Fraud on Velocity Frequent Flyer accounts

AIRwin · Tuesday at 7:37 AM

kpc said:
Va have now introduced MFA...finally!

FAQ on MFA:

MFA Help Hub Service Message

www.velocityfrequentflyer.com

Flyerwin · Tuesday at 8:16 AM

Flyerwin said:
Virgin, why not just implement 2FA?

Thanks Virgin for reading AFF and finally setting up 2FA.

FishFood · Tuesday at 8:57 AM

Would prefer a MFA factor that isn't vulnerable to SIM swapping or phishing but any MFA is better than none, good job Virgin

mel-world · Tuesday at 9:05 AM

My code came to my email so no issue with SIM swapping. Guess it depends on how you want to receive communications from VA. About time but easy enough.

SydneySwan · Tuesday at 9:50 AM

I imagine one of the Virgin directors must have got hacked so it suddenly became a priority.

ben95 · Tuesday at 10:46 AM

SydneySwan said:
I imagine one of the Virgin directors must have got hacked so it suddenly became a priority.

I got the feeling that it’s coming since a few weeks ago that banner asking you to keep your information up to date showed up.

I was not wrong.

ferntree · Tuesday at 11:10 AM

Good to have it, but would have appreciated at least a few days' advance warning. Seems to have just a hint of panic about it!

Happy Dude · Tuesday at 11:54 AM

ben95 said:
I got the feeling that it’s coming since a few weeks ago that banner asking you to keep your information up to date showed up.

I was not wrong.

Or you could have been equally not wrong as the rest of us in October when it was posted here that 2FA was coming in December

Legoman · Tuesday at 12:08 PM

FishFood said:
Would prefer a MFA factor that isn't vulnerable to SIM swapping or phishing but any MFA is better than none, good job Virgin

Be careful what you wish for because the next step is passkeys that can only be accepted with biometric information like face scans or fingerprints. What would you prefer the next hack to capture about you? Your e-mail address and an anonymous PIN that you can relatively easily and cheaply reset? Or would you prefer the hackers to get your facial and fingerprint identity and have that permanently distributed and sold on the dark web instead?

pauly7 · Tuesday at 12:15 PM

SydneySwan said:
I imagine one of the Virgin directors must have got hacked so it suddenly became a priority.

Or an MP….

Legoman · Tuesday at 12:17 PM

pauly7 said:
Or an MP….

Don't be silly, all the MP's have comp'd Chairman's Lounge membership <redacted>. They wouldn't be seen dead in a Virgin Lounge

johnjones878 · Tuesday at 12:54 PM

Does this mean they're gonna resume online family transfers then?

Flyerwin · Tuesday at 1:27 PM

mel-world said:
My code came to my email so no issue with SIM swapping.

I changed mine to SMS. I always thought SMS is safer and more secure than email. Maybe I'm wrong? Obviously I prefer an authenticator app, like QF does.

HeavyElectricity · Tuesday at 1:28 PM

Legoman said:
Be careful what you wish for because the next step is passkeys that can only be accepted with biometric information like face scans or fingerprints. What would you prefer the next hack to capture about you? Your e-mail address and an anonymous PIN that you can relatively easily and cheaply reset? Or would you prefer the hackers to get your facial and fingerprint identity and have that permanently distributed and sold on the dark web instead?

This is all very wrong information and isn't how passkeys work. Please don't spread around FUD.

mel-world · Tuesday at 4:07 PM

Flyerwin said:
I changed mine to SMS. I always thought SMS is safer and more secure than email. Maybe I'm wrong? Obviously I prefer an authenticator app, like QF does.

Does anyone have an opinion on whether Email or SMS is better for 2FA? I'd prefer an authenticator app as well but interested in others thoughts.

Legoman · Tuesday at 4:13 PM

mel-world said:
Does anyone have an opinion on whether Email or SMS is better for 2FA? I'd prefer an authenticator app as well but interested in others thoughts.

Use whichever one gets to your device quicker and is easier to retrieve and enter. This could be either now that Telstra have shut down 3G. The answer used to be an easy SMS was faster and more reliable, but now it very much depends on your phone and where you are relative to the 3G crevices and black holes that now exist everywhere that 4G/5G doesn't reach into. Email will probably be much more reliable, but far slower and more onerous to access.

simmomelb · Tuesday at 4:22 PM

mel-world said:
Does anyone have an opinion on whether Email or SMS is better for 2FA? I'd prefer an authenticator app as well but interested in others thoughts.

As long as others don't have access to your email, either are just as secure if you have your phone or email well locked down.
Most of the major email servers, such as those from Microsoft and Google are very secure now, if you've taken the right steps, such as using their respective authenticator apps.

pauly7 · Tuesday at 7:36 PM

Legoman said:
. They wouldn't be seen dead in a Virgin Lounge

True, except the ones Qantas banned

Bagpuss · 2024-12-11T11:37:06+1100

I wonder if the MFA implementation is to do with the new tie up with Qatar.

The application referenced being able to sell tickets from today (11st December) and internally it may have decided this was a prerequisite with concerns over fraud with the new services prior to ticket sales / increase in frequent flyer availability on flights.

burmans · 2024-12-11T13:17:25+1100

Personally I think it’s more likely that with a known security hole this knowledge can only spread and it was starting to cost them enough to hurt.

Fraud on Velocity Frequent Flyer accounts

Enthusiast

Intern

Member

Active Member

Established Member

Member

Active Member

Established Member

Active Member

Senior Member

Active Member

Junior Member

Intern

Active Member

Active Member

Active Member

Active Member

Senior Member

Established Member

Senior Member

Become an AFF member!

AFF forum abbreviations