# Got Hacked and lost 700,000 Marriott Reward Points



## MauiSunset (Mar 31, 2015)

Yesterday I learned that my Marriott Reward Points account was hacked and taken over by someone and drained the 700,000 MRPs in our account.

I notified Marriott and they faxed me a fraud report and I outlined what happened and I'm waiting to find out if I will ever get back those 700,000 points.

Here's what happened:
On 7/27/14 I got an eMail from the MRP site that said my eMail address was adjusted and not to reply to the eMail.

I get spoofs like this all the time and the eMail did not indicate the new eMail address and read the eMail while waiting at a red light in traffic - I forgot about it.

2 weeks later 5 transactions took place:
8/10/14 - 87,500 points removed to buy a travel package
8/10/14 - 105,000 points removed to buy a travel package
8/11/14 - 175,000 points removed to buy travel package
8/11/14 - 175,000 points removed to buy travel package
8/13/14 - 130,000 points removed to buy travel package
672,000 points removed in 4 days and of course I never got an eMail to confirm the transactions.

Well, yesterday I made a reservation for one day reservation at the Marriott Courtyard in Maui and did not get an eMail to confirm the reservation - so I started to investigate.....

The folks at Marriott were not surprised that this had happened - seems to be something that happens but I don't know how frequently.

I changed the eMail address over the phone with Marriott and then changed the password to our account. The old password was a very complex one so no one guessed what it was - how they got the password is beyond me but hacking of Marriott is a more plausible explanation.

VRBO was hacked 4 months ago and hundreds of folks got spoofed into wiring money to crooks. (my guess) I'd suggest you check your account and the eMail address on file.

Anyone else have a similar situation and what was the outcome?

Thanks much for any feedback and I'll keep you up to date as to what is happening unless this is a common thing that happens all the time - Maui


----------



## 55plus (Mar 31, 2015)

Your computer might be infected with a key logger malware/virus. If this is the case you should change all your passwords on passwords you typed on the computer. Make sure your security is up-to-date and run a full system scan.


----------



## Beaglemom3 (Mar 31, 2015)

Sorry that this happened to you.

Many thanks for the warning.




-


----------



## MauiSunset (Mar 31, 2015)

morrisjim said:


> Your computer might be infected with a key logger malware/virus. If this is the case you should change all your passwords on passwords you typed on the computer. Make sure your security is up-to-date and run a full system scan.



Could be but I've got McAfee and nothing gets through and I've not had another instance of a password stolen in 7 months since the incident

and I have a new PC with nothing brought over from the old one I used 7 months ago.

but the crooks are so far ahead of everyone else that anything is possible.


----------



## DeniseM (Mar 31, 2015)

Do you use the same password, or a very similar one, on any other website?

Have you ever used the password on a public computer, like at a resort?


----------



## MauiSunset (Mar 31, 2015)

DeniseM said:


> Do you use the same password, or a very similar one, on any other website?
> 
> Have you ever used the password on a public computer, like at a resort?



I have 5 passwords that I use on hundreds of websites.
so yes I've used that password in other places and is a possible explanation.

I created #6 in honor of the Marriott hacking incident.

passwords seem so 1970'ish.


----------



## DeniseM (Mar 31, 2015)

Do you, or have you ever had, Anthem health insureance?

Have you gone through all the critical websites that you use, and changed your passwords to new and unique passwords?


----------



## SueDonJ (Mar 31, 2015)

It's not unheard of but it seems to happen infrequently, and sometimes with no apparent connection to how you use the account or password-protect it.  Hackers are smart - they can get in despite the best efforts at prevention.  Here's a 2010 thread where the OP says Marriott corrected things and her Points were returned within a week.  She's not the only TUGger to have begun using a PIN number with her Marriott Rewards account - I think it's something they'll allow for anyone who asks.

Good luck!


----------



## LisaRex (Mar 31, 2015)

How awful.  

