Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > American Airlines | AAdvantage
Reload this Page >

Account fraud / breach: my account compromised, awards taken, etc.

Old Aug 22, 2015, 2:16 pm
FlyerTalk Forums Expert How-Tos and Guides
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.

For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).

If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.

To help protect your account, be sure
  • Have a strong, protected and secure password
  • check your account periodically
  • be aware and keep track of your transactions
  • control or destroy documents such as boarding passes
  • use antivirus software- if your personal computer is hacked they can gain control of your AA account
  • Be very wary of logging into your account on public computers, like at internet cafs or the hotel business center, where keystroke loggers could be installed

If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):

Dear JDiver,

Thanks for visiting AA.com. This email confirms that your account has been updated as follows.

Your contact information has been updated, but is not included in this e-mail for the security of your account.

If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.

If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.

If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.

AA.com
American Airlines
Print Wikipost

Account fraud / breach: my account compromised, awards taken, etc.

Old Aug 22, 2015, 12:06 pm
  #1  
Moderator, OneWorld
Original Poster
 
Join Date: Feb 2002
Location: SEA
Programs: RAA RIP; AA ExEXP
Posts: 11,756
Account fraud / breach: my account compromised, awards taken, etc.

Just got off the phone with AA canceling three tickets redeemed using my miles, first class LAX-HKG and HKG-LAX and one business class YYZ-HKG, all on CX metal. Not only did they use my AAdvantage account, but they managed to change the address and contact phone number too (to someplace in Clearwater FL.) The LAX-HKG flight departs later today; I hope someone has a nice long visit with the CX people and/or LAWA cops.

Knowing that you have to use the phone to book CX awards, I'm perplexed that somebody at AA didn't smell a rat when my address and phone numbers were being changed, and a credit card not in the system (mine weren't touched) was used for the taxes.

Of course, as it's Saturday I had to do all the fixing with somebody in the reservations group as AAdvantage Customer Service is closed on the weekend. I got the miles reinstated but am seriously pissed, and a little concerned, as to what else is going on.
gatemando likes this.
Gardyloo is offline  
Old Aug 22, 2015, 12:14 pm
  #2  
Suspended
 
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Wow, very disturbing, glad you caught it.

With regard to the below, though, not sure I get that part-- wouldn't it be clear that they your address and phone # were changed on-line and -then- the award was booked over the phone?

Originally Posted by Gardyloo
...Knowing that you have to use the phone to book CX awards, I'm perplexed that somebody at AA didn't smell a rat when my address and phone numbers were being changed...
JonNYC is offline  
Old Aug 22, 2015, 12:21 pm
  #3  
Moderator: American AAdvantage
 
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Matre-plongeur des Muccis
Posts: 62,948
Very nasty stuff!

I'd wonder how they got access first of all - FFN, LNAME and password - and take some actions (stronger password, maybe ask to migrate to a new account with all your data). I'm guessing they may have broken into your account first to make some changes and then called to book the awards.

I think when I change account info I get an email stating something (address, etc.) has been changed. Be sure your email address is current - do everything you can to regain complete control of your AAdvantage accounts.

I do hope the traveler is intercepted and dealt with appropriately- they may have thought they were getting a deal for a low price, or been part of the scam. I'm hoping their journey is sorely interrupted.

And if an AA employee made all the changes and awards, I'd suspect terminal stupidity - or collusion. I hope AA can see how the changes were made.

I'm glad you were smart, catching this quickly and getting these thefts reversed. How did you ascertain you'd had award miles stolen to begin with? That knowledge might serve others.

