
or google “gmail last account activity” and hit the result from google itself (might be the 2nd one)
#9
Suspended
Join Date: Jul 2007
Posts: 4,477
If you use gmail: https://support.google.com/mail/answer/45938?hl=en
or google “gmail last account activity” and hit the result from google itself (might be the 2nd one)
or google “gmail last account activity” and hit the result from google itself (might be the 2nd one)
#10
Suspended
Join Date: Jul 2007
Posts: 4,477
OP if you are based in UK, please have a look at this website:
https://nationalcrimeagency.gov.uk/w...ts/cyber-crime
And then report this to Action Fraud, the web address is:
https://www.actionfraud.police.uk/
More people reports IHG's behavior the better.
https://nationalcrimeagency.gov.uk/w...ts/cyber-crime
And then report this to Action Fraud, the web address is:
https://www.actionfraud.police.uk/
More people reports IHG's behavior the better.
#11
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
If you had inspirational hotel like Bora Bora, even though points are replaced, you will not get award night rebooked as another IHGer will have grabbed it in minutes
Even low balances get hit, they just book+sell cheap award night. Though can't book/sell in greater china anymore as guest name needs match account holder name
Only benefit is a very low points balance can make acct look less rewarding to hacker-user, plus hotel staff no longer see high points balance which at some properties shows on either personalised welcome letter or is even written in pen on roomkey holder at checkin
#12
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
@TeamStorm once they have a valid acct number of a known high points balance hacker will target you again. best ask ihg for a new member-number
i can well believe ihg if they say the GC emailed to your email. Simply means it was your email that was compromised (email then used by hacker to access your ihg acct eg password reset)
If your email hacked, alas IHG will not replace stolen points as not IHGs fault
i can well believe ihg if they say the GC emailed to your email. Simply means it was your email that was compromised (email then used by hacker to access your ihg acct eg password reset)
If your email hacked, alas IHG will not replace stolen points as not IHGs fault
#13
Original Poster
Join Date: Nov 2008
Location: Ipswich
Programs: BA GGL, Royal Ambassador
Posts: 311
So update - as I sadly expected IHG have not given me the promise callback they 100% assured me that they would arrange.
There is nothing to suggest that my email has been compromised from what I can see, although I’d not considered that as an option. Will do some investigation around that.
I would still expect IHG to have immediately cancelled the Amazon Gift Card and refunded me the points, the longer they leave it, the less chance they have of doing so.
Will be so frustrated if IHG have no way to deal with this. I have already asked them why no basic features like two-factor authentication. If Uber can manage it, then IHG who are looking after ‘assets’ of mine worth Ł1000’s you would think, would care !
Will call them tomorrow why do I get the feeling I’m not seeing my points again.
Ed
There is nothing to suggest that my email has been compromised from what I can see, although I’d not considered that as an option. Will do some investigation around that.
I would still expect IHG to have immediately cancelled the Amazon Gift Card and refunded me the points, the longer they leave it, the less chance they have of doing so.
Will be so frustrated if IHG have no way to deal with this. I have already asked them why no basic features like two-factor authentication. If Uber can manage it, then IHG who are looking after ‘assets’ of mine worth Ł1000’s you would think, would care !
Will call them tomorrow why do I get the feeling I’m not seeing my points again.
Ed
#14
Join Date: Sep 2014
Location: DTW - Rochester Hills, MI
Programs: Cathay MPC, IHG Diamond Ambassador, Domestic Airline Nobody
Posts: 715
Can you request email logs from your server? If your email account is a corporate account, they might maintain them. Logs are kept on all inbound email, and we can go back maybe 7-10 days. This might be able to help tell if your email account had been compromised.
#15
Join Date: Dec 2010
Programs: Hilton Diamond, Marriott Titanium, Radisson Gold, Hyatt Globalist, M life Gold, IHG Spire
Posts: 918
That is one I cannot figure out. Twice in the last week the front desk staff hand wrote my points balance on the key-card holder at check-in. What advantage does IHG think this gives them? Because this has an obvious privacy/security issue.