I had my identity stolen by the Anthem (Blue Cross) data breach.  They used my and my husband's SSNs and filed a fake return with the IRS.  When I tried to e-file my tax return last week, I was notified that the IRS had already accepted a return with our SSNs.  Ruh roh.

I finally reached a human with the IRS and they confirmed that someone filed and received a sizable refund.  

FYI, in 15 years I've never gotten a refund.  We've always owed money because my husband invests money and we always owe on short and capital gains.  You'd think that a sizable refund would be a red flag, but apparently not.  

So I spent the better part of the day enrolling in ID protection for my children (as their SSNs were also hacked; we've paid for ID protection on our own for years since a good friend's ID was stolen), putting a credit freeze on our account, filling out police reports, notifying the FTC, etc.

Yippee!!

I sincerely hope you get your MRs back.


----------



## MauiSunset (Mar 31, 2015)

SueDonJ said:


> It's not unheard of but it seems to happen infrequently, and sometimes with no apparent connection to how you use the account or password-protect it. Hackers are smart - they can get in despite the best efforts at prevention.  Here's a 2010 thread where the OP says Marriott corrected things and her Points were returned within a week.  She's not the only TUGger to have begun using a PIN number with her Marriott Rewards account - I think it's something they'll allow for anyone who asks.
> 
> Good luck!



Marriott asked me to create a PIN and a security answer.

but as of 10 minutes ago my account does not ask for that PIN nor the security question.


----------



## Mr. Vker (Mar 31, 2015)

Did they give you any grief for noticing now since this happened in August?

(I am not giving you any grief, just curious if they did. Like was there a statute of limitations.)


----------



## SueDonJ (Mar 31, 2015)

MauiSunset said:


> Marriott asked me to create a PIN and a security answer.
> 
> but as of 10 minutes ago my account does not ask for that PIN nor the security question.



Whatever protection they implemented when you first reported the theft should have begun working immediately.  If the PIN was created yesterday and isn't working today, I'd get on the phone again.


----------



## MauiSunset (Mar 31, 2015)

When VRBO got hacked they blamed the folks that got someone asking them if that $5,000 week which was not available the last time I spoke with them was now available and just for $2,000

but only if they sent a wire transfer since I apparently was sailing in the middle of the ocean on a cruise. They wanted to confirm the wiring instructions and I informed them that something was very wrong

so VRBO added the extra step of phone security code sent to my cell phone to get into everyone's account or accounts with possible fraud activity

but if not many folks have had their Marriott account hijacked then someone did get my password or guessed it from some other website I had just created.


----------



## MauiSunset (Mar 31, 2015)

Mr. Vker said:


> Did they give you any grief for noticing now since this happened in August?
> 
> (I am not giving you any grief, just curious if they did. Like was there a statute of limitations.)



Marriott was very professional and very understanding but did not indicate the status of my 700,000 points.

We only go into the account to claim travel packages - about once every year or two.

The only reason I discovered it this year was because I did not get an eMail confirmation from Marriott for the day at the Courtyard.


----------



## DeniseM (Mar 31, 2015)

LisaRex said:


> How awful.
> 
> I had my identity stolen by the Anthem (Blue Cross) data breach.  They used my and my husband's SSNs and filed a fake return with the IRS.  When I tried to e-file my tax return last week, I was notified that the IRS had already accepted a return with our SSNs.  Ruh roh.



Lisa - Our ID was also stolen in the Anthem mess, and the date thieves used it to open some kind of online bank Acct., and get a debit card, and take a $7,000 cash advance.  I found out that this type of activity (debit card - not credit card) does not go through the Credit Bureaus - it goes through a similar agency for bank security, called CHEX - where you can also file a report:



> Consumer Report Security Freeze. This will prohibit ChexSystems from releasing any information in your consumer file without your express authorization, meaning you have to contact ChexSystems and lift the freeze in order for your information to be released (much like placing a freeze with the credit reporting agencies). You should be aware that taking advantage of this right may delay or prevent timely approval from any user of your consumer report that you wish to do business with. The third party will receive a message indicating that you have blocked your information. To set the Consumer Report Security Freeze, call 800-887-7652 or visit ConsumerDebit.com.