Last edited by JDiver; Aug 22, 2015 at 12:29 pm
JDiver is offline  
Old Aug 22, 2015, 12:30 pm
  #4  
Suspended
 
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Originally Posted by JDiver
...I do hope the traveler is intercepted and dealt with appropriately- they may have thought they were getting a deal for a low price, or been part of the scam. I'm hoping their journey is sorely interrupted.
I think that's a virtual certainty-- that the traveling party didn't know (despite maybe they should have, arguably) that they were traveling on stolen miles. The tickets were sold to them, as in.
JonNYC is offline  
Old Aug 22, 2015, 12:32 pm
  #5  
 
Join Date: May 2013
Location: LHR
Programs: AA EXP, DL DM, Marriott Titanium
Posts: 1,027
Originally Posted by Gardyloo
Just got off the phone with AA canceling three tickets redeemed using my miles, first class LAX-HKG and HKG-LAX and one business class YYZ-HKG, all on CX metal. Not only did they use my AAdvantage account, but they managed to change the address and contact phone number too (to someplace in Clearwater FL.) The LAX-HKG flight departs later today; I hope someone has a nice long visit with the CX people and/or LAWA cops.

Knowing that you have to use the phone to book CX awards, I'm perplexed that somebody at AA didn't smell a rat when my address and phone numbers were being changed, and a credit card not in the system (mine weren't touched) was used for the taxes.

Of course, as it's Saturday I had to do all the fixing with somebody in the reservations group as AAdvantage Customer Service is closed on the weekend. I got the miles reinstated but am seriously pissed, and a little concerned, as to what else is going on.
Re: the card, if the hacker(s) got ahold of your address, it wouldn't be terribly hard to then buy a prepaid Visa/Mastercard/Amex with enough $ on it to cover the taxes and register it in your name/address.
taxicabnumber is offline  
Old Aug 22, 2015, 12:32 pm
  #6  
Moderator, OneWorld
Original Poster
 
Join Date: Feb 2002
Location: SEA
Programs: RAA RIP; AA ExEXP
Posts: 11,756
Originally Posted by JonNYC
Wow, very disturbing, glad you caught it.

With regard to the below, though, not sure I get that part-- wouldn't it be clear that they your address and phone # were changed on-line and -then- the award was booked over the phone?
Originally Posted by JDiver
Very nasty stuff!

I'd wonder how they got access first of all - FFN, LNAME and password - and take some actions (stronger password, maybe ask to migrate to a new account with all your data). I'm guessing they may have broken into your account first to make some changes and then called to book the awards.

I think when I change account info I get an email stating something (address, etc.) has been changed. Be sure your email address is current - do everything you can to regain complete control of your AAdvantage accounts.

I do hope the traveler is intercepted and dealt with appropriately- they may have thought they were getting a deal for a low price, or been part of the scam. I'm hoping their journey is sorely interrupted.

I'm glad you were smart, catching this quickly and getting these thefts reversed.
It could well be that they changed everything online, including my contact email address, before booking the tickets, which was all done the day before yesterday.

Believe me, I'm going to do everything I can to protect my accounts, but I'm still puzzled how they got my AA number and password for the old account, in order to change the contact info. Unfortunately, I guess I'll have to wait until Monday to talk to anybody about this. Has there been any mention of cybersecurity glitches during the AA/US melding?
Gardyloo is offline  
Old Aug 22, 2015, 1:26 pm
  #7  
 
Join Date: Dec 2005
Location: California
Programs: AA EXP...couple hotels and cars too
Posts: 4,548
Scary stuff....

In terms of "mentions" of cybersecurity breaches... My son is a software engineer at a large SW entity. They are proud that they are currenty at "zero disclosable security breaches". They know it is only a matter of time. But I did find the qualifier interesting.
Exec_Plat is offline  
Old Aug 22, 2015, 1:49 pm
  #8  
 
Join Date: Dec 2005
Location: California
Programs: AA EXP...couple hotels and cars too
Posts: 4,548
Originally Posted by Gardyloo

The LAX-HKG flight departs later today; I hope someone has a nice long visit with the CX people and/or LAWA cops.

.
In the 'its a small world' category, will be interesting to see if anyone posts an "I got screwed by a ticket broker" thread in the next few days.

