Aug 22, 2015, 2:16 pm
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
Aug 23, 2015, 3:50 pm
#31
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
The passenger in this case purchased a virtually last second F ticket TPAC. Not that people don't do it, but it's the sort of stuff which gets CBP and other DHS agencies sniffing around a bit. Not that people don't buy walkup tickets, but through a ticket broker at presumably a hefty discount?
Aug 23, 2015, 3:58 pm
#32
Join Date: Dec 2005
Location: California
Programs: AA EXP...couple hotels and cars too
Posts: 4,548
AA corp security seems to be a 9-5, M-F Dallas time gig.
How many people in the 'my account is locked' thread are told 'call when they are open'.
Sounds like Mr. B and crew have not gotten to this, only the weekenders.... (edit or their priority is selling miles not stealing miles?
yeah, cheap shot)
It is perplexing they didnt shut the account down at first blush. (Although Gardyloo did establish his bona fides I guess....) I'd likewise want to be assured that AA/CX ops management and LEO are meeting the flight as craz suggests.
Given the abrupt ticketing - as I recall this was originally LAX TO HKG tonight, now a last minute 'jump on a free F to the USA', I think the odds the person flying is innocent are lower.
How many people in the 'my account is locked' thread are told 'call when they are open'.
Sounds like Mr. B and crew have not gotten to this, only the weekenders.... (edit or their priority is selling miles not stealing miles?
yeah, cheap shot)It is perplexing they didnt shut the account down at first blush. (Although Gardyloo did establish his bona fides I guess....) I'd likewise want to be assured that AA/CX ops management and LEO are meeting the flight as craz suggests.
Given the abrupt ticketing - as I recall this was originally LAX TO HKG tonight, now a last minute 'jump on a free F to the USA', I think the odds the person flying is innocent are lower.
Last edited by Exec_Plat; Aug 23, 2015 at 5:46 pm
Aug 23, 2015, 4:17 pm
#33
A FlyerTalk Posting Legend
Join Date: Jan 2002
Posts: 44,574
AA is pretty canny about this stuff.
I'd imagine it usually begins with the CX agent saying "Mr. Blftzpk? There are a couple of gentlemen who would like to speak with you." And btw, this already happened...
But how it happened is puzzling; AA Corporate Security / AAdvantage Fraud is usually up to snuff on this stuff, but I'm really unsure what happens when another airline is involved.
Maybe a "warm welcome" by members of the HKPF? Cathay Pacific was defrauded, too.
I'd imagine it usually begins with the CX agent saying "Mr. Blftzpk? There are a couple of gentlemen who would like to speak with you." And btw, this already happened...
But how it happened is puzzling; AA Corporate Security / AAdvantage Fraud is usually up to snuff on this stuff, but I'm really unsure what happens when another airline is involved.
Maybe a "warm welcome" by members of the HKPF? Cathay Pacific was defrauded, too.
I am surprised at the situation since I thought that AA , although very bad at data protection and security of accounts/passenger details , did at least require that payment for award flights be paid for on a credit card in the name of the account holder
Unless the person involved has the same name as the victim, how come AA issued a ticket?
Aug 23, 2015, 4:33 pm
#34
Join Date: Dec 2005
Location: California
Programs: AA EXP...couple hotels and cars too
Posts: 4,548
Aug 23, 2015, 4:53 pm
#35
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
...I am surprised at the situation since I thought that AA , although very bad at data protection and security of accounts/passenger details , did at least require that payment for award flights be paid for on a credit card in the name of the account holder
Unless the person involved has the same name as the victim, how come AA issued a ticket?
Unless the person involved has the same name as the victim, how come AA issued a ticket?
Aug 23, 2015, 5:20 pm
#36
Join Date: Jun 2013
Location: IL
Programs: AA PLT, HYT PLT
Posts: 211
Not really flying related, but if not already done, you should be doing a thorough scan of your computer/phone/home network. It is possible someone has remote access and/or a keylogger on whatever you have been using to go through your credit, travel, and email accounts.
Aug 23, 2015, 5:35 pm
#37
FlyerTalk Evangelist
Join Date: May 2015
Location: BOS, YVR, ZRH
Programs: *G
Posts: 17,392
This reads like a movie plot... eagerly awaiting updates. I hope someone is waiting for them for sure. How did they re-hack the account if you changed passwords and everything? If they were able to do that so quickly despite changing passwords they might be in your system, I agree with mialink.
Maybe wipe your drive and re-install cleanly, upgrade to Windows 10 anyway!
Maybe wipe your drive and re-install cleanly, upgrade to Windows 10 anyway!
Aug 23, 2015, 5:57 pm
#38
Moderator, OneWorld
Original Poster
Join Date: Feb 2002
Location: SEA
Programs: RAA RIP; AA ExEXP
Posts: 11,797
AA corp security seems to be a 9-5, M-F Dallas time gig.
How many people in the 'my account is locked' thread are told 'call when they are open'.
Sounds like Mr. B and crew have not gotten to this, only the weekenders....
It is perplexing they didnt shut the account down at first blush. I'd likewise want to be assured that AA/CX ops management and LEO are meeting the flight as craz suggests.
