Last night, when I got home from work, there was a voicemail on my home machine. The woman identified herself as Janet from the Corporate Security Department at United Airlines. She noted suspicious activity on my MileagePlus account and asked if I had authorized the purchase of Amazon Gift Cards from the account. She left her phone number, but she was gone by the time I tried to call back. I left a return message.
This morning, I received another call from United Airlines. This time, the agent, Veronica, asked if I’d purchased an international ticket with miles from Algeria to Istanbul, and made a hotel reservation, all with miles, for someone named Mohad. Who? What? Of course not.
My account had been fraudulently compromised. Someone tried to steal my miles. I had been violated.
I am thankful to United Airlines for it’s careful monitoring. I promise I won’t say #unfriendly skies for at least one month. I have no idea how this happened, and neither did United Airlines, though the agent said most often it is from a smartphone that is “open.”
United Airlines followed up with an email instructing me to change my user name, my password and my security questions:
Please be advised your account was compromised. The miles should be restored back to your account within 5-7 business days. We temporarily closed the account in order to protect the remainder of miles. We need you to reset the credentials on your account.
Can you please perform all the below transactions via www.united.com/mileageplus as soon as possible in order to re-credential the account?
1. Sign into your account using your previous credentials/password/PIN
2. Verify name, address, phone contact and email address for accuracy. Change/update any info that needs to be changed. Please delete info that is not correct. (via “My Account” page at bottom)
3. Set Password (via “My Account” page at bottom)
4. Change PIN (via “My Account” page at bottom)
5. Change Security Question (via “Manage Profile” page on the My Account page)
You will have access to the account once the above transactions take place.
I followed the instructions. I’m also changing my passwords with other airlines and hotels. I’ve called banks and credit cards, but they don’t seem very interested. They say that they constantly monitor accounts anyway….
I’m rather freaked at the moment. Do you have any words of advice?
A New York frequent flyer who elegantly combines her passions for worldwide travel, running a gazillion marathons all over the globe and staying fit ... without sacrificing her fancy for good wine and food.
Damn, I was looking forward to a great trip!
Don’t use public wi-fi on any device unless you are securing your connection with a VPN. Also, using cellular for data is much safer than public wi-fi. Think of using public wi-fi as using a dirty toilet.
I agreed with Romer and want to clarify just don’t login to anything while on public wifi: like apps that auto log you in (Starbucks, united …etc). It’s fine if you just search using public wifi but anything that has login, the hackers can sniff that throught the streams and get your login and password on everything you use.
Were you still using an old 4-digit Continental pin? I’m surprised they didn’t force people to change those to more secure passwords after the merger (no comment as to whether I have changed it or not 🙂 ).
Yes, it was a 4 digit pin.
How difficult were your login passwords? Did they include one capital letter, one or two symbols and several letters that no spell anything in particular? The comment about public wifi is accurate. It is risky but with really solid password you should reduce your risk of being compromised.
I plead the fifth. All I will say is that my passwords are NOW more difficult…
i’m just glad they were vigilant about this and notified you! and i hope they were able to undo eveything the perp did!
thanks! I hope so too!