Frequent flyer programs deal with an incredible amount of fraud, and that comes in many forms. Well, for the first time ever, I’ve dealt firsthand with miles being stolen (or more accurately, Ford’s miles being stolen).
In this post:
Fraud on Alaska Mileage Plan account
This morning, Ford received an email from [email protected], with the subject line “Please call regarding your Alaska Airlines Mileage Account.” Here’s what the email stated:
Please call Customer Care at 1-800-654-5669 to verify your Mileage Account. There has been recent activity from your account that we suspect may have been done without your permission.
I found that to be odd, and wondered if something had actually happened, or if someone maybe just logged into his Mileage Plan account with a suspicious IP, or something. For example, last year I dealt with what was reportedly fraud on my American AAdvantage account, even though no miles were stolen. This meant that I had to create an all-new AAdvantage account, and more.
So I logged into Ford’s Alaska Mileage Plan account. The previous balance was roughly 231,000 miles, while the balance was now down to around 1,000 miles. OMG! Looking at the mileage activity, it was clear that two awards had been redeemed for in recent days, both on Qatar Airways.
One award ticket was on August 25, for 135,000 miles, while one award ticket was on August 29, for 95,000 miles. There were no further details as to what exactly these redemptions were for.
I should mention that I try to constantly track mileage balances by using AwardWallet. I usually refresh all account balances about once a week, but I hadn’t done so in recent days. It’s interesting how the redemptions were several days apart.
How Alaska Mileage Plan addressed fraud
Ford immediately called Alaska Mileage Plan customer care, where he was helped by a friendly representative. She just asked him to confirm that he hadn’t made two Qatar Airways bookings in recent days. Upon confirming that, she explained what the process would be to reinstate the miles:
- She first asked him to confirm all of his account information
- She then requested that he email a copy of his ID to the airline, to confirm his identity
- Upon receipt of the email, she called back to confirm everything had been verified, and requested that he create a four digit PIN for his account, which is needed in order to redeem miles
- In the future, if he wants to redeem his miles, he’ll have to call Alaska Mileage Plan to provide his PIN, then his account will be unlocked for redemptions for a brief period, before being locked again
The whole process barely took any time, and the stolen miles were even reinstated within an hour. The associate explained how Alaska is working on setting up two factor authentication for Mileage Plan accounts, but in the meantime, the PIN option is the only way to secure an account. Frankly I find that easier than having to set up a new account with new personal information.
I’m curious how exactly this fraud happened
There’s no doubt a massive amount of frequent flyer program fraud out there, though I can’t help but wonder how exactly this played out. Did someone manage to log into Ford’s Mileage Plan account, or did someone call trying to impersonate him?
For what it’s worth:
- He had never received any sort of an email from Mileage Plan about these tickets having been booked
- None of the information on his account had been changed, so his personal information remained the same
- While he had his current email address on file, the phone number and address on file were all outdated by about a decade, so this is unlikely to even be a case of stolen identity
That all leads me to believe that someone managed to log into his Mileage Plan account. I’m curious if at some point there was a data breach with some party that had the username and password, or how else that’s possible. The account has a different password than other accounts, and it wasn’t a common password.
Frankly I find Alaska’s approach to account security to be kind of puzzling. You’d think it would be standard practice to immediate email the account holder when miles are redeemed out of their account, even if someone elects to have the e-ticket sent elsewhere, during the booking process.
For example, every time I redeem American AAdvantage miles, I get an email confirming the number of miles redeemed, and telling me to immediately contact the airline if I didn’t authorize that redemption. This is separate from the confirmation email, which can be sent to any email address.
This has to be costly for Mileage Plan. I know how these fraudsters work, and they generally redeem for very last minute tickets to avoid getting caught, so I imagine the tickets have already been flown. I’m curious what, specifically, tipped Mileage Plan off.
Bottom line
I’m surprised it took this many years, but we’ve finally dealt with mileage theft for the first time. Ford received an email from Alaska Mileage Plan about suspicious activity, and sure enough, 230,000 miles had been redeemed out of his account for Qatar Airways tickets.
It seems like this should have been easier to prevent, with either two factor authentication, or just emailing a member when miles are redeemed out of their account. At least this was reasonably painless to fix, and miles were quickly restored.
What do you make of this Mileage Plan account fraud? Anyone have guesses or insights into how exactly this happens, given the circumstances?