Given the abrupt ticketing - as I recall this was originally LAX TO HKG tonight, now a last minute 'jump on a free F to the USA', I think the odds the person flying is innocent are lower.
How many people in the 'my account is locked' thread are told 'call when they are open'.
Sounds like Mr. B and crew have not gotten to this, only the weekenders....
It is perplexing they didnt shut the account down at first blush. I'd likewise want to be assured that AA/CX ops management and LEO are meeting the flight as craz suggests.
Given the abrupt ticketing - as I recall this was originally LAX TO HKG tonight, now a last minute 'jump on a free F to the USA', I think the odds the person flying is innocent are lower.
It is possible that AA may liaise with CX to address this; I cannot see that Cathay Pacific has been defrauded ; AA is surely liable to pay CX for the ticket it issued and had a pasenger fly
I am surprised at the situation since I thought that AA , although very bad at data protection and security of accounts/passenger details , did at least require that payment for award flights be paid for on a credit card in the name of the account holder
Unless the person involved has the same name as the victim, how come AA issued a ticket?
I am surprised at the situation since I thought that AA , although very bad at data protection and security of accounts/passenger details , did at least require that payment for award flights be paid for on a credit card in the name of the account holder
Unless the person involved has the same name as the victim, how come AA issued a ticket?
Not really flying related, but if not already done, you should be doing a thorough scan of your computer/phone/home network. It is possible someone has remote access and/or a keylogger on whatever you have been using to go through your credit, travel, and email accounts.
Aug. 20, Thursday: Someone gains access to my FF account number and password - no idea how. They go into it and change the contact email address, mailing address, contact phone number, but not, evidently, the account password. Then they register a Visa card (not mine) to the account. Then they redeem miles for three tickets - one way in J YYZ-HKG, one way in F, HKG-LAX, and a third in F, LAX-HKG. The LAX-HKG flight was for last night (Aug. 22).
Aug. 22, Saturday. Around 9 AM Pacific, I log onto my account - it gets there with my old password, but I immediately notice that my account is shy around 200,000 miles from where it was last time I looked. I scroll down to "recent activity" and here are the three redemptions mentioned above. I also see an email address I don't recognize.
I phone AA (Gold line since that's my lowly lifetime status) and want to talk to AAdvantage Customer Service. But the robot tells me they're closed, call back Monday. So I call back anyway and get to a reservation agent, to whom I explain the situation. I then get sent through a couple of periods of lovely recorded music until I get to someone in the "fraud" department. I don't ask if it's credit card fraud or some other kind.
Anyway, by some means this person gets to my AAdvantage account, and over the next hour I get the tickets canceled and the miles put back, and am walked through a process to cleanse my account online - new password, new email, blah blah. I do all that. I'm told to phone ACS Monday to get my account number changed. Okay, I'm hassled and freaked, but that seems to be that.
Aug. 23, Sunday. This morning I log onto AA.com, but, whoops, it doesn't recognize my (new) password. I go through the same drill on the phone, first speaking to a nice but clueless lady in some call center on another continent (I think) who drops the ball and I'm listening to a dial tone. Okay, try again, and this time I get to an agent who looks up the account and sees that everything seems to have reverted to yesterday's status quo ante - a Florida billing address, a different email and phone number, and a new password. Meanwhile, a fourth ticket has been redeemed, this one for a first class seat on CX 880 (HKG-LAX) that has already departed. That ticket was bought with miles sometime on the 22nd, but they can't see the point of sale or the time.
This agent then sends me first to some online security person, who then sends me to the fraud unit (credit card fraud) who, when I tell them it wasn't my credit card that was used for the $56 in taxes, says at first, "Oh, well maybe I'm not the right person." After a lengthy hold, I'm told that the ticket has been used and that I'll have to wait until Monday to undo everything through ACS. He's a nice enough guy (in Phoenix, by the way) but can't do anything to help me straighten out my account. He does say that he'll "pass along" the information about the person sitting in a comfy chair halfway across the Pacific. What happens when that person gets to TBIT, I have no idea. Again, "Call ACS on Monday, or probably someone there will phone you." I wonder to what number.
I just hope that somebody else isn't flying tonight using my miles, but I have no way of knowing.
Aug 23, 2015, 6:56 pm
#41
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Aug 23, 2015, 7:23 pm
#44
Join Date: Nov 1999
Location: St. Louis, MO - AA PLT/2.98MM (Lifetime PLT), Delta PM, SPG Gold, AMEX Plat
Programs: TW Elite (RIP), CO OnePass
Posts: 1,923
Aug 23, 2015, 7:29 pm
#45
Moderator, OneWorld
Original Poster
Join Date: Feb 2002
Location: SEA
Programs: RAA RIP; AA ExEXP
Posts: 11,797
I have to think, however, that there should be some sort of fail-safe to prevent an interloper in possession of the password changing everything in the account without some sort of call-back or email notification to an alternate email account, or a text to my cell phone (which AA has on file for flight notifications) when wholesale changes are being made to the account. And maybe some kind of flag that alerts somebody regarding big redemptions being made the same day that so many entries in the account profile have been changed. Remember this is CX we're talking about, so somebody had to speak to an AA rep in the process. Twice.