Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafs or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
#421
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
And -my- information doesn't come from Google or guessing.
#422
Join Date: Aug 2008
Location: South Park, Metropolis
Programs: AA LT PLT 3MM, Hilton/Marriott/SPG/Club Carlson GLD, IHG PLT
Posts: 4,606
Google "US Bank Mastercard gift card fraud" for another good example of fraud that would be easy to stop if the company felt like trying. In a nutshell, US Bank numbers their gift cards sequentially (1, 2, 3, 4) instead of randomly. And they use the same few numbers on every card, so hackers don't need to guess 16 numbers. Once they find a number that works, they can just proceed sequentially from there and hack lots of other cards. This has been going on for years.
It would be easy to fix this by randomizing the numbers, but they haven't done it. That would be work.
PS--Never buy US Bank gift cards! ;-)
It would be easy to fix this by randomizing the numbers, but they haven't done it. That would be work.
PS--Never buy US Bank gift cards! ;-)
Interesting, never knew of this, thanks for the tip, will check this out latter.
#423
Join Date: Dec 2007
Location: ABE
Programs: AA G, UA, HH G
Posts: 141
If we are talking enough miles for multiple round trips in F, consider going one step further and file this as a homeowners insurance claim. In some jurisdictions the miles could be considered personal property held outside the home. The value of the miles would be the cost of buying them directly from AA, not the value of the tickets you could purchase with them.
#424
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
yeah, not going to go the route of an insurance claim...just crossing my fingers and trusting the process that AA has in place will put the miles back in my account sooner than the "up to 6 month" policy so I can quickly book a trip for my family!
#425
FlyerTalk Evangelist
Join Date: Apr 2001
Location: NYC
Posts: 27,191
FWIW, my husband just had a non-trivial amount of $ fraudulently transferred from his bank account, to pay a random person's credit card bill. Fortunately he won't have to wait as long as 6 months, I think it's max about 10 days by regulation, but it's still annoying.
I hope they resolve this for you quickly!
I hope they resolve this for you quickly!
#426
Join Date: Jun 2012
Location: CLT
Programs: Marriott Plat, AA Gold
Posts: 1,076
Ouch. So my AA account got hacked on Sunday 8/13. Got an email alerting me that miles were used to book a ticket. Didn't look right and by the time I called AA just minutes later, I found out that three trips had been booked - one of which was actively in the air. All were tickets were booked using a different credit card (not mine as I don't keep one on file ever) but wiped out my miles.
Spoke to a couple of different phone agents that day that assured me all would be OK...I was lucky to catch it so fast...blah blah. Called back on Monday per their request to talk to Customer Service and go through the process of getting a new AA number and set up a new profile. Went through the questionable PNRs again and validated everything.
Heard nothing back all last week. Called again yesterday as I was a little surprised that the miles for the two trips that were not yet flown and were still not back in my account. Was told now that their policy is that the investigation could take up to 6 months to complete and no, I could not speak to anyone to get a little more clarity.
Wanting to book a trip in a month or two for my family with the miles, but obviously now am in a holding pattern. Not sure if there is a logical next step I should take. Thoughts??
Spoke to a couple of different phone agents that day that assured me all would be OK...I was lucky to catch it so fast...blah blah. Called back on Monday per their request to talk to Customer Service and go through the process of getting a new AA number and set up a new profile. Went through the questionable PNRs again and validated everything.
Heard nothing back all last week. Called again yesterday as I was a little surprised that the miles for the two trips that were not yet flown and were still not back in my account. Was told now that their policy is that the investigation could take up to 6 months to complete and no, I could not speak to anyone to get a little more clarity.
Wanting to book a trip in a month or two for my family with the miles, but obviously now am in a holding pattern. Not sure if there is a logical next step I should take. Thoughts??
#427
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
#428
Join Date: Mar 2009
Location: LAX
Posts: 3,267
Problems with US Bank GCs
#429
FlyerTalk Evangelist
Join Date: May 2004
Location: DFW/DAL
Programs: AA Lifetime PLT, AS MVPG, HH Diamond, NCL Platinum Plus, MSC Diamond
Posts: 21,422
FWIW, my husband just had a non-trivial amount of $ fraudulently transferred from his bank account, to pay a random person's credit card bill. Fortunately he won't have to wait as long as 6 months, I think it's max about 10 days by regulation, but it's still annoying.
