Aug 22, 2015, 2:16 pm
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
Oct 29, 2017, 6:45 pm
#496
Join Date: Aug 2004
Programs: AA (EP), Hilton (Diamond), Marriott Bonvoy (Titanium)
Posts: 8,937
Never, never, never give the correct answers to those questions. Too much is available online that the answers can usually be found pretty quickly. My choice is to pick a word in the question and spell it backwards, or drop the vowels, or translate to numbers. Just pick the same process, don't write down the process/answers, and change it up from time to time. The more valuable the account the more often you change it up. I may not care if they hack my SuperCuts account, but absolutely care about my AA account!
Oct 29, 2017, 10:57 pm
#497
FlyerTalk Evangelist
Join Date: May 2004
Location: DFW/DAL
Programs: AA Lifetime PLT, AS MVPG, HH Diamond, NCL Platinum Plus, MSC Diamond
Posts: 21,422
I'm not so sure I'd call the "guest" a victim. If someone is buying travel services from some sketchy outfit for half or less of the usual retail cost, they're either aware or should be suspicious. Until proven otherwise, I wouldn't just assume that the "buyer" is naive. If something seems too good to be true, it probably is fraudulent in some sense. Airplane tickets, rental cars, and hotel stays don't fall off of trucks.
Apr 21, 2018, 7:05 pm
#498
Join Date: Jan 2005
Programs: AA Plat Exec, Hilton Honors Diamond, Marriott Rewards
Posts: 220
AA Account Hacked, Miles taken, now what?
I received an email from American today telling me that my email address for my AA account had been changed. I immediately tried to logon to my AA account and was told I had the wrong password. I called AA and explained the situation, sure enough, someone had hacked into my account, changed my password and security questions, and used 168.000 of my AA miles to book a trip!
I was able to reset my password to lockout the bad guy, by AA Customer Service doesn't work on the weekend (!!) so I was told to call back on Monday to discuss my missing miles. Does anyone know how this type of situation turns out? Will I get my miles back????
I was able to reset my password to lockout the bad guy, by AA Customer Service doesn't work on the weekend (!!) so I was told to call back on Monday to discuss my missing miles. Does anyone know how this type of situation turns out? Will I get my miles back????
Apr 21, 2018, 7:19 pm
#499
FlyerTalk Evangelist
Join Date: Jul 2003
Location: jfk area
Programs: AA platinum; 2MM AA, Delta Diamond, Hilton Diamond
Posts: 10,291
Lots of possabilities. I've been in ACs where a pax was using the AC computer closed their browsing session but did NOT logout of their AC acct. When I opened a browsing session that pass AA acct was open to be compromised.
Apr 21, 2018, 7:22 pm
#500
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
OP, have you requested they immediately cancel the redemption tickets (if applicable (i.e. not flown today))?
Apr 21, 2018, 9:09 pm
#501
FlyerTalk Evangelist
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT Titanium, AA LT PLT, UA SLV, Avis PreferredPlus
Posts: 31,009
Did you ask to speak directly with the AA Fraud Department. Hard to believe no one can talk to you on a weekend.
If you were able to get back to your account (how?), did you cancel the reservation? Or was it a same-day/already flown ticket?
If you were able to get back to your account (how?), did you cancel the reservation? Or was it a same-day/already flown ticket?
Apr 21, 2018, 10:04 pm
#502
FlyerTalk Evangelist
Join Date: May 2004
Location: DFW/DAL
Programs: AA Lifetime PLT, AS MVPG, HH Diamond, NCL Platinum Plus, MSC Diamond
Posts: 21,422
AA should prevent this type of thing. If your email address is changed, they should not let you order an award for a specific time period
Apr 22, 2018, 7:33 am
#503
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Every rule will have an exception. Two factor authorization would help mitigate many of these events, but I don't want to see it on everything. Maybe just profile changes (email, password type items), but if I am logged into my account, let me book trips freely. Just like most financial sites, travel sites should timeout (yes, it will upset some). I too see many people thinking closing a browser or turning off a monitor wipes everything out. Ummm, no!
Apr 22, 2018, 10:04 am
#504
Join Date: Sep 2009
Location: Global
Posts: 5,998
Simpliest things in my mind...
