Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > American Airlines | AAdvantage
Reload this Page >

Account fraud / breach: my account compromised, awards taken, etc.

Old Aug 22, 2015, 2:16 pm
FlyerTalk Forums Expert How-Tos and Guides
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.

For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).

If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.

To help protect your account, be sure
  • Have a strong, protected and secure password
  • check your account periodically
  • be aware and keep track of your transactions
  • control or destroy documents such as boarding passes
  • use antivirus software- if your personal computer is hacked they can gain control of your AA account
  • Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed

If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):

Dear JDiver,

Thanks for visiting AA.com. This email confirms that your account has been updated as follows.

Your contact information has been updated, but is not included in this e-mail for the security of your account.

If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.

If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.

If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.

AA.com
American Airlines
Print Wikipost

Account fraud / breach: my account compromised, awards taken, etc.

Old Aug 23, 2015, 7:49 pm
  #46  
FlyerTalk Evangelist
 
Join Date: Sep 2006
Programs: Fabulous on one of the US carriers..
Posts: 11,878
Originally Posted by Gardyloo
I have to think, however, that there should be some sort of fail-safe to prevent an interloper in possession of the password changing everything in the account without some sort of call-back or email notification to an alternate email account, or a text to my cell phone (which AA has on file for flight notifications) when wholesale changes are being made to the account. And maybe some kind of flag that alerts somebody regarding big redemptions being made the same day that so many entries in the account profile have been changed. Remember this is CX we're talking about, so somebody had to speak to an AA rep in the process. Twice.
Yeah, at minimum an email stating changes were made. Those are pretty common. It's crazy that there is no fail safe in place.

The other odd thing is that the hacker seems to have pretty good knowledge of the system. A total of four CX awards in F? And they knew they had call it in too.

Here's hoping everything works out for you.
Flyer_70 is offline  
Old Aug 24, 2015, 12:42 am
  #47  
 
Join Date: Sep 2009
Location: Global
Posts: 5,991
Sorry this happened to you Gardyloo

You would think AA would have done a security lock on the account for x number of days... maybe 7 days... to give you time to fix everything.

It does sound like this is a bot/hack on your computer.
Global321 is offline  
Old Aug 24, 2015, 3:12 am
  #48  
FlyerTalk Evangelist
 
Join Date: Jan 2007
Location: BOS/UTH
Programs: AA LT PLT; QR GLD; Bonvoy LT TIT
Posts: 12,711
Originally Posted by 110pgl
It does sound like this is a bot/hack on your computer.
Yes, I agree. So sorry that this has happened to you, Gardy. I'm sure that you don't recall, but we've PMd a number of times on OWE issues; and you've always been most generous sharing your advice and experience. I hope that this works out soon.
Dr. HFH is offline  
Old Aug 24, 2015, 4:38 am
  #49  
 
Join Date: Dec 2003
Location: NYC
Posts: 6,418
Originally Posted by Flyer_70
Yeah, at minimum an email stating changes were made. Those are pretty common. It's crazy that there is no fail safe in place.
...
AA doesn't notify the old email address when a change is made?? That's really bad.
richarddd is offline  
Old Aug 24, 2015, 5:36 am
  #50  
 
Join Date: Nov 2012
Location: PBI/FLL/MIA
Programs: DL DM/2MM, MR Ambassador, National EE
Posts: 1,614
Originally Posted by Gardyloo
This troubled me hugely when I discovered it, and I am rapidly checking activity on each and every password-protected site/program I use. I'm treating this as a candidate for identity theft, and, while I haven't found any other obvious instances of such, I'm changing passwords and having credit cards that might be at risk canceled and new ones sent. To say this has put a damper on my Saturday is an understatement.

A few years ago I got an email from Citibank asking if I was traveling from Heathrow to Nairobi in business class that evening. I was in the Admirals Club at LHR at the time, and thought, "Wow, that's strange."

I traced the card hack back to a bookshop right in the T3 shopping mall where my wife had bought some bodice-ripper paperback not an hour previously. Obviously somebody had skimmed the card while she was buying the book. This s*it happens quick, believe me.
You should consider Dashlane... instant change of all passwords w/ one click. I'm a fan...
krlcomm is offline  
Old Aug 24, 2015, 7:12 am
  #51  
 
Join Date: Aug 2010
Location: Houston, TX
Programs: HHonors Diamond, AA Executive Platinum, National Executive Elite, Avis First
Posts: 494
If you are using a Windows machine you should scan it for malware. You could have a keyboard logger installed - which would log all your key strokes.