I use AA (citi c.c.) and either me or AA sends me info.
I just jiined Alaska.
SO, Thanks for sending this...I will call them.
WkA
The same thing happened to me—some dude booked a flight from Ghana to NYC with my Alaska miles. I found out about it, called customer service to cancel the flight (first segment had already landed in LHR, but LHR to JFK segment got canceled before boarding). Alaska customer service handled the issue the same way as described here.
I, personally, went thru a "wash check" situation where someone changed the amount and payee of a check I had issued. What took 90 days of the bank dragging its feet was immediately resolved in 9 days via a letter directed to each member of the Board of Directors.
So, consider yourself lucky to get this resolved so quickly!!!
Alaska has horrendous IT
I logged in to my account recently and to my shock saw a few accounts and mile balances that weren’t mine under other names
They have been in the toilet since Covid
I've had two accounts hacked this year after never having had that happened before. 1st time, someone got in to my BA Executive Club account and transferred points out to a Qatar Airways account. Called up BA and they took care of it in a few days although I still don't know what happened. Last month, someone also got into my Marriott Bonvoy account and redeemed for a hotel stay. Still waiting for a resolution...
I've had two accounts hacked this year after never having had that happened before. 1st time, someone got in to my BA Executive Club account and transferred points out to a Qatar Airways account. Called up BA and they took care of it in a few days although I still don't know what happened. Last month, someone also got into my Marriott Bonvoy account and redeemed for a hotel stay. Still waiting for a resolution from Marriott on that one. Both times I got emails sending me a two-step verification code, although I only saw the subject lines in my notification and didn't open the emails before the miles/points were already taken. Seems like someone knew my log in information but was then able to bypass two-step verification or was able to view the code somehow
No worries from the airlines' perspective... just a cost of doing business and to be passed on to the 'valued' passenger. Why the money in IT/Security when you can just pass it on. It's the airlines' version of shoplifting, of course, and the vast majority of the criminals get away with it. Crime does pay in this country.
When I last made an Alaska redemption (April), I got an email confirmation. It even arrived before the Amex "card not present" email. Sounds like the email on the account was changed, then changed back.
As others have said, exact same thing happened to me two weeks ago. Similar Qatar flights and all. Got the miles back quickly, but they did tell me if the flights had been flown, there would be no way to get the miles back. And it's very annoying that Alaska doesn't have two-factor authentication (mind blowing in 2024), but they are looking into implementing it. Very annoying have to call them with my pin to unfreeze my account for an hour or so going forward.
This happened to me a couple months ago. Same exact story. Qatar redemption. If you log in using your browser the system will sometimes show the flights in your account. I don't understand how Alaska has not solved the 2FA already.
This happened to me in January 2024.
I flew from Shanghai(PVG) to Dallas(DFW), and to Los Angeles (LAX). I used the WIFI at the airport and the WIFI at the AA Lounge at DFW.
As soon as I arrived at LAX, I received two emails telling me that I redeemed two award tickets worth of 50000 miles. I immediately cancelled them and notified AS and changed the password. I suspected myself connecting to the wrong WIFI at PVG or AA Lounge at DFW
Happened to me too with my American Airlines Account. The hacker booked a flight with my miles from Columbus, OH to Phoenix. The tickets were booked with the Passenger name of Jude Adjei Barimah. American did investigate through their fraud department and did cancel the tickets before the flight occured.
To reestablish my American account, they closed out my account that I have had with them for 40 years and change my method of...
Happened to me too with my American Airlines Account. The hacker booked a flight with my miles from Columbus, OH to Phoenix. The tickets were booked with the Passenger name of Jude Adjei Barimah. American did investigate through their fraud department and did cancel the tickets before the flight occured.
To reestablish my American account, they closed out my account that I have had with them for 40 years and change my method of communication with another email address.
Remember the name JUDE ADJEI BARIMAH. More of these crooks need to be outed.
I once had all of my JetBlue miles stolen from my account, and the actual path the fraudsters used was having access to one of my email accounts which just happened to be the address I use for True Blue. So somehow they were able to get my True Blue login info through my email to access the account and redeem miles. JetBlue redeposited all of the stolen miles and I changed my email address...
