Originally Posted by
corporate-wage-slave
From previous reports, BAEC does try to recover the Avios, but they are often used on very short term bookings which may be difficult to call in. So things like hotel stays in China for the same day as the theft. I would doubt that a big heist like this will be spent immediately. That said, typically the Avios holder won't hear very much other than "your account is now frozen" and "your Avios have been returned and your account reopened". BAEC sometimes create a new BAEC account number.
The hundreds of spam emails to disguise the event is totally typical, and is indicative of a "factory" somewhere working methodically, rather than an individual thief.
The key change I would like to see is that if there is an email address change that that no new spend can be done for say 1 week, and that an email address change will also trigger an audit of anything happening in the next week. Then people will need to be aware that changing email addresses needs to be done carefully and at the right time.
hi. CWS
I think the key issue here if you dont mind me saying is BA systems or lack of it. In my experience it’s rather rigid. It’s an archaic system that accepts the compromise but insists using an email, existing, previous or compromised to send to the account (fraudulent or otherwise ) holder ? that needs to be reset and needs thus personal intervention if wrong which in the the case of fraud is and needs further escalation - if that makes sense? So it must be escalated. I’m in agreement, if you go through data protection in the first place it should be largely negated and straightforward to reset.
BTW I didn’t find that mouse treading your week about audit at didsbury 😂