Aug 22, 2015, 2:16 pm
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
Oct 8, 2015, 9:14 pm
#301
FlyerTalk Evangelist
Join Date: Apr 2001
Location: NYC
Posts: 27,239
Oct 8, 2015, 10:28 pm
#302
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
Oct 9, 2015, 8:32 am
#303
Join Date: Sep 2008
Programs: American AAdvantage
Posts: 1,045
Interesting article here about how much can be extracted from your boarding pass. I'll leave it to your imagination how all that can be used against you.
Destroy those; don't leave them behind in a seat pocket.
Destroy those; don't leave them behind in a seat pocket.
Oct 9, 2015, 9:29 am
#304
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
This post from last year mentions an iOS app which decodes the barcode.
Oct 12, 2015, 9:00 pm
#305
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,417
Interesting article here about how much can be extracted from your boarding pass. I'll leave it to your imagination how all that can be used against you.
Destroy those; don't leave them behind in a seat pocket.
Destroy those; don't leave them behind in a seat pocket.
Oct 13, 2015, 5:19 am
#306
Join Date: Sep 2009
Location: Global
Posts: 5,998
funny side note... Mrs 110pgl found this information out accidentally... AA killed its Windows Phone app, so she was looking for a way to put the data into her phone and stumbled upon a reader app that did just that... and she was shocked at all the data it gave her!
Oct 13, 2015, 11:00 am
#307
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,763
Sure, they are jaded from the gazillion cases they have seen over the years, that 90% of the customers are eventually proven guilty. However, this does NOT justify their attitude on how they treat the customers who especially in this case, alerted AA about the fraud in the first place, versus AA took action to lock the accounts because they have already known something.
The arrogance and prejudice demonstrated by AA Corporate Security is beyond my comprehension. The continuous defending of such behaviors is even more perplexing.
Last year my friend's UA account was hacked. 300K miles stolen to buy Apple products to be shipped to a forwarding company at Long Beach. He found it out only because he logged in on a weekend looking for award seats on a family trip. He could not access his account on computer but could from his phone - on a flash he saw his account balance was down to only a few hundreds. Then he no longer was able to log in even from his phone.
I told him to call UA immediately. He was told by the MileagePlus rep that his account was locked due to suspected fraudulent activities. UA told him what had happened and they were able to stop the shipments of the orders. UA told him not to worry, called back on Monday when they were fully staffed. He called back on Monday, was told to wait a few days. NOTHING was requested from UA. 3 days later he got an email his account was unlocked, all miles renstated and an apology email for the convenience.
The whole ordeal lasted only a few days without any drama. The whole time UA stayed TRANSPARENT to my friend as on what was going on and how it would be resolved.
Now, comparing my friend's experiences with UA, the treatment from AA is even more horrible. Yet, such behaviors are being defended again and again and again. I am totally confused the reasons behind it.
Last edited by Happy; Oct 13, 2015 at 12:21 pm
Oct 13, 2015, 11:20 am
#308
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
The oldie: You smelt it, you dealt it adage.
No excuse, but I suspect many accomplices are the first to report the "alleged" thefts that that is their first conclusion. It's easy to get jaded with the ease of trying to hide behind the net and hope you get away with it.
I wish they could be open about their procedures, but that's just going to be used against them for the next generation of thieves. It's like if you know the cops are patrolling the city streets, the freeways are fair game.
No excuse, but I suspect many accomplices are the first to report the "alleged" thefts that that is their first conclusion. It's easy to get jaded with the ease of trying to hide behind the net and hope you get away with it.
I wish they could be open about their procedures, but that's just going to be used against them for the next generation of thieves. It's like if you know the cops are patrolling the city streets, the freeways are fair game.
Oct 13, 2015, 8:28 pm
#309
FlyerTalk Evangelist
Join Date: Apr 2001
Location: NYC
Posts: 27,239
Oct 13, 2015, 8:33 pm
#310
Join Date: Sep 2009
Location: Global
Posts: 5,998
The oldie: You smelt it, you dealt it adage.
