Cyber criminals targeted a man in New Zealand, stealing 288 000 frequent flyer points from his Virgin Australia account to go on a holiday in Bali, before stealing another $13 500 from his bank account.
The man, a 47-year-old named Daniel Tsui, who travels between Brisbane and Cairns weekly for work, realized something was amiss in March 2022, when he checked his Virgin Australia account and found only 10 000 frequent flyer points on his profile. He realized 288 000 of his frequent flyer points had been stolen by a hacker, and spent on a hotel stay in Bali. Tsui said that it was fortunate that he booked flights constantly for work, and noticed that he had been hacked before it had been too late. Virgin Australia managed to freeze his account when notified of the data breach, and recovered his frequent flyer points.
However, his troubles were not over.
Since March, Tsui has been plagued by a sequence of security breaches and attacks on his accounts, including his bank accounts, PayPal, and a defunct Netflix account.
In April, the Commonwealth Bank sent Tsui an email, notifying him that someone had logged in to his account from an unknown device. When he opened his account to check his finances, he found out that $13 500 had been transferred out of his offset account without his consent. While Tsui informed the bank of the breach, and managed to change his password and block the transaction, the hackers attacked him again later that same month, in their attempt to authorize their own accounts as trusted bank accounts to his PayPal profile. In May 2022, Tsui’s defunct Netflix account was reinstated by his hackers. He believes that the cyber criminals had stolen his data and passwords illegally, as he received an alert from Google Chrome that he had been involved in a data breach.
This sequence of cyber attacks against Tsui may appear to be an isolated incident.
Rise in Attacks
However, the incidence of cyber attacks has been on an upward trend across the globe, from 2020 to 2021. Hackers have become more aggressive and persistent in targeting both corporate networks and individuals. In 2021 alone, thousands of cybersecurity compromises were reported, with high-profile incidents involving ransomware, supply-chain attacks, and exploitation of technological vulnerabilities.
Although Tsui has managed to block or halt most attempts to break into his finances, he is concerned that the hackers will continue to target his accounts and compromise his finances, noting that the cyber criminals “will probably just by chance try common things that people sign up to.” He remains on high alert to protect his other accounts.