I hope they resolve this for you quickly!
I hope they resolve this for you quickly!
After all, the credit card company is going reverse the payment, so there is no gain there.
#430
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
The agent told you up to six months because it could theoretically take that long and it is far better to tell people that and get it done in 6-8 weeks, than the reverse.
AA will investigate and dig down to figure out who did this. Entirely possible that the actual passengers responded to ads for cheap F tickets and and by tracking them, AA can get back to the brokers who do this for a living.
On the other side of this, AA will make certain that you are not part of the fraud or that the hacking did not occur by someone with access to your account.
AA will investigate and dig down to figure out who did this. Entirely possible that the actual passengers responded to ads for cheap F tickets and and by tracking them, AA can get back to the brokers who do this for a living.
On the other side of this, AA will make certain that you are not part of the fraud or that the hacking did not occur by someone with access to your account.
#432
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
Yep, that's been essentially my whole point. I fully understand the need to properly investigate and the time involved in doing so...but AA could rethink their communication plan of attack when things like this happen to their customers. A little more empathy in what is undoubtedly a stressful situation for those who have lost their hard earned miles would go a long way. Simply quoting in a robotic manner "it can take up to 6 months and no you can't talk to anyone" certainly does not help.
If someone were to have told me personally (even reading from a script of sorts), "Hey, this is a horrible situation and we are really sorry you are experiencing this. Here at AA we take fraud very seriously and have elevated your case to our security team. While it could take several months to unravel the situation and get your miles back into your account, most cases are solved within a few weeks. The next step is typically us reaching back out to verify some additional information so be on the lookout for this request via email. In the mean time, if you have any additional questions, feel free to reach out to this email address: XXXX.
If someone were to have told me personally (even reading from a script of sorts), "Hey, this is a horrible situation and we are really sorry you are experiencing this. Here at AA we take fraud very seriously and have elevated your case to our security team. While it could take several months to unravel the situation and get your miles back into your account, most cases are solved within a few weeks. The next step is typically us reaching back out to verify some additional information so be on the lookout for this request via email. In the mean time, if you have any additional questions, feel free to reach out to this email address: XXXX.
#433
Join Date: Jul 2010
Location: SFO
Programs: AA EXP
Posts: 5,270
#435
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
In the abstract, it is "only a couple of plane tickets." But, in reality, this happens with some frequency and if it is not caught & dealt with, that is where the fraudsters go.
Years ago, what was then Bell Atlantic used to follow up on $0.05 pay phone frauds when people used tone generators to beat the then unsophisticated system. I suspect that Bell Atlantic could have cared less about any $0.05 loss, but overall it knew that if it did not crack down, the fraud would become massive.
If these tickets represented $5K in revenue forgone each, that is $15K. If that happens only 200x / year, that is $1 Million in shrinkage to AA. And 200 would be the luckiest year in AA's recent history. By far.
It is always possible that whoever did this did it for his own account and never did anything like this before and will never do it again. But, that is not reality.
Three separate tickets on separate dates screams out a ticket broker who does this regularly and a sophisticated operation which does the hacking and sells the information.
Here, AA will have CC information (likely stolen / hacked) and that is another lead.
Maybe the guy already in the air beats everybody to the destination. But, it is easy enough to flag the other two tickets and either cancel them or let them stand and see who shows up.
Years ago, what was then Bell Atlantic used to follow up on $0.05 pay phone frauds when people used tone generators to beat the then unsophisticated system. I suspect that Bell Atlantic could have cared less about any $0.05 loss, but overall it knew that if it did not crack down, the fraud would become massive.
If these tickets represented $5K in revenue forgone each, that is $15K. If that happens only 200x / year, that is $1 Million in shrinkage to AA. And 200 would be the luckiest year in AA's recent history. By far.
It is always possible that whoever did this did it for his own account and never did anything like this before and will never do it again. But, that is not reality.
Three separate tickets on separate dates screams out a ticket broker who does this regularly and a sophisticated operation which does the hacking and sells the information.
Here, AA will have CC information (likely stolen / hacked) and that is another lead.
Maybe the guy already in the air beats everybody to the destination. But, it is easy enough to flag the other two tickets and either cancel them or let them stand and see who shows up.