No excuse, but I suspect many accomplices are the first to report the "alleged" thefts that that is their first conclusion. It's easy to get jaded with the ease of trying to hide behind the net and hope you get away with it.
I wish they could be open about their procedures, but that's just going to be used against them for the next generation of thieves. It's like if you know the cops are patrolling the city streets, the freeways are fair game.
No excuse, but I suspect many accomplices are the first to report the "alleged" thefts that that is their first conclusion. It's easy to get jaded with the ease of trying to hide behind the net and hope you get away with it.
I wish they could be open about their procedures, but that's just going to be used against them for the next generation of thieves. It's like if you know the cops are patrolling the city streets, the freeways are fair game.
And that is another reason for AA to treat people nice... lure the bad guys into a false sense of security and reassure the good guys while investigating.
Oct 14, 2015, 6:15 am
#311
Join Date: Mar 2015
Posts: 1,620
I think AA could have handled the entire thing in a different way, but they choose not to and some here say due to the specific situation and it circumstances.
One person seems to be in the know (whether he works for or closely works with AA, I truly have no idea) and has said that AA has helped many people who have had their miles stolen and I assuming here, more along the lines of UNITED, though I truly have no idea.
Personally, I would not be too happy to be dealt with by AA or anyone else as if I perpetrated a crime, when in fact I was perfectly innocent and simply a victim.
While I realize that I am getting a little far a field here, it is the same reason I am not enamored with the TSA, it feels that their mentation is that everyone is to be suspicious of and it our job to prove that we are just average people, not out to do harm to anyone or anything.
While I hope to never have to deal with any Corporate Security folks (AA or otherwise), I know that in this day and age hacking is getting more and more common and unfortunately, one day I too may have to defend my innocence as the victim and that saddens me slightly.
One person seems to be in the know (whether he works for or closely works with AA, I truly have no idea) and has said that AA has helped many people who have had their miles stolen and I assuming here, more along the lines of UNITED, though I truly have no idea.
Personally, I would not be too happy to be dealt with by AA or anyone else as if I perpetrated a crime, when in fact I was perfectly innocent and simply a victim.
While I realize that I am getting a little far a field here, it is the same reason I am not enamored with the TSA, it feels that their mentation is that everyone is to be suspicious of and it our job to prove that we are just average people, not out to do harm to anyone or anything.
While I hope to never have to deal with any Corporate Security folks (AA or otherwise), I know that in this day and age hacking is getting more and more common and unfortunately, one day I too may have to defend my innocence as the victim and that saddens me slightly.
Oct 18, 2015, 12:37 pm
#312
Join Date: Aug 2004
Programs: AA (EP), Hilton (Diamond), Marriott Bonvoy (Titanium)
Posts: 8,937
Back before Pre-Check was printed on the boarding pass, I routinely scanned the barcodes on mine and decoded the data. While it contains the PNR and my AAdvantage number along with my name, the barcode does not contain my birthdate, citizenship, home address, and certainly not my social security number. The PNR contains my birthdate, home address, credit card, but never my social security number, and the PNR expires a few days after the last flight (unless an agency added a retention segment).
Oct 18, 2015, 12:53 pm
#313
FlyerTalk Evangelist
Join Date: Apr 2001
Location: NYC
Posts: 27,239
I think one of the articles suggested that on LH (?) you could use he name and PNR to get access to much of that personal info on the website. Obviously on AA you could pull up some additional info, but some I know -- like birthdate - is protected. I had booked tix for my sister and her fiancé and wanted them to double check the DOBs before ticketing, and there was no way to see what was entered online, they ended up having to call. And it's possible on a call that AAgents are trained not to provide that info but merely to verify or even just to overwrite it with new data. At least I hope so.
Oct 18, 2015, 3:47 pm
#315
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
I can't imagine any broker isn't aware that AA (and other airlines) don't permit the sale of miles/upgrades and that AA will cancel the trip on the purchaser if they discover it.
It's a business where they are buying from a seller who they know is supposed to be selling the miles/upgrades and selling to a customer, who may or may not know, but will be certainly left in the lurch if AA figures it out.
So, in my view, a broker can never be a victim.