I once had all of my JetBlue miles stolen from my account, and the actual path the fraudsters used was having access to one of my email accounts which just happened to be the address I use for True Blue. So somehow they were able to get my True Blue login info through my email to access the account and redeem miles. JetBlue redeposited all of the stolen miles and I changed my email address for that account and haven't had a problem since then.
It was also used on a Gulf/Middle Eastern airline, though I forgot which one it was. It was many years ago now.
I agree with you that airlines should send an email EVERY time miles are redeemed immediately. And a note about American Airlines - I occasionally have to book tickets for co-workers using my personal American account and I do not get the confirmation emails for their bookings when I do that. I wish AA would add that automatically too.
All well and good until Ford's picture id image files are hacked. Then there are much more severe consequences. That's why when my fb was hacked I didn't send my id to them. Hacked once will be hacked again.
If he hasn't already done it make sure all credit bureau files are frozen and only unlocked for at most a few days at a time for specific purposes.
Btw, skymiles has same issue of no...
All well and good until Ford's picture id image files are hacked. Then there are much more severe consequences. That's why when my fb was hacked I didn't send my id to them. Hacked once will be hacked again.
If he hasn't already done it make sure all credit bureau files are frozen and only unlocked for at most a few days at a time for specific purposes.
Btw, skymiles has same issue of no mfa.
And finally, for anyone who continues to do business with companies like these two, make sure to set reminders to change pw at least quarterly and make them as long as possible.
It still blows my mind that hasn’t been more adoption of passkeys which essentially would make this impossible. I believe it is only Hyatt who have deployed it to their accounts
This same exact thing happened to me Easter weekend 2024. Over 200,000 miles taken from my Alaska account and used to book tickets on Qatar Airways as well . Everything about it was strange and I feel like Alaska really dropped the ball on security. First, why was I not emailed about the redemption? There was no notice at all until the fraud unit emailed me. Second, the tickets booked were not airports I have...
This same exact thing happened to me Easter weekend 2024. Over 200,000 miles taken from my Alaska account and used to book tickets on Qatar Airways as well . Everything about it was strange and I feel like Alaska really dropped the ball on security. First, why was I not emailed about the redemption? There was no notice at all until the fraud unit emailed me. Second, the tickets booked were not airports I have ever been to likely will never be at. Alaska knows my home address! The flights were Toronto Canada to Dubai and Lagos Nigeria to Dubai. I'm in California and probably only fly internationally once ever ten years or longer. Everything about the award tickets seem like it should have been easy to catch.
The same thing just happened to me. The same flights too. Called up when I got a ping from qatar about a delay. I managed to get the tickets canceled while the thief was on a layover in Doha.
Ben,
Mine were stolen as well by a hacker from Nigeria, who attempted to book a one way business class ticket from Lagos to Montreal via Doha in Qatar business. Luckily, I caught it and had my miles restored. Still, I question how Alaska would allow someone with a different name and living in a different country to use my miles (and my credit card on file) without questioning it. I now have remove...
Ben,
Mine were stolen as well by a hacker from Nigeria, who attempted to book a one way business class ticket from Lagos to Montreal via Doha in Qatar business. Luckily, I caught it and had my miles restored. Still, I question how Alaska would allow someone with a different name and living in a different country to use my miles (and my credit card on file) without questioning it. I now have remove all credit cards on file and have a a freeze on my account that can only be unlocked with a PIN number
I once got a confirmation email from Chase that my UR points were cashed out to some random bank in Kansas. I quickly called Chase and notified them that I never authorized this transfer. What was odd is that Chase told me this type of transfer has to be done over the phone and a verbal password is required. Don't know how the person knew this info, but s/he did. Chase was able to restore the points.
One thing is not clear to me: when somebody hacks into my account and use my miles for tickets, the ticket can only be issued in my name. If the hacker wants to take a flight on my name, he needs to show his passport. And the gate agent makes sure that Ticket Name and Passport Name is the same.
Why would it only be booked in your name? It’s an award flight, not a flight credit.
Had a similar situation lost about 800k miles (which were eventually restored) Mine were used for a hotel room. After some sleuthing was able to determine who did it - some rando in Florida. Contacted the FBI/Alaska Air etc no one wanted to do anything about it. Kind of wild.
I had it happen twice this spring around the same time - air Canada and KLM flying blue.
The AC one was odd but I think by fluke I discovered it as it was happening and changed my password and the transaction reversed. But I still talked to their security people who were very helpful and set up 2 step authentication.
