Fraud on Velocity Frequent Flyer accounts

[sharkiesrule]

You've done well. I'm a week into trying to get de-linked from 7-Eleven now. I need to call Velocity now actually to see where they're at with getting that done. Yesterday I got a plethora of "Your Velocity details have been updated" e-mails. I called and was told it was Velocity staff themselves hacking my account this time trying to get it extricated out of 7-Eleven. Today though, the 7-Eleven app still says it's linked to Velocity, so whatever they were doing, didn't work.
One thing's for sure, I will not be linking the new account to 7-Eleven. 7-Eleven is like a scathing case of herpes, you can never get rid of them!

My process to de link was.

• VFF rep validated identity and all info on the old account (pre-compromised).
• VFF rep unlocked old account and generated a password reset to original email address.
• I reset password.
• I deactivated Fly Buys link through VFF portal.
• I delinked 7/11 through 7/11 app.
  • Required login in to 7/11 app.
  • Navigating to "More"
  • Selecting Velocity link
  • Delink Velocity account
  • Login again to 7/11
  • Then transferred to Velocity login and entered credentials for old account.
  • Removed.
• Once completed agent locked old VFF account.
• I added linkage to both on new VFF account.

 

[sharkiesrule]

further to updates, here's what my transaction history looks like now on my new VFF account number:

Activity date	Process date	Description	Velocity Points	Status Credits	My Commentary
4-Oct-2024	4-Oct-2024	Congrats! First time activate offer bonus points	+10	–
4-Oct-2024	4-Oct-2024	Congrats! First time favourite brand bonus points	+10	–	First transaction on new VFF account number
3-Oct-2024	3-Oct-2024	VELOCITY POINTS - VIRGIN MONEY	+1,507	–	Last transaction on compromised VFF account
5-Aug-2024	30-Sep-2024	Virgin Australia High Flyer 3 Status Credit Bns	–	+3
1-Aug-2024	30-Sep-2024	Virgin Australia High Flyer 3 Status Credit Bns	–	+3
19-Sep-2024	20-Sep-2024	American Express Velocity Card Points Earn	+9,471	–
7-Aug-2024	12-Sep-2024	Refund - NH159, New York (JFK)-Haneda, All Nippon Airways	+264,400	–	FRAUD REVERSAL
31-Aug-2024	10-Sep-2024	flybuys 4 Status Credit Earn	–	+4
3-Sep-2024	3-Sep-2024	VELOCITY POINTS - VIRGIN MONEY	+2,133	–
8-Aug-2024	22-Aug-2024	Virgin Wine SO001014009	+539	–
19-Aug-2024	20-Aug-2024	American Express Velocity Card Points Earn	+10,005	–
31-Jul-2024	17-Aug-2024	flybuys 6 Status Credit Earn	–	+6
3-Aug-2024	8-Aug-2024	VELOCITY POINTS - VIRGIN MONEY	+6,068	–
3-Aug-2024	8-Aug-2024	Virgin Money High Flyer VA Bonus Points	+7,728	–	First transaction post account lock/ investigation
7-Aug-2024	7-Aug-2024	NH159, New York (JFK)-Haneda, All Nippon Airways	-264,400	–	FRAUD
5-Aug-2024	5-Aug-2024	VA1140, Ballina (Byron)-Sydney, Virgin Australia	+745	+15	Last transaction before fraud

 

[jsoprano]

Any SC or points earned during the suspended timeframe were credited to the old account.

Along with the balance transfer to the new VFF account number, all historical transactions are listed. I can see

Whilst I imagine if anything is missing it would be a painful challenge to recover, I assume it will be possible. Once my migration was complete, the old account was deactivated once again.

Travel Credits, if exist, remain tied to the old account details. Apparently, you can use them at checkout when booking. Future travel credits will flow to the new VFF account. I'll verify when I get a chance to book.

It is on you though to update to your new VFF account any non-linked earns. AMEX, Virgin Money, Virgin Wines etc I had to change myself through respective portals.

That's great to know, thank you for all the info! And a good reminder re the other earning partner, hadn't thought about this yet (it's only Amex and Virgin Money for me I think, not doing FlyBuys, 7Eleven, Wines etc.). But I will make sure to doublecheck when the time comes around.

Given one ends up with a new account, for Platinums does one get a second chance for car-rental and Hilton / IHG status matches? That would at least be a tiny bonus out of the entire saga.

 

[JohnK]

What there almost certainly is, is a group of people acting as agents in countries with lax regulation. Possibly offering these seats at retail as a cut price to unsuspecting buyers, or maybe involved in people/drug trafficking or other nefarious dealings.

All the more reason to come down on them hard.

If you're selling tickets with stolen airline points (or even stolen credit cards) you've forfeited your right to live and breathe the same air as the rest of us.

How do you catch them? Follow money trail. Not hard if you know where to look.

 

[Stone]

"Qantas Frequent Flyer customers caught in major cyber theft as police called"

The above is a headline from The Australian.

"The Weekend Australian can reveal two third-party airport contractors in India have been suspended by their employer for inappropriate conduct, which involved accessing and making unauthorised changes to Qantas customer bookings. The contractors worked for Air India SATS, a joint venture between India’s main airline and SATS, which is Singapore’s biggest ground handling company."

Maybe linked, who knows??? Obviously a negative Qantas headline sells more papers than a negative Virgin headline.

 

[33kft]

Maybe linked, who knows??? Obviously a negative Qantas headline sells more papers than a negative Virgin headline.

From the article, multiple airlines were impacted:

Qantas said the fraud occurred because it operates flights to India where it uses a ground handling operator. It alleges staff at the local ground handling operator were able to access bookings – unrelated to India flights – and steal passengers’ information.
Qantas has since referred the attack to local Indian police and admitted customer data has been compromised by the unfolding cyber hack.
Qantas alleges the individuals were fraudulently stealing valuable frequent flyer details in their bookings. The frequent flyer theft has hit several airlines, including around 800 Qantas bookings over several weeks.
“We apologise to our customers who have been caught up in this fraudulent activity, which has impacted a number of airlines,” Qantas said in response to questions from The Weekend Australian.

I'm not sure if VA would have been impacted as they don't fly to India, I'd also question how having access to Amadeus data would allow the stealing of points unless they were subbing out alternate QFF account numbers, as has been speculated for other airlines recently. 2FA should still protect QFF data such as points transfers and bookings, but yet another outcome of the mess that is GDS platforms is the relative ease in which someone with access in a small airport in timbuktu can potentially alter bookings for tens or hundreds of airlines simply because they're contracted to check in for those airlines in one location, and GDS data seems to have little to no guardrails around access and manipulation.

 

[odysseus]

From the article, multiple airlines were impacted:



I'm not sure if VA would have been impacted as they don't fly to India, I'd also question how having access to Amadeus data would allow the stealing of points unless they were subbing out alternate QFF account numbers, as has been speculated for other airlines recently. 2FA should still protect QFF data such as points transfers and bookings, but yet another outcome of the mess that is GDS platforms is the relative ease in which someone with access in a small airport in timbuktu can potentially alter bookings for tens or hundreds of airlines simply because they're contracted to check in for those airlines in one location, and GDS data seems to have little to no guardrails around access and manipulation.

That would be the way. I've seen stories from others where they had a booking with their FF entered, but when they got their boarding pass had another FF showing. They then tried to correct afterwards, but found it was refused due to points being credited, and were able to find out that a fake new account had been set up in their name, but not with their contact details, to which the points were credited.