Hacked AMEX MR Account - My Points Are Disappearing. Check yours.

tunzafun001 on 09/04/2018 - 11:52

Hi all,

I have just noticed my AMEX MR points have reduced. I logged on to find 2 redemption travel bookings on my account.
I called up to let them know and they advised changing my passwords (which I did).

I then checked again this morning. Another 2 bookings even after changing my password.

I then received a call from AMEX stating that my account has been compromised and that they will need to erase all my previous account information, send out a new card and it will take a minimum of 10 days. Not knowing if the call is from the legit AMEX I said I will call them back before giving out any further information. They did tell me the booking was under a female of Chinese origin? No idea how the bookings are being made, how they got my info. I did check my account balance at the Airport using wifi in Christchurch in July last year. Other than that, my card is always on me and I don't have my passwords etc recorded anywhere (not that changing the password made any difference).

Just a heads up / if anyone has any similar experiences?

Financial

Related Stores

American Express
American Express

Comments

  • [Deactivated] on 09/04/2018 - 12:09
    -4

    Nope

  • Samsungnote10 on 09/04/2018 - 12:15
    +1

    you coud dress up as a female chinese and wait at the airport to catch them in the act!

    • tunzafun001 on 09/04/2018 - 13:11

      Hmm, Going to the airport is one way, possibly the fun way. The other you would think is that they would have to provide valid forms of ID to get on flights etc (especially if an international booking), so maybe…just maybe an AMEX representative/ Police could go to their house!

      But the former, is a great pun.

      https://www.reddit.com/r/americandad/comments/2u6gpy/thank_y…

  • No Username on 09/04/2018 - 12:38
    +5

    If you keep changing your password and the account keeps being accessed. Then your computer or browser has been ratted. This allows the hacker to control your computer from their side. They can take screenshots, view your webcam and transfer files without your knowledge.

    You can fix this by:

    • Running Malwarebytes
    • Running Windows Defender
    • Download and run adwcleaner adwcleaner
    • Download and run Rkill RKill
    • kingmw on 09/04/2018 - 13:00

      Worse case scenario - Format and reinstall.

    • tunzafun001 on 09/04/2018 - 13:13

      Hmm, I'm in a government job with firewalls and anti virus everywhere. But cheers, I'll check with IT to see which of this stuff I can run.

      I think it's an issue with the "new look" system on AMEX's end.

      • FSTB on 09/04/2018 - 13:26
        -2

        Any "new look" systems or system redesign these days include backdoors to China. That explains the booking of Chinese origin, nothing much you can do here as it's a feature.

        • No Username on 09/04/2018 - 14:24
          +1

          That's why I don't buy any products from Xiaomi. Thier wireless camera system is a joke when it comes to security. Thier custom firmware for android seems sketchy. Sending private data back to their servers.

      • No Username on 09/04/2018 - 14:28

        You should be able to sign into your local account and access the software that way. If the servers are blocking you from installing applications.

    • dazweeja on 09/04/2018 - 14:41

      Changing passwords doesn't necessarily invalidate existing sessions. It depends on how the system is designed (I would definitely invalidate them myself though). It sounds from the OP that it's possible that all bookings were made within a 24 hour period which is not an unusually long period for session expiry. Some frameworks have session expiry set to a week or more. Although having persistent sessions in combination with not invalidating sessions on password change would obviously be terrible design, it doesn't mean that it doesn't happen ;)

      Of course, checking for viruses as you suggest is sound advice.

      • tunzafun001 on 09/04/2018 - 17:25

        Bookings are 3 days apart. To me it looks like a legitimate booking with 'the wires crossed'. Ie AMEX site has somehow linked there account to my rewards account. Either way, no one wants to see their points just disappearing.

        *Update - AMEX have deleted my account and cancelled my card. They said a new card will take 10 business days. Was about to book a holiday myself..great timing.

        • dazweeja on 09/04/2018 - 17:32

          Fair enough. Sounds like pretty bad system design for that to happen. You should at least get an email when your rewards account is linked.

  • bohn on 12/04/2018 - 07:51
    +1

    AMEX should allow 2 factor auth (google authenticator etc). FFS.
    I have mentioned it to them before, they said, Oh we don't need it because they can't do anything nasty in the online portal EXCEPT STEAL YOUR POINTS.
    That's what they said to me hehe.

Login or Join to leave a comment
Login Join