If you are caught up in the Anthem mess, or any type of identity theft, here is the info. to report it to the IRS:



> If you become the victim of identity theft outside the tax system or believe you may be at risk due to a lost/stolen purse or wallet, questionable credit card activity or credit report, etc., you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at* 1-800-908-4490* so we can take steps to further secure your account.



MORE INFO:  http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft


----------



## MauiSunset (Mar 31, 2015)

Good news - I think.

Called Marriott and they got my paperwork on the fraud and they are processing it and I should get my points back into the account within 2 weeks.

I'm crossing every finger and toe I've got.

I asked about the 4-digit PIN not on the website since they did ask for it on the phone - Marriott says they don't protect the website with that same 4-digit number so I've got to monitor the account more closely.

Anyway, that's the status now - "hopeful".


----------



## Mr. Vker (Mar 31, 2015)

MauiSunset said:


> Good news - I think.
> 
> Called Marriott and they got my paperwork on the fraud and they are processing it and I should get my points back into the account within 2 weeks.
> 
> ...



I believe the PIN's etc are only when you call in. Which sucks if you have tracking malware on your computer. You could add punctuation etc.


----------



## ilene13 (Mar 31, 2015)

I was the person who was hacked in 2010.  Marriott was terrific.  I got my points back and whenever I redeem my MRP which is not often I have to give the PIN number.
When my points were taken they were there one day and taken about a week later.  I do continually check my balance.  I also now have a very "strong" password.


----------



## PamMo (Mar 31, 2015)

It's not just Marriott points, hackers are going after Airline FF miles, too! If there is anything of value, it seems like crooks are finding ways to steal it online.

http://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked

http://www.bbc.com/news/technology-32115292

http://www.consumeraffairs.com/news...an-and-united-airlines-passengers-011315.html


----------



## Cmore (Mar 31, 2015)

PamMo said:


> It's not just Marriott points, hackers are going after Airline FF miles, too! If there is anything of value, it seems like crooks are finding ways to steal it online.
> 
> http://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked
> 
> ...



Wow, scary stuff.  Good topic for everyone to be more aware of.  Thanks for sharing, I think I need to be more conscious of security, even though I've been fortunate enough not to have a problem so far.


----------



## GreenTea (Mar 31, 2015)

This just happened with BA Avos accounts as well.  While my Marriott has been okay it did happen with a credit card points account.  I discovered it quickly and they  sent me a check for the value of the points that were stolen (they also got their check ). It also recently happened with a Starbucks account.  I noticed a few SB transactions on a credit card. Each $25.  I called that same day and got it sorted out....someone had hacked into my Starbucks account.   

As much as I curse my 1Passsword, if you use an iPhone and have a Mac, it is supposed to be the most secure.


----------



## Ken555 (Mar 31, 2015)

MauiSunset said:


> I have 5 passwords that I use on hundreds of websites.
> 
> so yes I've used that password in other places and is a possible explanation.
> 
> ...




Sorry for the troubles. But, do yourself a favor and learn about password managers. 1Password and LastPass are quite good (Lastpass has a free version) and will help you create unique passwords for each site. There is no reason to use the same password on multiple sites, and this is inherently a security risk. I used to do this as well, and for years have been slowly modifying and intermittently changing passwords at all the sites I access. Just pick a secure master password for the password manager app, and that's all you need to remember.


Sent from my iPad


----------



## MauiSunset (Mar 31, 2015)

Ken555 said:


> Sorry for the troubles. But, do yourself a favor and learn about password managers. 1Password and LastPass are quite good (Lastpass has a free version) and will help you create unique passwords for each site. There is no reason to use the same password on multiple sites, and this is inherently a security risk. I used to do this as well, and for years have been slowly modifying and intermittently changing passwords at all the sites I access. Just pick a secure master password for the password manager app, and that's all you need to remember.
> 
> 
> Sent from my iPad



I use LastPass and have done so for 5 years at least; works great on my PC, cell phone, and tablets.

