Fraud on Velocity Frequent Flyer accounts

I love the 2FA from a personal point of view, but not for those using a Travel Coordinator.
 
I get those random 2FA texts as well, turns out mine are from access by Award Wallet to update details of flights and points held.
Makes sense. My awardwallet account has a few months before renewal (which won't be happening).

I might can it early.
 
Makes sense. My awardwallet account has a few months before renewal (which won't be happening).

I might can it early.
Which makes me think: could AwardWallet (or similar services) be the vulnerability where the credentials were obtained/stolen in the first place? I do have an AwardWallet account still but have not been actively using it. Should probably just wipe it clean.
 
I have now cancelled Award Wallet - they were going to put the price up from the very cheap $5USD they have been charging me to about $50USD. Yeah nah!

Plus I am not sure how they will overcome 2FA as it is currently implemented.

I really like the Trip function in Award Wallet though as it essentially builds out a trip list of all bookings - Flights, Hotels, Rental Cars, Activities etc. just by monitoring my email - so I'll miss that!
 
For that functionality I recommend TripIt.
Just fwd bookings etc to [email protected]

They used to have a monitoring feature with some email providers like Gmail but this got discontinued due to security risks.
Was just about to recommend the same, I have a TripIt Pro account through work nowadays but been using the free version for probably 10+ years and it's great to keep everything - flights, hotels, car rental, events etc. - in one place with a customised itinerary.
 
First time using my account today in months. requested code to be sent by SMS, twice. And failed.

Got it to email.

Useless system if they can’t deliver to an aussie number.
 
For that functionality I recommend TripIt.
Just fwd bookings etc to [email protected]

They used to have a monitoring feature with some email providers like Gmail but this got discontinued due to security risks.
When did they remove the email monitoring? I've got all my trips booked earlier this year which could have only come from the monitoring.

will have to remember to forward future bookings.
 
As many have mentioned... close, yet so far... why not offer 2FA with a standard Authenticator App? Far safer than SMS or Email. And can be used offline so you don't need to have your phone number active... say when you're travelling and using another SIM.

Even QANTAS allows he use of Authenticator apps. But they also only let you set a 4-digit number as your "account password".... so let's not give QF too much credit.
 
Even QANTAS allows he use of Authenticator apps. But they also only let you set a 4-digit number as your "account password".... so let's not give QF too much credit.
This is the second time I've seen this take in as many days on here and I think it's a really bad one, tbh. Qantas requires 3 details - a FF #, surname and a PIN and to be honest it's going to be one of the most effective security controls out there, since it's so unique.

Look what happens when sites allow customers to use their email address and a user defined password - human nature dictates that many re-use the same credentials over and over, so as soon as one leaks, you have access to their entire set of accounts. The idea that everyone does the exact same thing - e-mail as the key and minimally bound password complexity controls has resulted in the same outcome time after time.

As it turns out, these 3 QFF details are not trivial details to obtain - which is made all the more clear in the lack of a similar thread on these forums for Qantas, and the fact that we aren't bombarded with MFA codes on the regular due to weak authentication in the first instance.
 
Last edited:
Australia's highest-earning Velocity Frequent Flyer credit card: Offer expires: 21 Jan 2025
- Earn 60,000 bonus Velocity Points
- Get unlimited Virgin Australia Lounge access
- Enjoy a complimentary return Virgin Australia domestic flight each year

AFF Supporters can remove this and all advertisements

First time using my account today in months. requested code to be sent by SMS, twice. And failed.

Got it to email.

Useless system if they can’t deliver to an aussie number.
Each time I make a booking while logged into my Velocity account, I notice my number is populated as +61 614XX xx_ xx_ with a 61 prefix in addition to the country code which I then manually overwrite. I think others may have experienced the same issue.

I had to speak to the call centre today on an unrelated matter and was asked to confirm my number. They mentioned about updating it to a standard format and it now seems to have removed the 61 prefix, so this may be why you didn't receive the SMS. Try contacting the call centre?
 
Last edited:
Each time I make a booking while logged into my Velocity account, I notice my number is populated as +61 614XX xx_ xx_ with a 61 prefix in addition to the country code which I then manually overwrite. I think others may have experienced the same issue.

I had to speak to the call centre today on an unrelated matter and was asked to confirm my number. They mentioned about updating it to a standard format and it now seems to have removed the 61 prefix, so this may be why you didn't receive the SMS. Try contacting the call centre?
Thanks! I’ll have a look at that!
 
Each time I make a booking while logged into my Velocity account, I notice my number is populated as +61 614XX xx_ xx_ with a 61 prefix in addition to the country code which I then manually overwrite. I think others may have experienced the same issue.

I had to speak to the call centre today on an unrelated matter and was asked to confirm my number. They mentioned about updating it to a standard format and it now seems to have removed the 61 prefix, so this may be why you didn't receive the SMS. Try contacting the call centre?

I called about something unrelated last week and the guy also wanted to update the format of the phone number on my profile. They must have been briefed that this was coming.
 
I called about something unrelated last week and the guy also wanted to update the format of the phone number on my profile. They must have been briefed that this was coming.
Same here.
This time agent said we needed to do it.
Was just removing "0" from front of number
Have spoken with Velocity by phone a few times recently and each time they asked urgently if my details were correct.
Of course I said yes as i thought they they were fine
Perhaps they now are flagging these accounts with incorrectly formatted phone numbers.
 
Add me to the list :'(
Here's another data point for the thread:

Update to my situation.

Called to clarify something and was told that I had already been sent an email with instructions (I hadn't). But the friendly chap said I just needed to make a new account and he would merge them. Wasn't expecting that since it's only been a week or so, but perhaps they're just clearing the backlog now that 2FA is in...

Pretty painless process - he had me unlink flybuys/7-11, asked if we could use a different email, set up a new security question and then he merged the accounts.

All the history was in there, including yesterday's flight points/SCs and a reversal of the fraud points taken. As far as I can tell the accounts look identical/as though nothing has happened - just a different account number.

If anyone is still waiting in limbo expecting a '30 day' resolution, night be worth giving them a buzz...

(Edit: in line with other reports, seems to operate like a brand new account for the purposes of earning bonuses like 100pts for signing into the app for the first time!)
 
Last edited:

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top