KLM wasn’t as easy and they tried to blame me, however, as...
I had it happen twice this spring around the same time - air Canada and KLM flying blue.
The AC one was odd but I think by fluke I discovered it as it was happening and changed my password and the transaction reversed. But I still talked to their security people who were very helpful and set up 2 step authentication.
KLM wasn’t as easy and they tried to blame me, however, as a ‘courtesy’ they reinstated the miles. I’d only recently gotten their credit card and was trying to rack up points, but I’d discovered how hard it is to redeem for flights, so with this bad customer service I’d decided to abandon that path and cleared out the points for merchandise.
The same happened to me. QR redemption out of my AS account. 110,000 miles taken. BIG NOTE: Alaska will NOT refund your husband's taxes that they put on his credit card. They will ask you to file a chargeback. Be advised. Check whatever credit card was on file with Alaska.
QR 1406 (as mentioned in the redemption screenshot) is from Lagos, Nigeria, to Doha, so I wouldn’t be surprised if the route was what tipped them off…
I agree that a confirmation email is a best practice, but it isn't necessarily sufficient. One time my inbox was suddenly flooded with about 1,500 messages, mainly newsletter signups. I googled the situation and learned that this is a technique that fraudsters use to obscure the security confirmations. I then searched my inbox for my name and found that buried in the 1,500 messages was a redemption confirmation from BA. Luckily I was still able...
I agree that a confirmation email is a best practice, but it isn't necessarily sufficient. One time my inbox was suddenly flooded with about 1,500 messages, mainly newsletter signups. I googled the situation and learned that this is a technique that fraudsters use to obscure the security confirmations. I then searched my inbox for my name and found that buried in the 1,500 messages was a redemption confirmation from BA. Luckily I was still able to access my account and was actually able to cancel the ticket (for someone in China) myself, get the miles back and change my password. I did alert BA to the fraud, and I've always wondered what happened when the person went to check in for their flight.
Same thing happened to me with AA about 8 years ago. THey flooded my email that way to keep me from noticing the emails from AA about changes being made to my account. However, I was still able to log in, and AA promptly restored my miles. I don't know what they did with the tickets - whether they canceled them or let them be to catch the fraudster. It took me over two years to finally get unsubscribed from most of the spam mailing lists they signed me up for.
Another here. Exactly the same on my AA account. But I did notice the redemption mails among the flood of spam. Reinstated, account changed completely, and they requested a police report.
Not having MFA available and not sending proper email notifications to the original mileage account is reckless. For a oneworld airline, they clearly need to hire better for their security team.
Lucky,
Any idea is they contacted Qatar and voided out the tickets? Obviously they know exactly what flight was booked, class of service and name of passenger. Seems like a logical step. Unfortunately may be someone that bought the ticket from an online travel agency. This is actually a pretty common scam to steal or otherwise access miles, book a ticket and sell it to an unsuspecting person. Then the thief gets their money and...
Lucky,
Any idea is they contacted Qatar and voided out the tickets? Obviously they know exactly what flight was booked, class of service and name of passenger. Seems like a logical step. Unfortunately may be someone that bought the ticket from an online travel agency. This is actually a pretty common scam to steal or otherwise access miles, book a ticket and sell it to an unsuspecting person. Then the thief gets their money and the person that, in good faith, thought they got a good deal on a ticket is left holding the bag. Another reason I only book directly with airlines.
AS wouldn't need to contact QR to void the tkts, they would be AS/027 issued; as long as they weren't flown, AS would suspend the ticket to prevent its use.
A lot (not all) buyers purchasing these tickets well know what they're getting into.
Having more than 230,000 miles in an account is not good. I am trying very hard to burn6 6 figure amounts of miles in each of 5 US airlines. I managed to burn only one, severely deplete two airlines to 20k and 40k miles, and have two more airlines to burn.
The pandemic caused me to lose elite status and also encouraged me to burn miles.
Hopefully, I will be able to burn the miles in the last 2 airlines before fraudsters hit.
Depends. If you’re a high earner/spender it can make sense to take advantage of transfer bonuses.
I’m certainly not in the right tax bracket to justify having 200k+ miles in a specific airline but I still understand it.
As others have mentioned, this is a case of spectacularly poor IT.