However if I use a public computer or a clients computer the add-on is worthless and I seem to do this many times during the week.


----------



## Ken555 (Mar 31, 2015)

MauiSunset said:


> I use LastPass and have done so for 5 years at least; works great on my PC, cell phone, and tablets.
> 
> 
> 
> However if I use a public computer or a clients computer the add-on is worthless and I seem to do this many times during the week.




Wait. You use Lastpass but have five (now six) passwords you use on hundreds of sites? That's not using Lastpass as intended...

To login from a public computer simply go to www.lastpass.com and access your vault, then be sure to log off when done. Simple.


Sent from my iPad


----------



## jpc763 (Mar 31, 2015)

What happens when someone hacks into LastPass?  What a disaster that will be!


----------



## MauiSunset (Mar 31, 2015)

Ken555 said:


> Wait. You use Lastpass but have five (now six) passwords you use on hundreds of sites? That's not using Lastpass as intended...
> 
> To login from a public computer simply go to www.lastpass.com and access your vault, then be sure to log off when done. Simple.
> 
> ...



I still use 6 or so passwords in the past 10+ years and this is the only instance of someone hacking an account of mine out of hundreds of accounts.

My fear is Lastpass going out of business and all the passwords lost or they get hacked. I know Lastpass was on the verge of bankruptcy a few years ago and were sold to someone - hopefully not a hacker.

I don't know why biometrics passwords aren't being used widely by now.


----------



## Ken555 (Mar 31, 2015)

MauiSunset said:


> I still use 6 or so passwords in the past 10+ years and this is the only instance of someone hacking an account of mine out of hundreds of accounts.
> 
> My fear is Lastpass going out of business and all the passwords lost or they get hacked. I know Lastpass was on the verge of bankruptcy a few years ago and were sold to someone - hopefully not a hacker.
> 
> I don't know why biometrics passwords aren't being used widely by now.




Either you use a password manager the way it's intended to be used, or you don't benefit by it. 

Should Lastpass go out of business (doubtful) you can always reset your passwords at each site just as if you forgot them. You're still significantly more secure with it than without.


Sent from my iPad


----------



## Ken555 (Mar 31, 2015)

jpc763 said:


> What happens when someone hacks into LastPass?  What a disaster that will be!




I suggest you read a bit about how these password managers store their passwords before implying that they are quite as open for hacking as other sites.

On a related note, I told my bank yesterday that I'm considering moving to another because independent testing I performed showed that contrary to their constant marketing, they do not have very good security. I was able to secure one account by known IPs, but not all accounts, and they still don't have a multi factor authentication system (which Lastpass has, and I encourage all to use - it's yet another method to secure your passwords).

This really isn't rocket science, but it's not fun so is often ignored even by those who know all about it.


Sent from my iPad


----------



## GaryDouglas (Mar 31, 2015)

I've you have any presence on the internet, there are things you should know...

http://www.futurecrimesbook.com/protect-yourself-the-update-protocol

http://twit.tv/show/security-now/441


----------



## SMHarman (Mar 31, 2015)

I logged on to Marriott for the first time in many months and was forced to change my password. 
I guess Marriott has had some kind of password hack or hackers are using the insecure passwords to access alternate sites. 
To force this change indicates this is a big problem.


----------



## MauiSunset (Mar 31, 2015)

SMHarman said:


> I logged on to Marriott for the first time in many months and was forced to change my password.
> I guess Marriott has had some kind of password hack or hackers are using the insecure passwords to access alternate sites.
> To force this change indicates this is a big problem.



Many websites now require you to set up an account using your Facebook account and it pulls in your information then your posts contain your full name. Many then require you to submit a cell phone number and send a control number to you before you can use your account; including your eMail address associated with your Facebook.

That's the safest way to make sure the website is dealing with the person who set up the account.

But i.Imagine your employer typing in your name into Google - watch what you say on Facebook.


