Aug 22, 2015, 2:16 pm
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
Nov 4, 2015, 6:39 am
#331
Join Date: Jul 2010
Location: SFO
Programs: AA EXP
Posts: 5,270
However, given that there is sensitive information involved, I'd like to do what I can to minimize the amount of it that various employees involved in the reimbursement process can access. It's one thing if forms must (essentially by law) contain information about my full name, date and place of birth, citizenship, passport number in some cases, social security number in some cases, home address, etc., but why add my FF number to the mix when it has nothing to do with the reimbursement or its reporting requirements?
Side note: when submitting BPs for reimbursement, I only send in the small "stubs" that don't have barcodes or AAdvantage numbers. More to cut down on the volume of paper than anything, but I just realized that offers some level of protection.
Nov 5, 2015, 1:33 am
#332
Join Date: Aug 2004
Programs: AA (EP), Hilton (Diamond), Marriott Bonvoy (Titanium)
Posts: 8,937
My stubs always have my AAdvantage number and PNR on them. I'm surprised yours don't.
Last edited by anabolism; Nov 5, 2015 at 6:12 am Reason: fix typo
Nov 5, 2015, 6:00 am
#333
FlyerTalk Evangelist
Join Date: Jul 2003
Location: jfk area
Programs: AA platinum; 2MM AA, Delta Diamond, Hilton Diamond
Posts: 10,291
Some general comments about "secure" info:
(1)People (frequently) leave bps in the back seat pockets--their FF# and name are now exposed.
(2)A "simple" google search, would reveal their address and phone number, age, close relatives. from the name alone. [A deeper search (for a fee) would uncover MUCH more.]
(3)If you are employed by a [NYS] state gov't agency, your salaries for the last several years are a "public" record.
(4)If I purchase something from AMAZON, they know my AMEX reward balance...so if AMAZON were "hacked", some/all of my AMEX info could be exposed. [Lots of cross linking of accts, leaves them open to hackers.]
On line merchants (airlines INCLUDED*), should use a 2-pass verification system (like gmail allows you to set-up, if you access your mail from an unknown computer).
*ESPECIALLY when mile redemptions are involved.
(1)People (frequently) leave bps in the back seat pockets--their FF# and name are now exposed.
(2)A "simple" google search, would reveal their address and phone number, age, close relatives. from the name alone. [A deeper search (for a fee) would uncover MUCH more.]
(3)If you are employed by a [NYS] state gov't agency, your salaries for the last several years are a "public" record.
(4)If I purchase something from AMAZON, they know my AMEX reward balance...so if AMAZON were "hacked", some/all of my AMEX info could be exposed. [Lots of cross linking of accts, leaves them open to hackers.]
On line merchants (airlines INCLUDED*), should use a 2-pass verification system (like gmail allows you to set-up, if you access your mail from an unknown computer).
*ESPECIALLY when mile redemptions are involved.
Nov 5, 2015, 6:10 am
#334
Join Date: Jul 2010
Location: SFO
Programs: AA EXP
Posts: 5,270
Some general comments about "secure" info:
(1)People (frequently) leave bps in the back seat pockets--their FF# and name are now exposed.
(2)A "simple" google search, would reveal their address and phone number, age, close relatives. from the name alone. [A deeper search (for a fee) would uncover MUCH more.]
(3)If you are employed by a [NYS] state gov't agency, your salaries for the last several years are a "public" record.
(4)If I purchase something from AMAZON, they know my AMEX reward balance...so if AMAZON were "hacked", some/all of my AMEX info could be exposed. [Lots of cross linking of accts, leaves them open to hackers.]
On line merchants (airlines INCLUDED*), should use a 2-pass verification system (like gmail allows you to set-up, if you access your mail from an unknown computer).
*ESPECIALLY when mile redemptions are involved.
(1)People (frequently) leave bps in the back seat pockets--their FF# and name are now exposed.
(2)A "simple" google search, would reveal their address and phone number, age, close relatives. from the name alone. [A deeper search (for a fee) would uncover MUCH more.]