1. If you change your email... confirmation sent to old email - no transactions until confirmed or x time or other conformation. Two factor would be a big help.
and,,,
2. When you change your email, cannot book mileage tickets for anyone but yourself (or previously person you booked tickets) for x days.
Of course, this won't stop everything, and as RogerD408 says every rule will have an exception, but I these things would help the vast majority of people.
1. If you change your email... confirmation sent to old email - no transactions until confirmed or x time or other conformation. Two factor would be a big help.
and,,,
2. When you change your email, cannot book mileage tickets for anyone but yourself (or previously person you booked tickets) for x days.
Of course, this won't stop everything, and as RogerD408 says every rule will have an exception, but I these things would help the vast majority of people.
Apr 22, 2018, 10:59 am
#505
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Simpliest things in my mind...
1. If you change your email... confirmation sent to old email - no transactions until confirmed or x time or other conformation. Two factor would be a big help.
and,,,
2. When you change your email, cannot book mileage tickets for anyone but yourself (or previously person you booked tickets) for x days.
Of course, this won't stop everything, and as RogerD408 says every rule will have an exception, but I these things would help the vast majority of people.
1. If you change your email... confirmation sent to old email - no transactions until confirmed or x time or other conformation. Two factor would be a big help.
and,,,
2. When you change your email, cannot book mileage tickets for anyone but yourself (or previously person you booked tickets) for x days.
Of course, this won't stop everything, and as RogerD408 says every rule will have an exception, but I these things would help the vast majority of people.
May 10, 2018, 1:52 pm
#506
Join Date: Jan 2005
Programs: AA Plat Exec, Hilton Honors Diamond, Marriott Rewards
Posts: 220
I am having the worst experience with AA Security
On April 21, 2018 I received an email from American Airlines telling me that my email address had been changed. Sure enough, someone hacked into my account and used 178,600 miles to purchase hotel room and rental card (this award, which I've never heard of, does not require use of a credit card or any other identifying information). I notified AA on 4/21 that this was a fraudulent purchase and AA was able to prevent the transaction from going through (i.e. the miles were never used).
Since then, it's been a nightmare dealing with AA. On April 27 I spoke to a supervisor at Advantage Customer Service who confirmed that miles were not used but that AA Security would have to contact me to settle the issue & get my miles back. I was told that this could take up to 10 - 15 business days (which I though was rather excessive!).
I have been phoning in repeatedly to try and expedite (I wanted to use my miles to fly home for mother's day). Each time I called in, I would learn new info - I was told I needed to file a Police report....did that and called in to provide this info......Today (5/10) I called customer service to check on status and spoke with a supervisor named Chrissy (sp?). She informed me that I needed to allow up to 30 days to be contacted by AA security. I told her that I was previously told 10 - 15 business days and asked when this change was made. Chrissy wasn't sure........I then asked if the 30 days were business days or calendar days.....Chrissy not sure again. I think asked if there was someone else I could speak with. Chrissy did have an answer for this one....it was "no". I then asked what I could do to expedite this process and was told "no", I would need to wait for AA security to contact me. I asked if I could call AA security....again, "no".
I guess being a customer for over 20 years with nearly 3,000,000 miles earned only gets you so much. VERY DISAPPOINTING.!
Since then, it's been a nightmare dealing with AA. On April 27 I spoke to a supervisor at Advantage Customer Service who confirmed that miles were not used but that AA Security would have to contact me to settle the issue & get my miles back. I was told that this could take up to 10 - 15 business days (which I though was rather excessive!).
I have been phoning in repeatedly to try and expedite (I wanted to use my miles to fly home for mother's day). Each time I called in, I would learn new info - I was told I needed to file a Police report....did that and called in to provide this info......Today (5/10) I called customer service to check on status and spoke with a supervisor named Chrissy (sp?). She informed me that I needed to allow up to 30 days to be contacted by AA security. I told her that I was previously told 10 - 15 business days and asked when this change was made. Chrissy wasn't sure........I then asked if the 30 days were business days or calendar days.....Chrissy not sure again. I think asked if there was someone else I could speak with. Chrissy did have an answer for this one....it was "no". I then asked what I could do to expedite this process and was told "no", I would need to wait for AA security to contact me. I asked if I could call AA security....again, "no".
I guess being a customer for over 20 years with nearly 3,000,000 miles earned only gets you so much. VERY DISAPPOINTING.!