The very basic systems of alerting the user's email of any account changes (login credentials, contact info, redemptions and everything in-between) seem to have not been triggered here or were not adequately configured in the first place.
Giving the benefit of the doubt that basic account-holder security wasn't overlooked, it seems more than likely that this was done on the backend,...
As others have mentioned, this is a case of spectacularly poor IT.
The very basic systems of alerting the user's email of any account changes (login credentials, contact info, redemptions and everything in-between) seem to have not been triggered here or were not adequately configured in the first place.
Giving the benefit of the doubt that basic account-holder security wasn't overlooked, it seems more than likely that this was done on the backend, which is entirely possible considering how many people would have access to such at any large corporation.
Glad it worked out expediently. Since 270 million Americans' SSN numbers were recently compromised, this is relatively small potatoes and worse things could happen. But a pain nonetheless.
Curious why this rather than use 2FA to verify the identity each time? It would suck if there's some sort of IRROPs leaving huge hold times, and you can't get through to open up your account so you can book an amazing award.
Just happened to me. Very similar and I wonder if it was the same hacker or hacker group.
This was on Delta. In the morning there was a strange email confirming my account changes. What account changes. Then couldn't log in. When I called they said my email address was different and instantly suspended my account and then directed me to upload my ID to a customer using their Identity Verification Form.
Then...
Just happened to me. Very similar and I wonder if it was the same hacker or hacker group.
This was on Delta. In the morning there was a strange email confirming my account changes. What account changes. Then couldn't log in. When I called they said my email address was different and instantly suspended my account and then directed me to upload my ID to a customer using their Identity Verification Form.
Then I get a call from saying someone is trying to board a plane using over 100,000 of my miles in New York trying to fly to Texas insisting they are my partner. I said it's not me and the use of my account was fraudulent.
After uploading my ID, the Sky Miles service center restored my account and miles. I instantly changed my password on my Delta.
A week later, someone tried again to log in to my United account! Luckily they have 2 factor authentication and was able to log in and quickly change my password. I suspected they might have access to my email account and changed that password too.
Really scary stuff.
“Miles stolen” oh god, I thought you were talking about your son!!
Hahahhahahahahahahhaha nice one
It would be good to give pointers on using stronger passwords. For instance:
https://www.betterbuys.com/estimating-password-cracking-times/
Nobody is password cracking frequent flier accounts when there’s much easier ways in.
While the situation Ben describes doesn’t sound like it, most commonly when credentials get mass stolen somewhere, thieves try the same email password combinations in lots of sites to victimize the idiots who use the same password everywhere.
I'm thinking it's not someone managing to login to your account. For one thing you can see log in activity. Alaska contacted you directly which leads me to suspect the breach is within their IT system. And given you didn't receive emails about the flight reservation it feels like its a backend transaction meaning someone who has internal access did this. These companies outsources so much work and does such a poor job of securing...
I'm thinking it's not someone managing to login to your account. For one thing you can see log in activity. Alaska contacted you directly which leads me to suspect the breach is within their IT system. And given you didn't receive emails about the flight reservation it feels like its a backend transaction meaning someone who has internal access did this. These companies outsources so much work and does such a poor job of securing the access I'm not at all surprise. Airlines are also to blame for their lack of security expertise. They spend their resources telling you how much they care about you but turn around and do nothing partly because of their ineptitude. Their systems should automatically notify all devices of large transactions not just from the booking perspective but from the perspective of a internal database transaction. It is absolutely possible to do. Airlines won't want to because it would expose their awful infrastructure. It's what I used to do to bust lazy awful engineers not doing their job. I was hated by entire departments but people stop trying to play games around me.
RE: I try to constantly track mileage balances by using AwardWallet. I usually refresh all account balances about once a week...
Ben, I was just wondering if you prefer manually updating your Award Wallet accounts rather than having them do it automatically. In the past, AW has reminded me about expiring awards and certificates, which I might have missed if I had updated the accounts myself, but perhaps there's value in being vigilant and manually...
RE: I try to constantly track mileage balances by using AwardWallet. I usually refresh all account balances about once a week...
Ben, I was just wondering if you prefer manually updating your Award Wallet accounts rather than having them do it automatically. In the past, AW has reminded me about expiring awards and certificates, which I might have missed if I had updated the accounts myself, but perhaps there's value in being vigilant and manually checking once a week. What do you recommend?