As we've read elsewhere, AA will likely have someone question the passenger on arrival. (Or would the wait until they attempt to board the return, which is a tactic they've used before.... doubt this.) I wonder if they are leaving the booking intact in order to be able to have face to face contact...would be an interesting chat.
Exec_Plat is offline  
Old Aug 22, 2015, 1:56 pm
  #9  
FlyerTalk Evangelist
 
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Yes, given the traveller is probably a victim as well, shutting this down as quickly as possible is the better solution. I doubt the "broker" here has left any bread crumbs to their identity but maybe the buyer can give some insights how to find the person. We can only hope they get stopped before one of our accounts get tapped. In the mean time, keep tabs on your account balance and any unwarranted activity.
RogerD408 is offline  
Old Aug 22, 2015, 2:19 pm
  #10  
Moderator: American AAdvantage
 
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Matre-plongeur des Muccis
Posts: 62,948
I think the topic is significantly different from issues about account closures and airline allegations of fraud this has been split off from that thread. Both threads are cross-referenced with links in the wiki.

/Moderator
JDiver is offline  
Old Aug 22, 2015, 3:39 pm
  #11  
Suspended
 
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Originally Posted by Gardyloo
It could well be that they changed everything online, including my contact email address, before booking the tickets, which was all done the day before yesterday.

Believe me, I'm going to do everything I can to protect my accounts, but I'm still puzzled how they got my AA number and password for the old account, in order to change the contact info. Unfortunately, I guess I'll have to wait until Monday to talk to anybody about this. Has there been any mention of cybersecurity glitches during the AA/US melding?
Glad you're on top of it. Was your password one that's associated with a lot of different stuff of yours (other accounts, etc) and over a very long term?

In any case, those are highy unusual awards for a hack then sell, definitely not the kind of routes one usually sees on those. Great that you caught it when you did.
JonNYC is offline  
Old Aug 22, 2015, 4:33 pm
  #12  
Moderator, OneWorld
Original Poster
 
Join Date: Feb 2002
Location: SEA
Programs: RAA RIP; AA ExEXP
Posts: 11,756
Originally Posted by JonNYC
Glad you're on top of it. Was your password one that's associated with a lot of different stuff of yours (other accounts, etc) and over a very long term?
This troubled me hugely when I discovered it, and I am rapidly checking activity on each and every password-protected site/program I use. I'm treating this as a candidate for identity theft, and, while I haven't found any other obvious instances of such, I'm changing passwords and having credit cards that might be at risk canceled and new ones sent. To say this has put a damper on my Saturday is an understatement.

A few years ago I got an email from Citibank asking if I was traveling from Heathrow to Nairobi in business class that evening. I was in the Admirals Club at LHR at the time, and thought, "Wow, that's strange."

I traced the card hack back to a bookshop right in the T3 shopping mall where my wife had bought some bodice-ripper paperback not an hour previously. Obviously somebody had skimmed the card while she was buying the book. This s*it happens quick, believe me.
Gardyloo is offline  
Old Aug 22, 2015, 4:45 pm
  #13  
Suspended
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
Whether this is a one-off hacker creating some free tickets for himself or a hacker selling account access to a ticket broker, the carriers don't know and thus almost never alert the passenger.

AA has alerted CX and CX will chat the pax up if they show up.
Often1 is offline  
Old Aug 22, 2015, 5:02 pm
  #14  
Moderator: American AAdvantage
 
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Matre-plongeur des Muccis
Posts: 62,948
Originally Posted by Often1
Whether this is a one-off hacker creating some free tickets for himself or a hacker selling account access to a ticket broker, the carriers don't know and thus almost never alert the passenger.

AA has alerted CX and CX will chat the pax up if they show up.
I'd love to be a "fly on the wall" at the Cathay counter in TBIT... and they'll have an empty seat in F for an upgrade or last minute flyer, too!
JDiver is offline  
Old Aug 22, 2015, 7:57 pm
  #15  
 
Join Date: Dec 2010
Location: JFK
Programs: AA EXP/CK 2M+
Posts: 540
Wow. Glad you caught it.
phil_flyer is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.