I had approximately two-thirds of my balance of IHG points stolen thanks to “my sister” calling and booking two rooms using my account. A few problems with this. I was not in Orange County, California at the time of these bookings, and I am an only child. I’m confident my wife’s sisters did not book this using my name.
These reservations were made late at night after the cancellation time, so even if I wanted to cancel, it was too late. As luck would have it, I was on a flight at the time, so calling wasn’t even an option. My attempts to get this resolved with IHG have thus far been fruitless. After providing information to the fraud team, my claim was not accepted:
I have received a response from our Fraud Team and they advised that the redemption is considered valid. Please note that you are responsible for restricting access to and maintaining the confidentiality of your membership account and PIN and agreed to accept responsibility for the activities of anyone using your account.
I am continuing to push this matter, and hope to come to some satisfactory resolution. I’m far from that point now.
IHG Points Stolen- A 4 digit PIN isn’t secure
I’m by no means an expert in online security, but it is concerning that IHG only requires a 4 digit pin. While it is easy to remember, it is also quite easy to hack. United used to only use a 4 digit pin, but they have moved a more secure system with a password and some security questions. Rather annoying, and it is not two-factor authentication as they describe it. Still, given what I’ve experienced with IHG, at least United is trying. I use 2FA for as many accounts as I can.
Once realizing my IHG account was compromised, I immediately changed the PIN. While doing so, I realized someone changed my email address on the account. These people went to a pretty significant effort to book 2 stays at a Holiday Inn Express. They changed my email address to end with @mail.com. Subtle, and I didn’t notice right away. Not sure why they didn’t change the PIN to prevent my access later.
Lessons learned – IHG Points stolen
As always, keep an eye on your accounts. IHG is a distant 4th or 5th option for my hotel preferences, but over the years with a few stays and lots of promotions, I had a decent balance. I use Award Wallet to track various accounts, and this helps, especially with programs like this.
My advice is to secure accounts as best as you can. I’m not certain how to prevent something similar from happening with programs that are secured only by a 4 digit pin. Any suggestions?
