Scammers Took 309,000 of My Hilton Points. Here's How to Get Them Back
Back on July 11, I received an auto-generated email notifying me that my Hilton points had been redeemed through Amazon. That is certainly never a strategy I would use to redeem Hilton points — nor do we recommend this for any type of loyalty currency — and instantly I knew was a victim of scammers. I logged into my Hilton account to see my previous balance of over 310,000 down to just over 1,000 points. This set in motion a 20-day process to get my points back.
Not one to wait on an e-mail response, I called the Hilton Honors elite line and briefly described the problem. They transferred me to a security team who took down my information and told me someone would be in touch within 5-10 business days. Since I was trying to make an award booking (one that was now impossible with so few points), I asked for expedited service but was told nothing could be done. I followed up with the Hilton Twitter handle — who sometimes can make great things happen — but was told the account was under fraud protection and couldn't be touched.
I waited the required ten business days and didn't hear anything back. A phone call on the twelfth business day yielded no results, and by July 31 — 20 days after the initial fraud was brought to Hilton's attention — I still hadn't received an update. While TPG policy doesn't allow us to use PR contacts to help resolve personal concerns, the extended wait period beyond the expected time for resolution meant I probably wasn't alone in this struggle. I reached out to the Hilton team to request additional information on how to handle situations with a significant delay in getting points back — like mine. They responded quickly with concrete steps that members should take when they fall victim to fraud, and fortunately, the points in my account were restored later that afternoon.
What Should You Do If This Happens To You?
First, I hope you never find yourself in my shoes. I use 1Password to manage all my passwords (which are rather complex), but this apparently was not enough to thwart the efforts of scammers. When I asked our Hilton contact what members should do to quickly get their points back if they face a similar problem, I was provided the following statement:
We believe Hilton Honors Points are valuable and should be protected. We always encourage our members to protect their account information the same way they would an email or bank account. That includes reviewing account transactions on a regular basis and using strong passwords that are changed often. It’s also important that passwords are unique and not shared across different accounts.
If one of our members notices suspicious activity on their account, we encourage them to contact us immediately at HHFraudProtection@hilton.com, change the password on their account and only access their account from trusted devices. Our team’s normal approach is to investigate a customer report, then reset or recreate that account. In a situation where an individual is missing Points, they should be made whole. For all other customer support, please call 1-800-548-8690 or visit http://hiltonhonors3.hilton.com/en/support/index.html.
Having not heard back in the 5-10 business days I was initially told, I asked Hilton what the standard response time should be for members who believe they are the victim of fraudulent account activity:
If a Hilton Honors member notices suspicious account activity, we encourage them to contact us immediately. We will investigate, respond and if appropriate, make them whole.
At Hilton, our goal is to remediate a member’s account as quickly as we can. There may be circumstances where we need to gather more information to investigate the guest’s account, which may result in longer than usual times. We’re continuously looking for ways to improve our protocols and processes to secure our members’ accounts.
Strategies for Fraud Prevention
Of course, this is a broader issue than just Hilton Honors. Any account is subject to scammers, so you should take any and all possible steps to minimize the risks of losing your hard-earned points and miles. Here are some things I've done to prevent this from happening again — and you should consider all (or most) of these for your own accounts:
- Turn on two-factor authentication: Not all programs allow this, but for those that do, it adds another important step before someone can gain access to your account.
- Use a complex password: As noted above, I had done this, but if you're still using something like "YourFirstName1" it's time to get more complicated.
- Change your password regularly: Even with complex passwords, you should look at changing your passwords frequently. Password managers are great if you can't keep track of which ones you've used where.
- Unlink your accounts from Amazon: Hilton did this for me automatically, but I encourage you to do this on your own. I have heard of this being a somewhat common occurrence for Hilton Honors members who have their accounts linked to Amazon, but you should think about doing it for all loyalty programs that allow for redemptions in this way.
- Check account balances and sign up for emails: The only reason I knew about this fraud is via email, so you should take steps to ensure that you stay up-to-date on your account balances. Make sure that your communication preferences are set to notify you of any awards booked through your account, as the quicker you can identify fraud, the easier it should be to fix.
At the end of the day, there's nothing that can completely prevent scammers from swiping your points and miles, but there are things you can do to make it much harder for them. I'm glad to have my Hilton points back, but I hope that by following the above tips, you can avoid experiencing the same issues I encountered.