May 10, 2018, 4:52 pm
#507
Join Date: Aug 2004
Programs: AA (EP), Hilton (Diamond), Marriott Bonvoy (Titanium)
Posts: 8,937
Two factor authorization would help mitigate many of these events, but I don't want to see it on everything. Maybe just profile changes (email, password type items), but if I am logged into my account, let me book trips freely. Just like most financial sites, travel sites should timeout (yes, it will upset some). I too see many people thinking closing a browser or turning off a monitor wipes everything out. Ummm, no!
On April 21, 2018 I received an email from American Airlines telling me that my email address had been changed. Sure enough, someone hacked into my account and used 178,600 miles to purchase hotel room and rental card (this award, which I've never heard of, does not require use of a credit card or any other identifying information). I notified AA on 4/21 that this was a fraudulent purchase and AA was able to prevent the transaction from going through (i.e. the miles were never used).
Since then, it's been a nightmare dealing with AA. On April 27 I spoke to a supervisor at Advantage Customer Service who confirmed that miles were not used but that AA Security would have to contact me to settle the issue & get my miles back. I was told that this could take up to 10 - 15 business days (which I though was rather excessive!).
I have been phoning in repeatedly to try and expedite (I wanted to use my miles to fly home for mother's day). Each time I called in, I would learn new info - I was told I needed to file a Police report....did that and called in to provide this info......Today (5/10) I called customer service to check on status and spoke with a supervisor named Chrissy (sp?). She informed me that I needed to allow up to 30 days to be contacted by AA security. I told her that I was previously told 10 - 15 business days and asked when this change was made. Chrissy wasn't sure........I then asked if the 30 days were business days or calendar days.....Chrissy not sure again. I think asked if there was someone else I could speak with. Chrissy did have an answer for this one....it was "no". I then asked what I could do to expedite this process and was told "no", I would need to wait for AA security to contact me. I asked if I could call AA security....again, "no".
I guess being a customer for over 20 years with nearly 3,000,000 miles earned only gets you so much. VERY DISAPPOINTING.!
Since then, it's been a nightmare dealing with AA. On April 27 I spoke to a supervisor at Advantage Customer Service who confirmed that miles were not used but that AA Security would have to contact me to settle the issue & get my miles back. I was told that this could take up to 10 - 15 business days (which I though was rather excessive!).
I have been phoning in repeatedly to try and expedite (I wanted to use my miles to fly home for mother's day). Each time I called in, I would learn new info - I was told I needed to file a Police report....did that and called in to provide this info......Today (5/10) I called customer service to check on status and spoke with a supervisor named Chrissy (sp?). She informed me that I needed to allow up to 30 days to be contacted by AA security. I told her that I was previously told 10 - 15 business days and asked when this change was made. Chrissy wasn't sure........I then asked if the 30 days were business days or calendar days.....Chrissy not sure again. I think asked if there was someone else I could speak with. Chrissy did have an answer for this one....it was "no". I then asked what I could do to expedite this process and was told "no", I would need to wait for AA security to contact me. I asked if I could call AA security....again, "no".
I guess being a customer for over 20 years with nearly 3,000,000 miles earned only gets you so much. VERY DISAPPOINTING.!
By the way, my BA account was hacked and it took BA many months to resolve it.
May 10, 2018, 5:03 pm
#508
Suspended
Join Date: Mar 2002
Location: Canada, USA, Europe
Programs: UA 1K
Posts: 31,452
I honestly suggest you just give it a rest for a week or so and see what happens. You’re just getting a whole bunch of notes added to your file that don’t move the situation forward.
On April 21, 2018 I received an email from American Airlines telling me that my email address had been changed. Sure enough, someone hacked into my account and used 178,600 miles to purchase hotel room and rental card (this award, which I've never heard of, does not require use of a credit card or any other identifying information). I notified AA on 4/21 that this was a fraudulent purchase and AA was able to prevent the transaction from going through (i.e. the miles were never used).
Since then, it's been a nightmare dealing with AA. On April 27 I spoke to a supervisor at Advantage Customer Service who confirmed that miles were not used but that AA Security would have to contact me to settle the issue & get my miles back. I was told that this could take up to 10 - 15 business days (which I though was rather excessive!).
