QR data leak?
#1
Original Poster
Join Date: Jun 2018
Posts: 935
QR data leak?
Ive just received an email relating to 50% off the purchase of emails. Have checked the email address its come from - looks legitimate.
its: [email protected]
when clicking through the link, my phone popped up with a message stating that my account details were involved in a leak. It invited me to let the phone create a new password.
Anyone else had this?! Cant see it mentioned anywhere else at the moment.
its: [email protected]
when clicking through the link, my phone popped up with a message stating that my account details were involved in a leak. It invited me to let the phone create a new password.
Anyone else had this?! Cant see it mentioned anywhere else at the moment.
#4
FlyerTalk Evangelist
Join Date: Apr 2001
Location: MEL CHC
Posts: 20,920
Clicking links in emails is always dangerous
The legitimate address can be masquerading for a scam address
https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com
The legitimate address can be masquerading for a scam address
https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com
#5
FlyerTalk Evangelist
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,495
Clicking links in emails is always dangerous
The legitimate address can be masquerading for a scam address
https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com
The legitimate address can be masquerading for a scam address
https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com
This link masquerading is a common cause of trouble.
Better to never click on a link.
#6
FlyerTalk Evangelist
Join Date: Apr 2001
Location: MEL CHC
Posts: 20,920
#7
FlyerTalk Evangelist
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,495
#8
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,883
From what the OP has described, it sounds like a function of Google Chrome running your username and password through a database of known compromised credentials. It's hard to be certain but it sounds like it.
https://support.google.com/chrome/thread/23534509?hl=en
the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.
https://support.google.com/chrome/thread/23534509?hl=en
the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.
#9
FlyerTalk Evangelist
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,495
From what the OP has described, it sounds like a function of Google Chrome running your username and password through a database of known compromised credentials. It's hard to be certain but it sounds like it.
https://support.google.com/chrome/thread/23534509?hl=en
the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.
https://support.google.com/chrome/thread/23534509?hl=en
the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.
Google Chrome sends a popup warning when you login to Chrome (maybe to other Google applications).
#10
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,883
If the pop up happened after entering a username and password, then the behaviour is aligned with the Chrome compromised creds function. But if the pop up happened before a username and password was entered, then I agree it was probably a phishing site.
#11
Join Date: Oct 2015
Location: Economy, mostly :(
Programs: Skywards Gold
Posts: 7,801
It's trivial to sent any "From" email, I could send you an email right now appearing to be from @qatar.com. the only way to check the actual sender is via the message headers but as many companies use third party email sending tools even this isn't a foolproof way to ensure an emails veracity
#12
Original Poster
Join Date: Jun 2018
Posts: 935
It's trivial to sent any "From" email, I could send you an email right now appearing to be from @qatar.com. the only way to check the actual sender is via the message headers but as many companies use third party email sending tools even this isn't a foolproof way to ensure an emails veracity
Ive opened an enquiry with QR and theyve asked for a screenshot of the QMiles offer email, which Ive duly submitted.
Regarding the email header, I clicked through this to display the actual email address it was sent from (as I know I could send an email purporting to be from the White House, for example, if I wanted to).
Well see what QR come back with, but in the meantime Ill be changing my password via the legit website.
The email address it came from
#14
Original Poster
Join Date: Jun 2018
Posts: 935
Needless to say every account now has different passwords, which are significantly more robust.
#15
Join Date: Sep 2015
Location: BOS
Programs: Hyatt Glob/UA Gold
Posts: 601
It's just a good idea to have separate passwords for all of your points & miles & financial accounts (+ google) and to change them every 3-6 months at least.