QR data leak?
 

I’ve just received an email relating to 50% off the purchase of emails. Have checked the email address it’s come from - looks legitimate.

its: [email protected]

when clicking through the link, my phone popped up with a message stating that my account details were involved in a leak. It invited me to let the phone create a new password.

Anyone else had this?! Can’t see it mentioned anywhere else at the moment.

qatar probably detected that the same username and password you use for Qatar were also used on another website that was compromised.

It's best to check if the email is actually theirs by completing a 'general enquiry' form. Also change your QRPC password on qatarairways.com.

Clicking links in emails is always dangerous
The legitimate address can be masquerading for a scam address

https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com

Indeed.
This link masquerading is a common cause of trouble.
Better to never click on a link.

So giving your new password & details to a scammer?

Wise suggestion.
It could be a real email from QR or a scam.
But asking your phone to self-generate a password is weird.

From what the OP has described, it sounds like a function of Google Chrome running your username and password through a database of known compromised credentials. It's hard to be certain but it sounds like it.

https://support.google.com/chrome/thread/23534509?hl=en

the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.

I doubt. According to the OP he received a message sent apparently from some QR mailbox.
Google Chrome sends a popup warning when you login to Chrome (maybe to other Google applications).

If the pop up happened after entering a username and password, then the behaviour is aligned with the Chrome compromised creds function. But if the pop up happened before a username and password was entered, then I agree it was probably a phishing site.

It's trivial to sent any "From" email, I could send you an email right now appearing to be from @qatar.com. the only way to check the actual sender is via the message headers but as many companies use third party email sending tools even this isn't a foolproof way to ensure an emails veracity

Hi All, thanks for your replies. Very helpful to get other people’s two cents.

I’ve opened an enquiry with QR and they’ve asked for a screenshot of the QMiles offer email, which I’ve duly submitted.

Regarding the email header, I clicked through this to display the actual email address it was sent from (as I know I could send an email purporting to be from the White House, for example, if I wanted to).

We’ll see what QR come back with, but in the meantime I’ll be changing my password via the legit website.


https://cimg4.ibsrv.net/gimg/www.fly...1bedae22a7.png
The email address it came from

https://cimg5.ibsrv.net/gimg/www.fly...3e8c545aa.jpeg
The email... with private details removed

Confirmed, not solely related to QR. A genuine issue was picked up.

Needless to say every account now has different passwords, which are significantly more robust.

This is always a good time: https://haveibeenpwned.com/. I find myself in new breaches every 3-4 months. It is legit, they check your email only, but can give you info about whether your password was part of the breach, and whether it was stored in cleartext or encrypted, sometimes how likely it is that your password has been cracked using rainbow tables, etc.

It's just a good idea to have separate passwords for all of your points & miles & financial accounts (+ google) and to change them every 3-6 months at least.