SMS Login Verification - Argh

[drron]

Evidence please. Happy to consider this scenario with some evidence.....

So the suggestion is that some poor person buys a ticket from a "travel agent", pays cash for the ticket, but the travel agent actually uses stolen points instead of the cash? And when the victim receives the e-ticket he/she is so stupid they don't see that the amount is $36 instead of the amount he/she was quoted? Unless of course the dodgy travel agent doctored up the e-ticket to hide this fraud.... in which case this is just so convoluted and so many laws have been broken that the stealing of points is the least of your concerns. If such a travel agent existed, why go through the trouble of using stolen points to issue a ticket for which you have doctored anyway? One might as well take the cash and just create a false ticket.....

There have been quite a few threads on AFF where this has happened.
Also documented on sites such as Flyertalk.

 

[Max Samuels]

How enduring power of attorney documents enable children to rip off the elderly (16 Dec 2018 ABC)

The theme of that story, is younger / more computer and legal stuffs OK relos, are stealing from older / less computer OK / less legal OK relos. This story makes me angry, but well, human nature.

Ok..... so I think that anybody with enduring power of attorney also has the power to change the contact phone number of an account - in fact I know this to be true. So in this case, 2FA wouldn't help my poor old life time gold 99yo mother, because with EPA, I in fact changed her registered contact number to mine, so the SMS comes to me anyway.

I don't think this is quite the type of stealing I was referring to. I was referring to good old fashioned crime gangs hacking my FF account and doing transfers to themselves etc. I just don't think it is a "thing".

 

[Max Samuels]

There have been quite a few threads on AFF where this has happened.
Also documented on sites such as Flyertalk.

Anecdotes on blogs and forums are not evidence.

 

[Max Samuels]

Imagine just 1 example of this, son stealing points and pretending to be retired father with life time gold, used his points, fly, lounge. A year later, father found all his points emptied out. Herald Sun, Today Tonight. What sort of a PR mess is Qantas going to have to clean up?

I think the bigger problem would be for the son, who flies under an assumed identity - big no no. When he gets busted he's off to jail.

 

[drron]

And here is an AFF article on it.

Dodgy Travel Agent Pockets Airfare

12 April, 2018

www.australianfrequentflyer.com.au

 

[drron]

And here is where you can get points.

Free local classified ads

Find qantas frequent flyer points ads. Buy and sell almost anything on Gumtree classifieds.

www.gumtree.com.au

Ozbargain used to do this as well but seems to have cut it out presumably due to pressure from QF.

 

[Max Samuels]

And here is an AFF article on it.

Dodgy Travel Agent Pockets Airfare

12 April, 2018

www.australianfrequentflyer.com.au

"A dodgy travel agent has been caught allegedly taking payment for Business class airfares while using their own frequent flyer points to make the booking."

Yeah - but this agent didn't steal any points. He/she used their own points and pocketed the cash.
This is completely different to the scenario of using 2FA tp stop someone stealing/using your points.

While this kind of behaviour is still terrible, 2FA would not have made a difference as the purchaser of the tickets (the agent) was using his/her own points and own account.

I know this happens a lot with US carriers as one doesn't need to be an "eligible family member" to redeem points. A friend of mine used to regularly pay $3k for return tix to the US on United using another person's points...

 

[Beano]

I manage my family's Qantas account and regularly "steal" their points, with their full knowledge off course. Then they get them back when I book reward flights for them. (they don't generate enougfh points and are often timed-out). I travel regularly.

I'll have to add my mobile number to their profiles. My email address is already there. Hope it still works.

 

[drron]

"A dodgy travel agent has been caught allegedly taking payment for Business class airfares while using their own frequent flyer points to make the booking."

Yeah - but this agent didn't steal any points. He/she used their own points and pocketed the cash.
This is completely different to the scenario of using 2FA tp stop someone stealing/using your points.

While this kind of behaviour is still terrible, 2FA would not have made a difference as the purchaser of the tickets (the agent) was using his/her own points and own account.

I know this happens a lot with US carriers as one doesn't need to be an "eligible family member" to redeem points. A friend of mine used to regularly pay $3k for return tix to the US on United using another person's points...

Then there are the gumtree ads.Used to happen on Oz bargain as well.Plus probably other sites as well.on Oz bargain there were a couple of characters that would buy your points-any amount.So what were they doing with those points?And these are QFF points not some US airline.
Unfortunately there are some bad people out there.

 

[downgraded]

I totally agree. They should have sent comms out at least a month in advance. They have been bombing my e-mail with junk everyday, yet they couldn't send 1 single comm out about this. This is poor form. If I did this at my work, I would get more than a boot up my blackhole.
is the least of your problem.

They did. I've been reminded repeatedly to update my details because 2FA was coming.

 

[Pushka]

They did. I've been reminded repeatedly to update my details because 2FA was coming.

Interesting. I was never notified 2 years ago that I was selected as part of the pilot testing. And no one in our family was notified that it would be switched on this week. Haven’t heard anything about this for ‘non pilot’ people in months. Given I currently get bombarded with 3 or 4 emails from Qantas a day about trivial stuff that is of no interest, then for something that has impact on ability to access the account and we get nothing but crickets.

 

[Chicken]

Evidence please. Happy to consider this scenario with some evidence.....

See the article I link to. All traceable, this kind of crime is so stupid, yet, people still do it.

Yipee, I'm now a "member". This was my "Status Run"

 

[Chicken]

They did. I've been reminded repeatedly to update my details because 2FA was coming.

I have no idea about this, never saw any e-mail.

If Qantas can't even send comms out properly, then people need to drop their expectations

 

[downgraded]

I have no idea about this, never saw any e-mail.

If Qantas can't even send comms out properly, then people need to drop their expectations

It was in both the May and June Qantas points and news FF statements/emails.

 

[Chicken]

It was in both the May and June Qantas points and news FF statements/emails.

It is possible that I missed them; however, I do read all my e-mail properly, especially from Qantas and banks or similar, because you never know what they could hide in those e-mail, then later on go "We told you!"

 

[whughes3]

Since the change came in, I have logged in a few times using the "questions"; now it is no longer asking me for any supplementary login info at all, just FF#, name and PIN get me in as they did previously.

 

[Happy Trails]

It was in both the May and June Qantas points and news FF statements/emails.

Just checked my May and June emails and it's not mentioned.
Maybe it's targeted?

 

[Chicken]

Just checked my May and June emails and it's not mentioned.
Maybe it's targeted?

Targeted FF program enhancement LOL

 

[JFi]

Was also mentioned in May and June emails for me.
May one says "New two-step verification process" and June one says "Two-factor authentication launching 15 Jul 2019"

 

[Himeno]

Wasn't mentioned on mine.