I have been phoning in repeatedly to try and expedite (I wanted to use my miles to fly home for mother's day). Each time I called in, I would learn new info - I was told I needed to file a Police report....did that and called in to provide this info......Today (5/10) I called customer service to check on status and spoke with a supervisor named Chrissy (sp?). She informed me that I needed to allow up to 30 days to be contacted by AA security. I told her that I was previously told 10 - 15 business days and asked when this change was made. Chrissy wasn't sure........I then asked if the 30 days were business days or calendar days.....Chrissy not sure again. I think asked if there was someone else I could speak with. Chrissy did have an answer for this one....it was "no". I then asked what I could do to expedite this process and was told "no", I would need to wait for AA security to contact me. I asked if I could call AA security....again, "no".
I guess being a customer for over 20 years with nearly 3,000,000 miles earned only gets you so much. VERY DISAPPOINTING.!
Since then, it's been a nightmare dealing with AA. On April 27 I spoke to a supervisor at Advantage Customer Service who confirmed that miles were not used but that AA Security would have to contact me to settle the issue & get my miles back. I was told that this could take up to 10 - 15 business days (which I though was rather excessive!).
I have been phoning in repeatedly to try and expedite (I wanted to use my miles to fly home for mother's day). Each time I called in, I would learn new info - I was told I needed to file a Police report....did that and called in to provide this info......Today (5/10) I called customer service to check on status and spoke with a supervisor named Chrissy (sp?). She informed me that I needed to allow up to 30 days to be contacted by AA security. I told her that I was previously told 10 - 15 business days and asked when this change was made. Chrissy wasn't sure........I then asked if the 30 days were business days or calendar days.....Chrissy not sure again. I think asked if there was someone else I could speak with. Chrissy did have an answer for this one....it was "no". I then asked what I could do to expedite this process and was told "no", I would need to wait for AA security to contact me. I asked if I could call AA security....again, "no".
I guess being a customer for over 20 years with nearly 3,000,000 miles earned only gets you so much. VERY DISAPPOINTING.!
Dec 27, 2018, 1:26 pm
#510
Join Date: Jun 2006
Location: NYC,ALB
Programs: United 1k
Posts: 322
Welp, this just happened to me too. Long and short of it, 2 weeks ago I get an email from American stating there was a suspicious 262k award redemption for a hotel voucher (in vietnam). I immediately call and the agent and I quickly discover this is fraud. They freeze my account, create a new account and start the process to get my miles back. According to the phone agent, they were able to cancel the voucher before it was actually redeemed/used. Initially they made it seem like this would be so easy to get my miles back, however its been two weeks and I am still getting cookie-cutter responses from them. I suspect this will work out in the end, but its annoying they are requiring multiple trips to the police station to prove this is identify theft and it sounds like I am talking to a robot.
Ins not a simple process and quite frustrating because - I speculate - you are talking to people who have little incentive to work with you or admit any mistake on their part. you can only deal with the fraud department via email. So if/when they screw up or something goes wrong (like they give you the wrong date of the the award withdrawal, or if the police report isn't to their exact specifications even though you've supplied all the information they ask for) they wont work with you, but rather imply its on *you* to remedy the situation by an arbitrary deadline of 3 weeks from now, or your miles will be forfeited. My favorite is when they went in to an old email chain, changed/corrected the incorrect information they provided, and tried to pass it off as if nothing happened!
The advice above from LondonElite (to give it a rest and give it time) is probably the most useful thing I've read in a long time. Its already frustrating to have your identity stolen, and the fraud department doesnt win any awards on the customer service front. but no use getting mad at whats likely an auto-generated email.
Ins not a simple process and quite frustrating because - I speculate - you are talking to people who have little incentive to work with you or admit any mistake on their part. you can only deal with the fraud department via email. So if/when they screw up or something goes wrong (like they give you the wrong date of the the award withdrawal, or if the police report isn't to their exact specifications even though you've supplied all the information they ask for) they wont work with you, but rather imply its on *you* to remedy the situation by an arbitrary deadline of 3 weeks from now, or your miles will be forfeited. My favorite is when they went in to an old email chain, changed/corrected the incorrect information they provided, and tried to pass it off as if nothing happened!
The advice above from LondonElite (to give it a rest and give it time) is probably the most useful thing I've read in a long time. Its already frustrating to have your identity stolen, and the fraud department doesnt win any awards on the customer service front. but no use getting mad at whats likely an auto-generated email.