----------



## GreenTea (Mar 31, 2015)

jpc763 said:


> What happens when someone hacks into LastPass?  What a disaster that will be!




1password is only on your devices.  I can't access anything from a public site, thus some of the grumbling I mentioned.


----------



## bogey21 (Mar 31, 2015)

About 3 years ago I closed all unnecessary bank accounts, credit cards, etc.  I also closed my Social Media accounts.  (For the record FaceBook made this difficult.)  Kind of like any account that might be worthwhile hacking is gone unless essential.  I then put freezes on my accounts with all 3 Credit Reporting Agencies.  In addition I check the activity on all my open bank accounts, credit cards, etc. daily.  So far, so good.

George


----------



## WalnutBaron (Mar 31, 2015)

jpc763 said:


> What happens when someone hacks into LastPass?  What a disaster that will be!



As someone commented earlier in this string, passwords seem incredibly antiquated in this era of sophisticated thieves looking to rip off everything from bank accounts and credit card numbers to frequent flier miles and hotel reward points.

The first e-commerce site that replaces passwords with retina scans or fingerprints is going to have a huge competitive advantage.

I've been a subscriber to LifeLock for four years now, and have never had a problem. It's not foolproof, but their $1 million guarantee (essentially an identity protection insurance policy) does offer some peace of mind.


----------



## SMHarman (Mar 31, 2015)

WalnutBaron said:


> As someone commented earlier in this string, passwords seem incredibly antiquated in this era of sophisticated thieves looking to rip off everything from bank accounts and credit card numbers to frequent flier miles and hotel reward points.
> 
> The first e-commerce site that replaces passwords with retina scans or fingerprints is going to have a huge competitive advantage.
> 
> I've been a subscriber to LifeLock for four years now, and have never had a problem. It's not foolproof, but their $1 million guarantee (essentially an identity protection insurance policy) does offer some peace of mind.


The problem with retina scans and fingerprints is once the bio signature is hacked you can't replace it. 

Two factor is where this should be especially in this mobile age. 

Something you have (your phone) generating a secureID type passcode/pin and Something you know. A password. 

My UK bank accounts have achieved this. US HSBC has achieved it. Chase, BofA, CitI?  Not so much!


----------



## billymach4 (Mar 31, 2015)

2 factor is the way to go. If Anthem had 2 factor they may not have have been hacked. 

The CTO was not a Tech person, and they did not want to burden their staff with 2 factor authentication. That silly mistake has cost them millions. And we are the victims.

Yes Denise I had Anthem Health Insurance last year and I got the dreaded letter in the mail


----------



## GregT (Mar 31, 2015)

billymach4 said:


> 2 factor is the way to go. If Anthem had 2 factor they may not have have been hacked.
> 
> The CTO was not a Tech person, and they did not want to burden their staff with 2 factor authentication. That silly mistake has cost them millions. And we are the victims.



What is 2 Factor?

I am woefully uninformed on security and appreciate the education....


----------



## billymach4 (Mar 31, 2015)




----------



## billymach4 (Mar 31, 2015)

I should really define this at Multi - factor Authentication. Have you ever used the RSA FOB to enter a 6 digit number (token) to access a corporate network remotely, or even internally.

Here are a few links to bring you up to speed. I am sure a worldly guy like GregT has used this but never realized what the buzzwords really mean ( multifactor authentication, or 2 factor)

You can even get these as apps on your smartphone and plug in the unique code.

http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

http://en.wikipedia.org/wiki/Multi-factor_authentication

http://www.emc.com/security/rsa-securid/index.htm

https://www.google.com/landing/2step/


----------



## Fairwinds (Mar 31, 2015)

I use ID Vault to manage all my passwords. Works great.


----------



## Saintsfanfl (Apr 1, 2015)

WalnutBaron said:


> The first e-commerce site that replaces passwords with retina scans or fingerprints is going to have a huge competitive advantage.



Fingerprints are a bad idea. There isn't anything less secure. You leave them in thousands of places daily. They may work ok for now in conjunction with an electronic device like the iPhone but long term they are not the answer.

