The cyber safety of Qantas Frequent Flyers is a priority for us. We take active, quality measures to help our members keep safe online and also encourage our members to do what's possible to protect their account and personal information, as well as Qantas Points. The guide below will help you identify threats and protect yourself online.
What’s phishing?
'Phishing' is when scammers try to trick you into sharing information that can be valuable to them, including passwords, PINs, personal information and credit card details.
Phishing emails are the most common for Frequent Flyers, but you might also be targeted with a fake SMS, social media post or even a voice call. Phishing emails might use your name and try to appear authentic by replicating Qantas logos, company information and other familiar materials.
Our top tips for checking your account
Spot if it's a trick
Tell-tale signs of a 'phish' include poor grammar, spelling errors, suspicious links or attachments, urgent or enticing language, and altered email addresses or sender names. Look out for additional numbers or little variations. Take a look at some recent scamsOpens in a new tab or window
If you're suspicious, don't click
If you're not 100% sure something is genuine, don't click on any links or download any attachments. Genuine Qantas offers can usually be found on our website - or check with the Qantas Frequent Flyer Service Centre Remember, Qantas will never ask you to email details of your bank account, credit card, PIN or passwords.
Give '2FA' the tick
With Two-Factor Authentication (2FA), we check if it's really you trying to access your account by asking for a verification code sent to your registered email address, mobile number or Authenticator App. Alternatively, you can answer security questions. To set up 2FA, log into your Profile and go to 'Personal Information'. For more on 2FA, read our FAQs
The cyber safety checklist
When it comes to staying safe online, the more of these habits you keep, the better.
Use strong passwords and PINs
Don't share or write down passwords, and change them frequently. Remember, your Frequent Flyer points are valuable and should be treated like cash. Create unique passwords for each site - avoid easy-to-guess PINs like 1234, birthdays, telephones and postcodes.
Setup Two-Factor Authentication (2FA)
Set up 2FA and auto-lock after periods of inactivity. Log out of accounts and close browser windows when finished.
Be careful of what you share online
Avoid posting your personal information and booking details on social media, including sharing pictures publicly of your ticket or boarding pass.
Keep your computer's security software up to date
Turn on automatic updates for software across your personal devices to help protect your devices from vulnerabilities which could be used to access your device and steal your personal information.
What to do when you have:
Lost your Qantas Frequent Flyer membership card?
- Call the Frequent Flyer Service Centre on +61 2 9433 2329 (Worldwide) or email frequent_flyer@qantas.com.au
- You can access your digital membership card via the Qantas App. To view, go to 'My QFF', then tap on the card icon on the top right-hand corner of the screen.
Noticed suspicious activity on your Frequent Flyer account?
- Call the Qantas Frequent Flyer Service Centre immediately on +61 2 9433 2329 (worldwide)
- Change your PIN for all accounts and sites where you use that PIN
- Check other accounts for suspicious activity and if you notice any, contact the company or service immediately.
Locked out of your Qantas Frequent Flyer account?
Call the Frequent Flyer Service Centre immediately on +61 2 9433 2329 (Worldwide).
Frequently asked questions
Why do I receive a verification code when accessing my Qantas account now? Is this 2FA?
To log in, you usually need to enter your Qantas membership number, last name and PIN. To help members keep their Qantas accounts safe, we've introduced an extra level of security (also known as two-factor authentication or 2FA). When you log into your account, you'll be sent an SMS or email with a verification code to help make sure it's really you. You can also get verification codes using a third-party Authenticator app instead of waiting for texts or emails.
Where will my 2FA verification code be sent? How long is it valid for?
The verification code will be sent to the mobile phone number or email address you have registered in your Qantas account profile, so your personal details need to be kept up-to-date. (As you log in, you'll be reminded of the registered phone number - with a few digits masked for security.) Once you receive your verification code, you have 10 minutes to enter it into the login window. If the time expires, just reload the page to generate a new code.
