Scams like these

I had my work email compromised when I clicked on a pdf I shouldn't have. I was bombarded with about 2500 emails in a 12hr period (which is practically a respite compared to Vinomofo), most from seemingly legit websites asking me to activate or confirm my new account.

Then my VFF was hacked. No idea how they got my VFF account number. They didn't do any damage but had changed the contact email, which I realised when I couldn't access the account and didn't receive any link to 'rest the password'. VFF were very efficient in sorting it out, but only because it was business hours. Why VFF don't have 2FA is a question I'll be putting to them. So now I'm somewhat nervously awaiting the next hack which is a bit like having the Sword of Damocles over my head.
Very sorry. Just so we can learn from this, was the pdf attached to an email and only that email address compromised? i.e. didn't compromise all email address on the Outlook or whatever email client being used?
 
Celebrate Our 103rd Year with a Special Gift Just for You!

Nominally a Qantas bonus points offer with a NAB rewards card.
The claim now button did not show a destination URL like most links and seeing that the email came from a user with a .fr domain, I reported as SPAM
and deleted it

Even that was likely too much in the way of wandering
Fred
 
"Hi Danger,

My great uncle thrice removed, has passed and left me 1.5 million Qantas Frequent Flyer points, which because I am in a generous mood I feel like passing onto you. Please forward me at your earliest convenience your full name, your FF number, your PIN, your CC number and your mothers maiden name, and I would be happy to transfer those points into your account...

Regards

Your new best friend."
lol… good try 👍🏻
 
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Very sorry. Just so we can learn from this, was the pdf attached to an email and only that email address compromised? i.e. didn't compromise all email address on the Outlook or whatever email client being used?
It was attached to an email that was very similar to one that's received from a company printer when sending a scanned doc. I have a colleague with a very (very!) similar name and we often get each other's emails. Hence I opened the pdf.

Our IT dept has taken little interest, other than sending a warning email several hours after the spam was received - which suggests that more than me opened the pdf. They don't know if other emails in my contact list have been compromised or if the spammers have viewed my emails. They've only advised me to contact VA with queries about IP's, access times etc and to feedback on the apparent ease of access to my account. The spamming has slowed to a trickle, maybe 10 a day, and the filter gets most of those. We have 2FA for accessing outlook via the web but I haven't received any notifications.

I am worried about hacks in the future, mainly because I use my work email for pretty much everything, including personal uses (banking, super, shares, and shopping etc etc).
 
Yair, I think look to change the VFF log in password would be of most importance.
But on the other hand, to change VFF password, they would need to get a hold of your date of birth, tho, if I am not mistaken.
They do have your email address, which is one thing, but if they dont know your date of birth, it will be harder.
I think when I changed my VFF password a few days ago, it asked for more details than just email address and VFF #.
 
Yair, I think look to change the VFF log in password would be of most importance.
But on the other hand, to change VFF password, they would need to get a hold of your date of birth, tho, if I am not mistaken.
They do have your email address, which is one thing, but if they dont know your date of birth, it will be harder.
I think when I changed my VFF password a few days ago, it asked for more details than just email address and VFF #.
On the VFF website, if you don't your member number, you need to provide first/last names and email. My work email is my first name initial and last name. They could probably get my name from the company website. Of course, the return email from VFF should have gone to my work email. But they were able to change that somehow. When I called, I entered my VFF # and told them I was hacked - no security questions etc.

As for resetting password, VFF ask for first/last names and member number. They tried to do this because I received notification emails after I had changed it back from theirs. I've since changed it to a different email.
 
Ta for that one.
---
Have always typed in my VFF # into the website.
---
Come to think of it, they could also download one of the type keyboard tracker things too.
 
It was attached to an email that was very similar to one that's received from a company printer when sending a scanned doc. I have a colleague with a very (very!) similar name and we often get each other's emails. Hence I opened the pdf.

Our IT dept has taken little interest, other than sending a warning email several hours after the spam was received - which suggests that more than me opened the pdf. They don't know if other emails in my contact list have been compromised or if the spammers have viewed my emails. They've only advised me to contact VA with queries about IP's, access times etc and to feedback on the apparent ease of access to my account. The spamming has slowed to a trickle, maybe 10 a day, and the filter gets most of those. We have 2FA for accessing outlook via the web but I haven't received any notifications.

I am worried about hacks in the future, mainly because I use my work email for pretty much everything, including personal uses (banking, super, shares, and shopping etc etc).
Perhaps, an opportune time to create a specific email for exclusive banking/super/et c. use.
Not even my VA account is in my "most critical" email address (although it is in my 2nd most).

I didn't realize that PDFs were so vulnerable/malicious, I'll practice scanning before opening but I thought win defender would do that, apparently not. Can a PDF have a virus? How to protect online file security
 
Tried something different this trip to Thailand. Didn't pre-book any taxis and used Bolt from airport to Pattaya and from Pattaya to Airport.

At BKK airport someone accepted the job for 900 baht but cancelled quickly and I still don't understand how another one picked up the job quickly, called me and asked cash/card and offered 1100 baht. I took it as I wanted out of there.

From Pattaya someone picked up the job quickly but they look to be an agent as the photo was that of a lady and the person calling was a man but they also asked cash/card. They offered 1200 baht but I countered with 1100 baht. Job accepted, totally different number plate to Bolt call and they took close to 30 minutes to arrive citing traffic. The car was a total rattler.

So looks like they are bypassing Bolt controls and running their own little scam service with junk vehicles. Corruption is a way of life here.

Wife/daughter with me next time and we'll pre-book with the service we've used in the past. A little pricier but reliable.

By the way Bolt/Grab for short local trips still appears to be OK.
 
Tried something different this trip to Thailand. Didn't pre-book any taxis and used Bolt from airport to Pattaya and from Pattaya to Airport.

At BKK airport someone accepted the job for 900 baht but cancelled quickly and I still don't understand how another one picked up the job quickly, called me and asked cash/card and offered 1100 baht. I took it as I wanted out of there.

From Pattaya someone picked up the job quickly but they look to be an agent as the photo was that of a lady and the person calling was a man but they also asked cash/card. They offered 1200 baht but I countered with 1100 baht. Job accepted, totally different number plate to Bolt call and they took close to 30 minutes to arrive citing traffic. The car was a total rattler.

So looks like they are bypassing Bolt controls and running their own little scam service with junk vehicles. Corruption is a way of life here.

Wife/daughter with me next time and we'll pre-book with the service we've used in the past. A little pricier but reliable.

By the way Bolt/Grab for short local trips still appears to be OK.
These rideshare issues boil up the blood and is not limited to Bolt or Thailand. They do tend to be more prevalent when an airport is involved.

I never answer the phone after making a booking and always report drivers that try any of this. I figure the company would want to know that their platform is being used by leeches to capture customers phone numbers.

They need to have a better system so drivers can't accept a job, and then cancel if they don't like the fare and/or call to make a deal that's worse for the customer.
 
I think in 2022-2023 I remember seeing a couple of Indians in Pattaya 2nd Road trying to stop me as they have an answer to my big belly. I didn't bother chatting to them.

This trip there a lots of them. Soi Buakhow and 2nd Road. "Uncle, uncle" they call out then pointing to my belly. I don't bother stopping/listening but they've got some special herb that will get rid of my fat belly.

There may also be other scams. I must look stupid enough.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top