I've had the best luck with Malwarebytes (https://www.malwarebytes.org/). It's a free program.
adambrock is offline  
Old Aug 24, 2015, 7:18 am
  #52  
 
Join Date: Feb 2013
Location: Beantown! (BOS)
Programs: AA PtPro (2 MM); Hilton Diamond; Hertz President Cr; DL SkyMiles; UA MileagePlus
Posts: 3,432
OP, sorry this happened to your account. It is not comforting to know somebody could do that to your account. After whomever could do all those to your account, I am surprised that the password was not changed by whoever did this. If password was changed then you would not have had an access to your account online.

When you made an initial contact to AA regarding this situation, did you have difficulty convincing a person over the phone that you are the actual member of that AAdvantage account?
AlwaysAisle is offline  
Old Aug 24, 2015, 8:08 am
  #53  
FlyerTalk Evangelist
 
Join Date: Sep 2006
Programs: Fabulous on one of the US carriers..
Posts: 11,878
Originally Posted by richarddd
AA doesn't notify the old email address when a change is made?? That's really bad.
I just tried changing emails. Was notified instantly with both new and old accounts. Wonder if hacker had access to OPs email while making the change.
Flyer_70 is offline  
Old Aug 24, 2015, 8:12 am
  #54  
Suspended
 
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Originally Posted by Flyer_70
I just tried changing emails. Was notified instantly with both new and old accounts. Wonder if hacker had access to OPs email while making the change.
I feel like that's a given, from the description.
JonNYC is offline  
Old Aug 24, 2015, 8:38 am
  #55  
FlyerTalk Evangelist
 
Join Date: Sep 2006
Programs: Fabulous on one of the US carriers..
Posts: 11,878
Originally Posted by JonNYC
I feel like that's a given, from the description.
So you think the hackers are monitoring Flyertalk right about now, assuming OP has communications go to his email?
Flyer_70 is offline  
Old Aug 24, 2015, 9:24 am
  #56  
 
Join Date: Aug 2006
Location: Dallas
Programs: AAdvantage EXP, IHG Spire, Marriott Gold, HHonors Gold, National Executive Elite
Posts: 1,523
Originally Posted by Flyer_70
I just tried changing emails. Was notified instantly with both new and old accounts. Wonder if hacker had access to OPs email while making the change.
I think its almost 100 percent certain that the OP's computer has been compromised and at best has a keystroke logger on it, and at worst is monitored live. Seems incredibly improbable that they can get the info to keep changing otherwise (or its an inside job by a family member without realizing it).

I sure as hell would not use your computer or devices you've been using to log into any account or anytype until you run a very full and complete scan for spyware and malware on the devices.
imapilotaz is offline  
Old Aug 24, 2015, 10:50 am
  #57  
Moderator, OneWorld
Original Poster
 
Join Date: Feb 2002
Location: SEA
Programs: RAA RIP; AA ExEXP
Posts: 11,785
Update - My computer seems to be clean; repeated anti-malware scans have eliminated a few craplit adware registry and temp file remnants (Weeks ago I'd already dealt with any .exe files that showed up in the program list) so I don't think I've got a keystroke monitor, although of course if I do and it's super buried we'll see shortly . Note the computer I use is on an ethernet line to my cable modem, so I don't think a wi-fi leak is a realistic risk.

My AAdvantage account has been migrated to a new account number; because it was an elite account they have to manually configure the new account to recognize my status; the ACS rep said to monitor the new account like crazy over the next couple of weeks.

The miles for the unused tickets have been put back; however those for the used ticket (yesterday's HKG-LAX flight) will need to be restored (I assume) by someone in the fraud unit rather than ACS. The rep had no way of knowing, and wouldn't be able to tell me anyway, what, if anything, happened to the arriving pax last night. We were both puzzled as to how I managed to get into the site on Saturday and undo all the prior tickets only to have it re-hacked and the "flown" one reinstated on Sunday. She didn't have access to time-stamps covering (a) my conversation with AA on Saturday when we first undid the hack, or (b) when the re-hack took place, except that it was on the same day. I fear it was just blind luck that the perp was doing the second transaction while we were in the middle of undoing the first.