(3)If you are employed by a [NYS] state gov't agency, your salaries for the last several years are a "public" record.
(4)If I purchase something from AMAZON, they know my AMEX reward balance...so if AMAZON were "hacked", some/all of my AMEX info could be exposed. [Lots of cross linking of accts, leaves them open to hackers.]
On line merchants (airlines INCLUDED*), should use a 2-pass verification system (like gmail allows you to set-up, if you access your mail from an unknown computer).
*ESPECIALLY when mile redemptions are involved.
Seems like if all of this is readily available from your name alone, and you're really concerned about such things, you should do a bit more to protect your privacy in other realms.
Nov 5, 2015, 6:35 am
#335
FlyerTalk Evangelist
Join Date: Jul 2003
Location: jfk area
Programs: AA platinum; 2MM AA, Delta Diamond, Hilton Diamond
Posts: 10,291
Essentially none of which is specific to boarding passes. If you've ever given someone a business card, you've handed out far more sensitive info than is available from a BP.
Seems like if all of this is readily available from your name alone, and you're really concerned about such things, you should do a bit more to protect your privacy in other realms.
Seems like if all of this is readily available from your name alone, and you're really concerned about such things, you should do a bit more to protect your privacy in other realms.
Nov 20, 2015, 7:59 pm
#336
Join Date: Nov 2012
Location: SJC
Programs: UA 1MM
Posts: 262
hit with fraudulent award booking today
Thankfully, AA routinely sends an e-mail whenever miles have been used from my account (and whoever perpetrated the attempted theft didn't bother to change my contact info). I got an e-mail this morning about a new award booking, even though I hadn't called AA or been on the AA website for about a week. Whoever managed to use my miles booked a one-way ticket, using a credit card I didn't recognize.
Once I called in to report the theft, the AA agent told me the miles would be returned in 24-72 hours, and that I "may receive a call" from AA - I hope to help with the investigation and not to prolong this inconvenience!
Once I called in to report the theft, the AA agent told me the miles would be returned in 24-72 hours, and that I "may receive a call" from AA - I hope to help with the investigation and not to prolong this inconvenience!
Nov 20, 2015, 8:03 pm
#337
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
Thankfully, AA routinely sends an e-mail whenever miles have been used from my account (and whoever perpetrated the attempted theft didn't bother to change my contact info). I got an e-mail this morning about a new award booking, even though I hadn't called AA or been on the AA website for about a week. Whoever managed to use my miles booked a one-way ticket, using a credit card I didn't recognize.
Once I called in to report the theft, the AA agent told me the miles would be returned in 24-72 hours, and that I "may receive a call" from AA - I hope to help with the investigation and not to prolong this inconvenience!
Once I called in to report the theft, the AA agent told me the miles would be returned in 24-72 hours, and that I "may receive a call" from AA - I hope to help with the investigation and not to prolong this inconvenience!
Jan 29, 2016, 9:36 am
#338
Join Date: Nov 2013
Location: LAX, LGB, SNA
Programs: AA EXP OWE, DL DM ST+, AS MVPG, UA, BA, WN CP, Hyatt E, Ritz Plat, HH GM
Posts: 3,185
My miles were deducted for flights that I didn't authorize.
My account has been deducted for 4 one way F tickets NA to Asia. I didn't authorize these. What can I do?
Jan 29, 2016, 9:39 am
#340
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Jan 29, 2016, 9:48 am
#343
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
And, just to be 100% clear, when you say "I didn't authorize these" you -do- mean that the parties, flights and all circumstances surrounding these awards are completely unknown to you, correct?
Jan 29, 2016, 9:56 am
#345
Join Date: Jun 2005
Location: ORD (formerly SAN)
Programs: Hilton Diamond; IHG Platinum; Bonvoy Gold; AA Platinum Pro and United Premier Silver (DH = AA EXP)
Posts: 1,929
In all seriousness though - keep us posted. Good luck!