"Different" password as in only changing a few numbers or letters or a totally unique password?
Either one is good enough to prevent the majority of attacks.
I checked my Alaska account but can't see an option to add a security PIN. I guess that option is not for the general public (yet)?
This exact same thing happened to me recently. You have to call in to add a security pin when redeeming any miles. You can also request for how long of a "window" to keep your account open for redemptions before it locks again and have to call in again.
This same exact thing happened to me about 4 months ago, Although all that was taken was around 25k miles to book an economy ticket from PHX to LAX on AA (terrible redemption which made me even angrier). I got my miles back too, and although they gave me a pin I haven’t really had to use it as my tickets get delivered albeit a bit delayed.
I think another unrelated account with my...
This same exact thing happened to me about 4 months ago, Although all that was taken was around 25k miles to book an economy ticket from PHX to LAX on AA (terrible redemption which made me even angrier). I got my miles back too, and although they gave me a pin I haven’t really had to use it as my tickets get delivered albeit a bit delayed.
I think another unrelated account with my same user name and password was hacked and the hackers used those credentials to try different accounts. Weirdly enough what tipped me off was one evening around 6pm I got a flood of junk emails and in the very middle of that attack I saw a flight confirmation booking. Weird they didn’t change the email address when they hacked the account.
Anyway, Alaska is long overdue for a multi factor upgrade. I’m surprised it’s taken this long but their tech has always been a little behind. Being a Seattle company it’s probably not the best to rely so much on Microsoft and Boeing considering they’ve made news recently for outages and defects.
This scares the crap out of me.
I've got about 1.5 million Aeroplan points and am just waiting to receive such an email.
Still trying to figure out a rtw trip in/out of ATL
Aeroplan has 2FA, it's annoying to use every time you login, but worth the peace of mind
Agreed, but I still am wary
Fraudsters are getting better and better but some are still very stupid. Not airline related but last week someone cloned my Amex credit card. That happened before but this time the fraudsters did something I haven't seen before. Someone use dry credit card to shop online. However, they shopped using my email so I received their order confirmations on my email. To make things even more interesting, the emails had my name, my email address,...
Fraudsters are getting better and better but some are still very stupid. Not airline related but last week someone cloned my Amex credit card. That happened before but this time the fraudsters did something I haven't seen before. Someone use dry credit card to shop online. However, they shopped using my email so I received their order confirmations on my email. To make things even more interesting, the emails had my name, my email address, the details of the purchases BUT a different shipping address. Well, fraudsters were dumb because having the order number and email address I was able to cancel all the orders before the items were shipped. I also blocked my Amex card and since the transactions were still pending, Amex cancel them and replaced my card. Good try!
And if the police were interested, you could have given them the shipping address.
But they are not.
Fraudster could have changed email and then changed it back, just saying...
But hopefully Alaska automatically sends a notification email to the "old" email address when this is done (standard practice), to address this issues.
I don't get why airlines can't catch these people easily just by getting the passenger info of the fraudulent booking. Yes, I get that maybe it's a 3rd party who is to blame, but the passenger is still somewhat culpable (receiving stolen goods), and thus their cooperation could help catch the culprits.
I'm glad that you and Ford caught the fraudulent reward flights in time. Oooof.
Yikes! This is a real mystery! Some months ago, I read about someone else getting miles stolen from their Alaska mileage plan account, so I changed my password on mine. I guess I'll just keep changing my password once in a while to hopefully prevent anyone from hacking my account!!
Changing passwords won't help if the breach is beyond that gateway. Ie someone bypassing the login altogether
Yes, I had exactly the same thing happen to my Alaska account a couple of years ago. Having PIN on the account is a pain, because I cannot book anything online without first calling a special number to unlock my account, and it's not open 24 hours. Not only booking a new award requires a PIN, but also changing an existing award because it works as redeposit and rebook behind the scenes, and the rebook part required an unlocked account.
it is so irresponsible for AS to not email the original email a copy for redemptions. Again, the fantastic AS IT strikes again. Even AV sends at least 1 email to the account despite them not being able to provide e-tickets.
Also, for anyone wondering, the redemptions are on QR for Lagos, Nigeria. Seems like fraud is rampant in not just China, but also parts of Africa too.
In Europe, Nigeria is more famous for scams and fraud in general than is China.