How I didn't get an email notification of the change of email addresses is a major puzzler and is the part that has me rather freaked. I suggested to the rep that AA ask for an alternate email address to be used as a secondary backup, so that if some change is made, not only the "old" email address gets an alert, but also the secondary one, and she thought that was an idea that she would take to the next "brainstorming" session at ACS, which occur every couple of weeks evidently. I also suggested that since AA has cell phone numbers for many members, used for flight notifications, that it, too, could be utilized as a fail-safe fail-safe, since email hackers might not have access to the mobile device. No good if you use your phone for all your web/email activity, but if your phone was nicked you'd know about it pronto. She thought that was a terrific idea that she'd take to the same meeting.

Meanwhile I'm wondering about the fact that the only bogus credit card activity I've had was on the Citibank card attached to my AAdvantage account. I know Citi had a giant data breach a couple of years ago, but just wondering if that's an avenue to explore. I suspect it's just me being paranoid, which of course has attained new heights over the weekend.
Gardyloo is offline  
Old Aug 24, 2015, 10:59 am
  #58  
 
Join Date: Feb 2013
Location: Beantown! (BOS)
Programs: AA PtPro (2 MM); Hilton Diamond; Hertz President Cr; DL SkyMiles; UA MileagePlus
Posts: 3,432
Originally Posted by Flyer_70
So you think the hackers are monitoring Flyertalk right about now, assuming OP has communications go to his email?
I do think if anybody is serious about hacking into somebody else’s AAdvantage account then reading up on FlyerTalk is very good source of information. Learn in and out of the program, routine process of AAdvantage program, learn to what to expect from agents, etc.

When a hacker had to call AA, such as a case of CX award ticket which cannot be done online, the hacker could have learned a lot from FlyerTalk so that the agent over the phone will not become suspicious of the situation. Example: credit card situation. The hacker could have learned a lot about need of credit card to pay taxes and fees on award tickets and how to prepare the credit card so that the agent over the phone will not become suspicious.

Just saying that I learned so much from reading FlyerTalk about AAdvantage program. It has been extremely useful as to know how the program works, what to expect, what I need to be prepared, etc. Same information can also be very useful for people who try to hack into the program and do some harm.
AlwaysAisle is offline  
Old Aug 24, 2015, 11:08 am
  #59  
 
Join Date: Aug 2006
Location: Dallas
Programs: AAdvantage EXP, IHG Spire, Marriott Gold, HHonors Gold, National Executive Elite
Posts: 1,523
Originally Posted by AlwaysAisle
I do think if anybody is serious about hacking into somebody else’s AAdvantage account then reading up on FlyerTalk is very good source of information. Learn in and out of the program, routine process of AAdvantage program, learn to what to expect from agents, etc.

When a hacker had to call AA, such as a case of CX award ticket which cannot be done online, the hacker could have learned a lot from FlyerTalk so that the agent over the phone will not become suspicious of the situation. Example: credit card situation. The hacker could have learned a lot about need of credit card to pay taxes and fees on award tickets and how to prepare the credit card so that the agent over the phone will not become suspicious.

Just saying that I learned so much from reading FlyerTalk about AAdvantage program. It has been extremely useful as to know how the program works, what to expect, what I need to be prepared, etc. Same information can also be very useful for people who try to hack into the program and do some harm.
To me there is a very important distinction between a common criminal and a hacker: intelligence. A hacker is typically significantly smarter than the common criminal and a hacker will also go to lengths to learn about the target (be it an individual or corporation).
imapilotaz is offline  
Old Aug 24, 2015, 11:23 am
  #60  
 
Join Date: Apr 2011
Location: New York
Programs: AA EXP 1.0mm, not sure where I am with hotels these days
Posts: 2,795
Originally Posted by Gardyloo
I was thinking about gifting a trip to a relative and went to start looking for award availability. Simple dumb luck.

I've since discovered that my email has been hacked too, so I'm busily changing passwords and logins all over the place, having credit cards canceled and all that. Somebody charged an $850 taxi ride (in Everett, WA - where the hell do you go that costs eight hundred bucks?) to a credit card that I've now canceled. F-ing people. I have to treat this as identity theft at this point.

It's funny (weird, not ha ha) - on another FT thread I've been waxing lyrical about a new TV show to which I've become addicted, Mr. Robot on the USA network. The protagonist of the show is a hacker. Funny how life mimics fiction sometimes.
The taxicab driver should remember the $850 fare. That's a huge amount. I would call the cab company to see who the driver was and see where it leads. When I had my credit card stolen from my wallet in my office by a construction worker a few years ago, I tracked it to the store where the card was used that morning to buy $11,000 in a fur coat, expensive dress and necklace. I was able to talk a detective who wanted a felony collar into going to the store and confront the manager. He gave up the sales girl who sold the goods and she was arrested.
george 3 is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.