Some links to products and partners on this website will earn an affiliate commission.
I came across an interesting situation recently. A friend of mine logged into his hotel loyalty programme account and found a hotel booking that he wasn’t expecting. If this situation arises, what should you do?
1. Check for tell-tale signs that your account was hacked
The first thing that a hacker will try to do after accessing your account is to change the e-mail address and/or phone number. Check to see whether any changes have been made to your contact details. If they have –> your account has definitely been compromised.
Not only has your loyalty account been hacked, they quite possibly also have access to your email account – since hotel chains often send email confirmations to the “old” address when any updates are made (a hacker would have logged into your email account and deleted the message before you could read it). Any criminal knows that the longer the victim is unaware of what’s going on –> the more likely they are to get away with it.
You will also want to take a close look at the recent transactions listed on your account. Was this room booked using your points? If you have fewer points than you expect and/or this strange booking was made using your points –> your account has probably been compromised. The criminal might not even be the person listed as the primary or secondary guest; it could simply be an innocent third party who thought they were getting a bargain on a hotel stay from a legitimate-looking website. Some hackers exchange points for whatever quasi-cash they can get – Amazon vouchers, etc, – but some run a dodgy travel business based on stolen miles and points…
Do you have a credit card stored on your account? Was it used to make a cash booking? Look at the details of the room booking. You are unlikely to recognise the “secondary guest” listed, but you should be able to see whether it is your credit card being used as guarantee. If anything looks fishy, delete your stored credit card details and assume that your account has been compromised.
If anything looks off, change your password! And make it a hard one to hack!
If you are missing points, etc, then you’ll have to call the hotel chain and explain what’s happening…
2. Consider whether to be nice and greedy at the same time
If you have made exhaustive checks of your account and nothing appears amiss, you might simply be looking at a question of human error. In that case, you might want to do nothing. Here’s why…
Is the booking at a hotel where you’ve stayed before? A hotel clerk might have accidentally pulled up the wrong customer file when making a reservation for a walk-in or direct-call guest. This is especially likely if the guest’s name is similar, but not necessarily identical to your own.
Have you recently called customer service for the hotel chain / loyalty programme? Some customer service agents forget to properly close your account file before answering their next call. That next caller might just be the random guest listed on your rogue booking.
Or your account number might be very similar to the account number of the actual guest. A fat finger error, combined with a lazy / embarrassed agent, might mean nothing more than your loyalty programme account number is attached to somebody else’s legitimate booking.
You first instinct might still be to “get rid of the rogue booking”. But before you do…
- You are probably cancelling a perfectly legitimate hotel booking, and somebody is going to arrive to a hotel to find that their reservation has been cancelled. Would you appreciate it if that happened to you, through no fault of your own?
- You might actually receive the points and elite status credit for this booking. If all looks safe, why not? 😀
3. Use Award Wallet
No… we aren’t paid by Award Wallet. Yes… we are aware that some readers might have an issue with one website holding all of your password details. But if you want to be made aware of strange things happening to your loyalty programme accounts – but don’t have the time to log in frequently to each individual website – then Award Wallet is an excellent tool. The more often you click the “update all” button on Award Wallet, the quicker you will be informed of missing points, changed passwords, etc. The regular contributors to InsideFlyer UK all swear by it…
Have you ever received points for somebody else’s hotel booking or flight? Or discovered somebody else’s hotel booking in your account? Let us know your story in the comments section…