You can also get verification codes using a third-party Authenticator app instead of waiting for texts or emails. To set this up go to 'My profile', navigate to 'Personal information', select 'Authenticator App' and follow the prompts.
If I receive a 2FA verification code but I’m not trying to log into my account, do I need to report it?
You should contact the Frequent Flyer Service Centre on 13 11 31. There could be several reasons this happens and not necessarily fraud related or due to an attempted hack. A member of the team will check the account for unusual or unauthorised activity and help make sure the account is secure and set up any additional 2FA options. They will also report this for further investigation.
I entered my 2FA verification code incorrectly - what now?
If you enter the code once incorrectly, you'll be given two more attempts. After this you'll be taken through a series of security questions allowing you to log in. You'll need to answer the question about your mother's maiden name plus at least two other questions correctly. Then press 'verify' to log in.
I can't access my 2FA verification code - what do I do?
You may not be able to receive a 2FA verification code because, for example, you haven't got your phone with you or recently changed your number. No problem - just select the option to 'verify another way' shown in the login window. You'll be taken through a series of security questions allowing you to log in.
What does Qantas do to protect members from online scams?
Qantas provides high level layers of security and keeps these security systems up-to-date. Unfortunately, some cyber criminals are masters of sophisticated technology, developing new ways to bypass 2FA, attack or even 'port', which is taking over victims' mobile phone numbers. We constantly review and enhance account security. We also educate our members on practicing good cyber safety habits and encourage them to adopt the security options we've made available.
I never use my points at the Qantas Rewards Store. Can you block all shopping there?
Not yet. But right now, the best way to stop fraudulent shopping with your Qantas Points is to prevent scammers from accessing your account in the first place. However, we are always looking into new ways to help our members keep their accounts secure.
How did they get into my account?
Scammers gain access to accounts by using phishing (fake) emails, SMS or websites to capture login details, then using the information to log in.
How did they get my email address?
Cyber criminals may take email addresses from badly secured mailing lists or from publicly available emails, such as those published on your business or social media website. Hackers also use bots or malware (malicious software) designed to collect this information.
How does clicking on a phishing email lead to breaking into an account?
Simply clicking on a link in a phishing email usually doesn't allow a scammer into your account. That comes next - after you've been tricked into clicking on a malicious link, when you enter your personal details into the fake website. The hacker then captures your details and has the ability to access your account. There are also more sophisticated scams where clicking on a link in a phishing email could download malware on your device which could then capture your login details.
How did you know my account was hacked?
Accounts targeted by phishing scams may demonstrate patterns. We can use these patterns to identify impacted accounts.
Should I also report it to the police?
We don't require you to report this hack. If you think other accounts using the same PIN (e.g. bank or credit card) may have been compromised, you should change your PIN and contact the company or service immediately.
Can I have a new account?
It's possible for us to issue a new Frequent Flyer account however, in most cases, it's not necessary. Adding or updating 2FA, plus taking extra care when clicking on links or opening emails is usually enough to prevent further unauthorised access.
What happens now? Will I receive updates? Will I be refunded?
These events can take a long time to investigate. We don't always involve the authorities and in many cases hackers are not caught, especially if based overseas or able to remain anonymous. When the investigation is complete, a member of the Qantas team will be in touch about any next steps.
How much of my information has been exposed?
Different cyber criminals target different data. Some are interested in the points; others only want the details on your account. Every attack is different.
Could my email address or computer be compromised?
It’s possible. Speak to your email provider or seek help from an IT support centre. You can also access free advice and support from IDCARE if you think your personal identity or information has been put at risk. Call 1800 595 160 (AU), 0800 121 068 (NZ) or visit www.idcare.org.
Can they hack my family or friends through me?
Hackers cannot access details of your family and friends through your Frequent Flyer account. However, if your personal email or computer is compromised and details of your family and friends are stored there, this information may have been targeted.