• Sign in / uponeworld
    Cathay Pacific

    How to keep your membership login safe?

    • Never reveal your membership login details or OTP to anyone.
    • Before logging into your membership account, check that you're on our official Cathay Pacific website.
    • Ensure that your internet browsers and mobile apps are up to date. Using the latest versions may provide you with enhanced security features.
    • If you use a shared computer, always log out of your accounts, close the browsers, and clear the web browser cache where possible.
    • Protect your devices by keeping them up to date and installing required end-point protection to protect your devices.
    • Ensure the antivirus software on your devices is updated with the latest virus signature
    • Contact us immediately if you notice suspicious activity in your membership account. This can include unknown transactions, unidentified redemption nominees, or unsolicited OTPs

    Email protection

    Do

    • Beware of fraudulent emails that claim to have been sent by Cathay Pacific
    • Be cautious when opening emails and their attachments, especially when receiving emails from strangers or suspicious email addresses
    • Be cautious of any suspicious email address, e.g. incorrect grammar/ spelling, misleading domain name
    • Open email attachments with extreme care. Always scan the attachment with “pdf”, “exe”, “bat”, “.vbs”, “.js”, “.com” extensions
    • Beware of email scams. If you receive any suspicious emails from business partners, you should confirm the identity of the purported sender
    • Keep a copy of the entire spam / phishing email in its original format (including any attachments) for reporting or if requested for investigation

    Don’t

    • Do not click through URL links from untrusted sources or emails such as spam emails to avoid being re-directed to fraudulent websites which appear to be legitimate
    • Do not reply to any email messages from unknown senders
    • Do not provide your personal details to an unknown source

    To report a phishing/suspicious email claiming to be from Cathay Pacific, you can forward the message to us at reportphishing@cathaypacific.com. Make sure to include the complete header information of the suspicious message.

    While this email address is monitored, you may not receive an individual reply to your report beyond an auto-acknowledgement.

    Identify potential phishing emails

    Phishing attacks are among the top tactics by hackers to gain sensitive information from users and continue to rapidly evolve to target their victims. Here are some signs to look out for:

    • The sender’s email address doesn’t look right
      For example, if you receive an email from @cathypcific.com instead of @cathaypacific.com, do not open the email.
    • The email asks you for confidential information
      We will never ask for your banking, credit card details or passwords over email, messages or calls. Never click on any suspicious links in an email.
    • The email requires you to open an attachment for an activity you did not request for
      The sender may claim that an attachment contains important information on your booking or flight. Sometimes, the attachment may have a file extension you may not be familiar with. When in doubt, don’t open the attachment as it may be malware, a malicious software or virus. Contact us instead to verify its authenticity.
    • Convincing phrases: “You’ve just won a prize!”
      If it comes as a surprise to learn that you’ve just won a lucky draw you don’t remember ever taking part in, contact us to verify its authenticity.
    • The email is poorly put together
      If the email’s visuals look hastily put together, and are filled with spelling and grammatical mistakes, it’s likely to be the work of a cybercriminal.
    • Website link to log in is not secure
      Avoid logging in to unsecured websites (i.e. URLs which do not start with HTTPS) and do not disclose any sensitive confidential information there.

    Frequently Asked Questions

    • Login to your account and change your password immediately with a strong password

    • Verify your profile details such as your (name, email address, phone number and address etc) have not been not tampered with and they remain intact

    • Keep your one-time password (OTP) safe and do not share this with anyone once received
       

    • Use the following tips to create a strong password
    • Make it at least 12 characters long; the longer, the better
    • Mix upper and lower case letters
    • Include symbols
    • Avoid dictionary words, names and common passwords
    • Avoid re-using passwords across different websites and applications
    • Change your password every 2-3 months for maximum security
    • Keep the password to yourself only
    • If you use the same passwords for your email IDs linked to membership accounts or any other social media accounts, we suggest you change your passwords to enhance your protection from social engineering attacks.
       
    • You receive an OTP notification even when you're not logged into your account or without your own request

    • You receive notification of a user sign In, which you didn’t do

    • You notice redeemed miles for bookings or purchases that you never made

    • Your account details have changed without consent
    • Please reset your account password and verify your details. If you still feel that your account has been compromised, then please contact us
    •  

    You can forward the message to us at reportphishing@cathaypacific.com. Make sure to include the complete header information of the suspicious message.

     

    If you suspect any fraudulent transactions on your credit card, we suggest you to reach out to your credit card company immediately and follow their instructions.

    If you suspect that your account password has been compromised too, then please login to your account and change your password immediately and at simultaneously.

    Verify your account profile and details to ensure that they remain intact.