Aug 22, 2015, 2:16 pm
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
Sep 19, 2015, 3:52 pm
#271
Join Date: Dec 2003
Location: NYC
Posts: 6,436
The usual issues are that people don't protect their accounts with sufficiently strong passwords or that the server side doesn't follow proper procedure. For example, http://www.pcworld.com/article/29829...-to-crack.html
Using the cloud to sync passwords risks some getting copy of the password file.
If you want absolute safety, don't use the internet.
Sep 19, 2015, 4:22 pm
#272
Join Date: Sep 2009
Location: Global
Posts: 5,998
I admit I do not understand.
To me it seems straight forward, a person had their account hacked and AA acted like the person was at fault.
I also admit, grey areas are a bit of a mystery to me, so it is entirely possible that I am missing something, but I am unsure of what I am missing.
It seems to me that a person who had their account hacked cannot be at fault and AA should be cognizant of that, however I accept your answer that this situation is special and not usual, but I am unsure how.
To me it seems straight forward, a person had their account hacked and AA acted like the person was at fault.
I also admit, grey areas are a bit of a mystery to me, so it is entirely possible that I am missing something, but I am unsure of what I am missing.
It seems to me that a person who had their account hacked cannot be at fault and AA should be cognizant of that, however I accept your answer that this situation is special and not usual, but I am unsure how.
Last year, one study says half of all US adults were hacked in the last 12 months.
Target - 40 million credit card numbers + 70 million addresses, phone numbers, etc.
Snapchat - 5 million user accounts hacked.
Adobe - 33 million users accounts hacked.
AOL - a “significant number” of its 120 million accounts were taken over.
eBay - data from all 145 million of the site’s users
The idea that airlines are immune to this type of hack, or limited to a 'special' or one off circumstance, is obtuse thinking.
Sep 19, 2015, 4:44 pm
#273
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Sep 19, 2015, 5:10 pm
#274
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
If this happened regularly or to many customers or if it generated a lot of publicity (national news for an extended period, not a few hundred posts here) or if it lost them significant business, AA would likely change their procedures. For a one-off incident involving one person? Highly unlikely. That's just not how thing work.
Sep 19, 2015, 6:39 pm
#275
Join Date: Aug 2010
Location: LAX
Programs: AA Lifetime Gold but PlatPro thanks to LPs
Posts: 4,439
I admit I do not understand.
To me it seems straight forward, a person had their account hacked and AA acted like the person was at fault.
I also admit, grey areas are a bit of a mystery to me, so it is entirely possible that I am missing something, but I am unsure of what I am missing.
It seems to me that a person who had their account hacked cannot be at fault and AA should be cognizant of that, however I accept your answer that this situation is special and not usual, but I am unsure how.
To me it seems straight forward, a person had their account hacked and AA acted like the person was at fault.
I also admit, grey areas are a bit of a mystery to me, so it is entirely possible that I am missing something, but I am unsure of what I am missing.
It seems to me that a person who had their account hacked cannot be at fault and AA should be cognizant of that, however I accept your answer that this situation is special and not usual, but I am unsure how.
Look at it this way:
People call in saying "My account was hacked and miles were taken out without my authorization."
X% are honest.
Y% are dishonest, and in cahoots with the mileage broker/hacker/passenger.
What do you do to protect the honest account holder and protect the airline from the dishonest account holder?
1. Freeze the account so no one can access the miles. The account holder, the hacker or the mileage broker are all equally locked out.
2. Ask the account holder to report the theft to the police, thus signing a legal document in front of a Law Enforcement Officer under penalty of perjury, and ask the account holder to sign further affidavits.
3. Investigate further, such as past history of the account holder, history of the passenger, passenger's statements as to the origin of the ticket ("I got it from an on-line travel agent called Bogus Travel"), video recordings, etc.
The honest account holder will sign legal documents immediately, as they have nothing to lose.
The dishonest account holder will be in another level of hurt, should they sign legal documents, followed by their buddy ratting them out and proving them guilty of perjury. Then it becomes a court case, complete with discovery of bank accounts, money transfer, etc.
From the messages in this thread, I think AA handled it correctly. They froze the account, asked for legal documentation, and upon receipt unfroze the account and restored the stolen miles. We have no way of knowing how they are going after the passenger and/or the mileage broker and/or hacker. My best guess is they are dunning the passenger for the full value of the ticket "purchased" with stolen miles.
But, then, what do I know?
Sep 19, 2015, 7:14 pm
#276
FlyerTalk Evangelist
Join Date: Nov 2004
Location: Melbourne
Programs: ►QFWP/LTG►VA WP►HyattExpl.►HiltonGold►ALL Silver
Posts: 21,995
...
What do you do to protect the honest account holder and protect the airline from the dishonest account holder?
1. Freeze the account so no one can access the miles. The account holder, the hacker or the mileage broker are all equally locked out.
2. Ask the account holder to report the theft to the police, thus signing a legal document in front of a Law Enforcement Officer under penalty of perjury, and ask the account holder to sign further affidavits.
