Hackers stole 100,000 of her Aeroplan points. She wants to warn others about how they did it - Action News
Home WebMail Friday, November 22, 2024, 10:46 AM | Calgary | -10.8°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Montreal

Hackers stole 100,000 of her Aeroplan points. She wants to warn others about how they did it

A woman living on Montreal's South Shore lost 100,000 Aeroplan points after being hacked. She wants to warn others about email bombing, the technique that was used to distract her from what was happening.

Even if she lost points, not money, Montreal-area woman feels 'violated'

Woman.
Jacinthe Dupuis says she'll make sure all of her online accounts have a two-step verification process from now on, 'even if it's really annoying.' (CBC)

Last Sunday, Jacinthe Dupuis knew something was off when she noticed hundreds of emails had flooded her inbox in just a few hours.

All of them appeared to bespam.

After an online search, the woman who lives in Lry, Que., on Montreal's South Shore, realized that she'd likelybeen the victim of something called email bombing.It'sa technique used by hackers to overwhelm someone's inbox with useless emails to take their focus away from the one message they should be paying attention to.

By the time she realized what hackers were up to, it was too late.

Buried in that pile of emails was a warning from Aeroplan, Air Canada's loyalty program. It was alerting herthat changes had been made to her account. When she checked, more than 100,000 Aeroplan points had disappeared.

Someone had already booked aflight from Malaysia to Abu Dhabi, and shehad only about 12,000 points left.

"I know it's a little bit superficial because it's just points, it's not actual money. I still feel a bit violated," said Dupuis, who was looking forward to booking a trip using points she had spent years accumulating.

Even though Air Canada was not at fault, the company quickly restored Dupuis'slost points.

She's hoping to get the word out about her experience so that people can act quickly if ever they're the victims of email bombing and fraud.

"I think it's important to know that it's happening right now and it can have an effect. I mean, this was only my Aeroplan account. It could have been something else like my bank accounts," she said.

WATCH| Tips to avoid being defrauded:

Your accounts should never be accessible without 2-step verification, expert says

6 months ago
Duration 1:02
Claudiu Popa, a privacy and cybersecurity consultant, says to reduce the chances of being defrauded, people should make sure each of their online accounts can only be accessed through a two-step verification process.

Protecting yourself from a 'false flag'

Claudiu Popa, a privacy and cybersecurity consultant, says email bombing is known as a "false flag."

"It's trying to draw your attention to one thing while criminals are doing another," he said.

"It allows criminals to operate with impunity and to delay detection. And that's key because when you're delaying detection, you're also delaying reporting."

He said email filters can help guard against email bombing and popular email services usually come equipped with those. Popa also recommends people customizing those filters to make sure certain keywords commonly used in emails you don't want to receiveare detected.

Computer screen
Jacinthe Dupuis's inbox was flooded in a matter of hours on Sunday. (CBC)

The most important step people can take to guard against hackers getting intotheir accounts after being email bombed, Popa said, is to make sure none of them can be accessed without a two-step verification process.

"No one should ever access their bank account without two-factor authentication. No one should ever access any government account or Revenue Canada account or financial account without multi-factor authentication being turned on," he said.

"Nowadays it's also very important to enable it on social media accounts. Facebook, for example, and LinkedIn accounts are being stolen."

Dupuis plans to make sure all of her accounts have that level of protection "even if it's really annoying," she said with a laugh.

"I need to be really careful."

With files from Steve Rukavina