Retina is obviously more secure but as mentioned once it is stolen and captured it can never safely be used again.

Where there is money, thieves will constantly be looking for a way to steal.


----------



## billymach4 (Apr 1, 2015)

*TIME article on Anthem and multi factor authentication or the lack thereof*

http://time.com/3700203/anthem-identity-theft-hacking/

The additional measures New York State is likely to require are known as “multi-factor authentication” and include a range of approaches to verify the identity of those trying to sign on to a computer system. Options include sending a confirmation number to an individual’s cell phone, using a fingerprint or other biometric authentication, or using a separate identification source, like a swipe card.


Lawsky says he is eager to see that change. “The password system should have been buried a long time ago, and its high time we buried it,” Lawsky tells TIME. “We really need everyone to go to a system of multi-factor verification. It is just too easy, whether through basic hacking or through phishing or stealing basic information, for hackers to get a password and a user name and then to get into a system,” he says.


----------



## Ralph Sir Edward (Apr 1, 2015)

The worst part is that no matter how careful you are, everybody else may not be, and you are victimized.I am a current Anthem customer. There was _nothing_ I could do to prevent my data loss...

Once the data is on the counterparty's server complex, and that complex gets hacked, They can hack the verification information, and/or put in a backdoor to bypass the verification...


----------



## KathyPet (Apr 1, 2015)

So, I don't understand how a hacker would use MR points that are not in their name.  When you get a reward cert don!t they electronically send it to a hotel to,cover a reservation that was made.  The certs are issued in the account holders name aren't they?


----------



## MauiSunset (Apr 1, 2015)

KathyPet said:


> So, I don't understand how a hacker would use MR points that are not in their name.  When you get a reward cert don!t they electronically send it to a hotel to,cover a reservation that was made.  The certs are issued in the account holders name aren't they?



My thoughts exactly - the crook is going to have to give their real name at some point and Marriott will simply turn that over to the FBI for an easy prosecution.

Obviously no smart crook is going to let that happen so the crooks are doing something else.


----------



## bnoble (Apr 1, 2015)

MauiSunset said:


> However if I use a public computer or a clients computer the add-on is worthless and I seem to do this many times during the week.



With 1Password, I can get access to the password on my phone, and type it in to a computer I do not own.  I then make sure to change that password when I get back to one of my machines.  It's not that complicated. 

Unless you are willing to use different passwords everywhere, you are at increased risk of this happening again.


----------



## MauiSunset (Apr 1, 2015)

bnoble said:


> With 1Password, I can get access to the password on my phone, and type it in to a computer I do not own.  I then make sure to change that password when I get back to one of my machines.  It's not that complicated.
> 
> Unless you are willing to use different passwords everywhere, you are at increased risk of this happening again.



True - I'm going to try an experiment and use Lastpass to create the next password I need and then dump all passwords to a memory stick and pretend Lastpass was hacked and all their files and backup files were destroyed and see if I can live with it.

Old habits are hard to break.


----------



## Beaglemom3 (Apr 1, 2015)

Just thinking about how someone could have used the points......... hmmm.

Would it be possible to have them used via a guest certificate to an unknowing (or knowing) person(s) ?


I am trying to figure out how they could have been used if not by the thief him/herself.



-


----------



## LisaRex (Apr 1, 2015)

bogey21 said:


> About 3 years ago I closed all unnecessary bank accounts, credit cards, etc.  I also closed my Social Media accounts.  (For the record FaceBook made this difficult.)  Kind of like any account that might be worthwhile hacking is gone unless essential.  I then put freezes on my accounts with all 3 Credit Reporting Agencies.  In addition I check the activity on all my open bank accounts, credit cards, etc. daily.  So far, so good.
> 
> George



Did you file online or fill out the form for an extended Security freeze? If you don't do the latter,  your freeze will expire after 90 days. 