3. Investigate further, such as past history of the account holder, history of the passenger, passenger's statements as to the origin of the ticket ("I got it from an on-line travel agent called Bogus Travel"), video recordings, etc.
...
What do you do to protect the honest account holder and protect the airline from the dishonest account holder?
1. Freeze the account so no one can access the miles. The account holder, the hacker or the mileage broker are all equally locked out.
2. Ask the account holder to report the theft to the police, thus signing a legal document in front of a Law Enforcement Officer under penalty of perjury, and ask the account holder to sign further affidavits.
3. Investigate further, such as past history of the account holder, history of the passenger, passenger's statements as to the origin of the ticket ("I got it from an on-line travel agent called Bogus Travel"), video recordings, etc.
...
Such variance would include possible unlocking the account while "2" is in progress.
Imagine if the OP had been EXP with an existing transatlantic booking 10 days ago and being barred from using already confirmed upgrades to the travel through no fault of their own.
Sep 19, 2015, 11:02 pm
#277
FlyerTalk Evangelist
Join Date: Jan 2007
Location: BOS/UTH
Programs: AA LT PLT; QR GLD; Bonvoy LT TIT
Posts: 12,764
I'm curious, -- what would you have done differently to achieve a speedier resolution?
Excellent. Never hurts to be nice and make someone else feel good.
When someone is murdered, the first suspect that the police investigate and rule in/out is the spouse or significant other.
Excellent. Never hurts to be nice and make someone else feel good.
When someone is murdered, the first suspect that the police investigate and rule in/out is the spouse or significant other.
Sep 19, 2015, 11:49 pm
#278
In memoriam
Join Date: Aug 1999
Location: Danville, CA
Programs: AA EXP - UA *G MM - HH Diamond - Hertz PC
Posts: 3,242
From the messages in this thread, I think AA handled it correctly. They froze the account, asked for legal documentation, and upon receipt unfroze the account and restored the stolen miles. We have no way of knowing how they are going after the passenger and/or the mileage broker and/or hacker. My best guess is they are dunning the passenger for the full value of the ticket "purchased" with stolen miles.
Sep 20, 2015, 7:58 am
#279
Join Date: Sep 2009
Location: Global
Posts: 5,998
The one place where the ball seemed to get dropped was after the OP realized the fraud was taking place and changed his password, AA allowed the password to be changed again and similar tickets to be once again issued. You would expect at the very least once the red flag was raised the account would have been either immediately locked, or at the very least, flagged.
Sep 20, 2015, 8:55 am
#280
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
The one place where the ball seemed to get dropped was after the OP realized the fraud was taking place and changed his password, AA allowed the password to be changed again and similar tickets to be once again issued. You would expect at the very least once the red flag was raised the account would have been either immediately locked, or at the very least, flagged.
Sep 20, 2015, 9:13 am
#281
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Based on your posts in this thread-- a hell of a lot! @:-)@:-)
Your posts in this thread have been-- by far-- the best and most informed of all the posters posting here!
Dunno what you actually do where you work, but it's crystal clear you have the knowledge, experience and mindset for dissecting these situations. Very, very on-target.
Your posts in this thread have been-- by far-- the best and most informed of all the posters posting here!
Dunno what you actually do where you work, but it's crystal clear you have the knowledge, experience and mindset for dissecting these situations. Very, very on-target.
Sep 20, 2015, 9:59 am
#282
Join Date: Aug 2010
Location: LAX
Programs: AA Lifetime Gold but PlatPro thanks to LPs
Posts: 4,439
I consider that the likely possibility.
I would suggest doing "3" after "1" and vary the response with "2" based on the interpretation of "3".
Such variance would include possible unlocking the account while "2" is in progress.
Imagine if the OP had been EXP with an existing transatlantic booking 10 days ago and being barred from using already confirmed upgrades to the travel through no fault of their own.
I would suggest doing "3" after "1" and vary the response with "2" based on the interpretation of "3".
Such variance would include possible unlocking the account while "2" is in progress.
Imagine if the OP had been EXP with an existing transatlantic booking 10 days ago and being barred from using already confirmed upgrades to the travel through no fault of their own.
Again guessing: Had the account holder been anticipating eminent travel, a high-level supervisor could pull strings to take care of any upgrades or other requests without unfreezing the account.
That high-level supervisor would have to become personally convinced they are dealing with the real account holder, not an impersonator. That involves human intellect, not some automatic computer algorithm.
Seriously, I do this kind of thing all the time, but not for an airline.
Sep 20, 2015, 10:05 am
#284
Join Date: Aug 2010
Location: LAX
Programs: AA Lifetime Gold but PlatPro thanks to LPs
Posts: 4,439
There's all kind of precedent for asking a passenger to pay a full-fare walk-up ticket in cases such as Hidden City, Nested Ticketing, etc, fraud*. It happens. There is precedent for barring a passenger for life from the airline.
*Please, let's not get into a meta-discussion as to the application of the word "fraud" to Hidden City, Nested Ticketing, etc. I'll stipulate that some call it "creative cost-saving ticketing" or "beating the airline at their own game".