Person using a laptop

Staying Cyber Safe

What you need to know

The cyber safety of Qantas Frequent Flyers is a priority for us. We take active, quality measures to help our members keep safe online and also encourage our members to do what's possible to protect their account and personal information, as well as Qantas Points. The guide below will help you identify threats and protect yourself online.

What’s phishing?

'Phishing' is when scammers try to trick you into sharing information that can be valuable to them, including passwords, PINs, personal information and credit card details.

Phishing emails are the most common for Frequent Flyers, but you might also be targeted with a fake SMS, social media post or even a voice call. Phishing emails might use your name and try to appear authentic by replicating Qantas logos, company information and other familiar materials.

Our top tips for checking your account

The cyber safety checklist

When it comes to staying safe online, the more of these habits you keep, the better.
 

tip icon

Use strong passwords and PINs

Don't share or write down passwords, and change them frequently. Remember, your Frequent Flyer points are valuable and should be treated like cash. Create unique passwords for each site - avoid easy-to-guess PINs like 1234, birthdays, telephones and postcodes.

lock

Setup Two-Factor Authentication (2FA) 

Set up 2FA and auto-lock after periods of inactivity. Log out of accounts and close browser windows when finished.

web icon

Be careful of what you share online

Avoid posting your personal information and booking details on social media, including sharing pictures publicly of your ticket or boarding pass.

software update

Keep your computer's security software up to date

Turn on automatic updates for software across your  personal devices to  help protect your devices from vulnerabilities which could be used to access your device and steal your personal information.

What to do when you have:

Lock icon

Locked out of your Qantas Frequent Flyer account?

Call the Frequent Flyer Service Centre immediately on +61 2 9433 2329 (Worldwide).

Frequently asked questions

Why do I receive a verification code when accessing my Qantas account now? Is this 2FA?
To log in, you usually need to enter your Qantas membership number, last name and PIN. To help members keep their Qantas accounts safe, we've introduced an extra level of security (also known as two-factor authentication or 2FA). When you log into your account, you'll be sent an SMS or email with a verification code to help make sure it's really you. You can also get verification codes using a third-party Authenticator app instead of waiting for texts or emails. 

Where will my 2FA verification code be sent? How long is it valid for?
The verification code will be sent to the mobile phone number or email address you have registered in your Qantas account profile, so your personal details need to be kept up-to-date. (As you log in, you'll be reminded of the registered phone number - with a few digits masked for security.) Once you receive your verification code, you have 10 minutes to enter it into the login window. If the time expires, just reload the page to generate a new code.

You can also get verification codes using a third-party Authenticator app instead of waiting for texts or emails. To set this up go to 'My profile', navigate to 'Personal information', select 'Authenticator App' and follow the prompts.

If I receive a 2FA verification code but I’m not trying to log into my account, do I need to report it?
You should contact the Frequent Flyer Service Centre on 13 11 31. There could be several reasons this happens and not necessarily fraud related or due to an attempted hack. A member of the team will check the account for unusual or unauthorised activity and help make sure the account is secure and set up any additional 2FA options. They will also report this for further investigation. 

I entered my 2FA verification code incorrectly - what now?
If you enter the code once incorrectly, you'll be given two more attempts. After this you'll be taken through a series of security questions allowing you to log in. You'll need to answer the question about your mother's maiden name plus at least two other questions correctly. Then press 'verify' to log in.

I can't access my 2FA verification code - what do I do?
You may not be able to receive a 2FA verification code because, for example, you haven't got your phone with you or recently changed your number. No problem - just select the option to 'verify another way' shown in the login window. You'll be taken through a series of security questions allowing you to log in.

What does Qantas do to protect members from online scams?
Qantas provides high level layers of security and keeps these security systems up-to-date. Unfortunately, some cyber criminals are masters of sophisticated technology, developing new ways to bypass 2FA, attack or even 'port', which is taking over victims' mobile phone numbers. We constantly review and enhance account security. We also educate our members on practicing good cyber safety habits and encourage them to adopt the security options we've made available.

I never use my points at the Qantas Rewards Store. Can you block all shopping there?
Not yet. But right now, the best way to stop fraudulent shopping with your Qantas Points is to prevent scammers from accessing your account in the first place. However, we are always looking into new ways to help our members keep their accounts secure.

How did they get into my account?
Scammers gain access to accounts by using phishing (fake) emails, SMS or websites to capture login details, then using the information to log in.

How did they get my email address?
Cyber criminals may take email addresses from badly secured mailing lists or from publicly available emails, such as those published on your business or social media website. Hackers also use bots or malware (malicious software) designed to collect this information.

How does clicking on a phishing email lead to breaking into an account?
Simply clicking on a link in a phishing email usually doesn't allow a scammer into your account. That comes next - after you've been tricked into clicking on a malicious link, when you enter your personal details into the fake website. The hacker then captures your details and has the ability to access your account. There are also more sophisticated scams where clicking on a link in a phishing email could download malware on your device which could then capture your login details.

How did you know my account was hacked?
Accounts targeted by phishing scams may demonstrate patterns. We can use these patterns to identify impacted accounts.

Should I also report it to the police?
We don't require you to report this hack. If you think other accounts using the same PIN (e.g. bank or credit card) may have been compromised, you should change your PIN and contact the company or service immediately.

Can I have a new account?
It's possible for us to issue a new Frequent Flyer account however, in most cases, it's not necessary. Adding or updating 2FA, plus taking extra care when clicking on links or opening emails is usually enough to prevent further unauthorised access.

What happens now? Will I receive updates? Will I be refunded?
These events can take a long time to investigate. We don't always involve the authorities and in many cases hackers are not caught, especially if based overseas or able to remain anonymous. When the investigation is complete, a member of the Qantas team will be in touch about any next steps.

How much of my information has been exposed?
Different cyber criminals target different data. Some are interested in the points; others only want the details on your account. Every attack is different.

Could my email address or computer be compromised?
It’s possible. Speak to your email provider or seek help from an IT support centre. You can also access free advice and support from IDCARE if you think your personal identity or information has been put at risk. Call 1800 595 160 (AU), 0800 121 068 (NZ) or visit www.idcare.org.

Can they hack my family or friends through me?
Hackers cannot access details of your family and friends through your Frequent Flyer account. However, if your personal email or computer is compromised and details of your family and friends are stored there, this information may have been targeted.