Here's a portion of the email that Experian sent to me:



> Equifax will forward your initial 90 day fraud alert or active duty alert information to the other national credit reporting agencies, eliminating the need for you to contact them directly.  They should also add an alert to their files.  If you do not receive notification from Experian or TransUnion that they have added an alert for you on their credit files, please contact them directly using the following contact information:
> 
> TransUnion, PO Box 6790, Fullerton, CA 92634: (800) 680-7289 Experian, PO Box 9530, Allen, TX 75013: (800) 379-3742
> 
> ...


----------



## bogey21 (Apr 1, 2015)

LisaRex said:


> Did you file online or fill out the form for an extended Security freeze? If you don't do the latter,  your freeze will expire after 90 days.



You are confusing the free 90 freeze with the "paid for" permanent freeze.  I have the latter.  With 2 of the Credit Reporting Agencies I requested (and paid for) the freeze online.  The other required that it be done by mail.  All three were done on the same day about 3 years ago and trust me all three are still in effect.

George

PS  I think I read somewhere that you can now request and pay for permanent freezes with all 3 Credit Reporting Agencies online.


----------



## MauiSunset (Apr 1, 2015)

I have Equifax credit/score watch that puts 90 day fraud alerts on automatically and I can lock my credit report so no one can see it. I can release the lock for a specific company or for a start and end dates.

I just changed my airline mile accounts using Lastpass generating 12 character passwords with upper and lower letters, numbers, and special characters.

If the crooks break through that I guess I'll just cry silently in the corner.


----------



## sea&ski (Apr 1, 2015)

*7 year fraud alert is what you want*

I have more than the usual experience with fraud.  When you are a legitimate victim of fraud, you are able to apply for a 7 year fraud alert with the three credit agencies.  There is no cost involved except for your time and the cost of copying all the pages of information that is required - and then mailing it.  The fraud alert requires the credit bureaus to notify YOU when someone, anyone, even yourself, tries to open an account of any sort; but with your prearranged contact number, one can easily move ahead with any application.  A credit freeze can be cumbersome to deal with because you cannot do anything without un-freezing your accounts which must be done well in advance of any activity.

My two cents.


----------



## BobG7734 (Apr 2, 2015)

Hasn't this thread lost its relevance to TUG/MArriottResortSystem???


----------



## ilene13 (Apr 2, 2015)

:whoopie:





MauiSunset said:


> Many websites now require you to set up an account using your Facebook account and it pulls in your information then your posts contain your full name. Many then require you to submit a cell phone number and send a control number to you before you can use your account; including your eMail address associated with your Facebook.
> 
> That's the safest way to make sure the website is dealing with the person who set up the account.
> 
> But i.Imagine your employer typing in your name into Google - watch what you say on Facebook.



I have never seen any websites that insist that you use FACEBOOK.  I do not use FACEBOOK because I feel it is too invasive.  I would never have an account somewhere that insists that I use it.


----------



## bogey21 (Apr 2, 2015)

sea&ski said:


> A credit freeze can be cumbersome to deal with because you cannot do anything without un-freezing your accounts *which must be done well in advance of any activity*.



Really?  I have had to temporarily lift my freeze twice (both times for 24 hours).  *Both times it was done in less than 10 minutes *once while I was setting up an account at the Verizon store and the second time while I was negotiating a new lease on my car at DM Leasing.  Both times I was notified via email that my freeze had been reestablished after the 24 hour hiatus.

George


----------



## KathyPet (Apr 2, 2015)

I'm still waiting for someone to tell me what a hacker would do with all those travel award packages which would be issued in the OP's name and sent electronically to hotels to cover reservations that had already been made supposedly by the OP.


----------



## sea&ski (Apr 2, 2015)

KathyPet said:


> I'm still waiting for someone to tell me what a hacker would do with all those travel award packages which would be issued in the OP's name and sent electronically to hotels to cover reservations that had already been made supposedly by the OP.



You can purchase items from the lovely catalogue.


----------



## KathyPet (Apr 3, 2015)

But the OP states that the points were used for travel packages


----------

