Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > American Airlines | AAdvantage
Reload this Page >

Account fraud / breach: my account compromised, awards taken, etc.

Old Aug 22, 2015, 2:16 pm
FlyerTalk Forums Expert How-Tos and Guides
Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.

For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).

If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.

To help protect your account, be sure
  • Have a strong, protected and secure password
  • check your account periodically
  • be aware and keep track of your transactions
  • control or destroy documents such as boarding passes
  • use antivirus software- if your personal computer is hacked they can gain control of your AA account
  • Be very wary of logging into your account on public computers, like at internet cafs or the hotel business center, where keystroke loggers could be installed

If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):

Dear JDiver,

Thanks for visiting AA.com. This email confirms that your account has been updated as follows.

Your contact information has been updated, but is not included in this e-mail for the security of your account.

If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.

If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.

If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.

AA.com
American Airlines
Print Wikipost

Account fraud / breach: my account compromised, awards taken, etc.

Old Aug 25, 2017, 8:11 am
  #421  
Suspended
 
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
Originally Posted by flyalways
Just wondering if the investigations will go after the people that used the ticket ?
If this was international ticket they should have PP number and lot more
information about them, correct ?
They can and do, depending on the practicalities in each case.

And -my- information doesn't come from Google or guessing.
JonNYC is offline  
Old Aug 25, 2017, 8:17 am
  #422  
 
Join Date: Aug 2008
Location: South Park, Metropolis
Programs: AA LT PLT 3MM, Hilton/Marriott/SPG/Club Carlson GLD, IHG PLT
Posts: 4,606
Originally Posted by lobo411
Google "US Bank Mastercard gift card fraud" for another good example of fraud that would be easy to stop if the company felt like trying. In a nutshell, US Bank numbers their gift cards sequentially (1, 2, 3, 4) instead of randomly. And they use the same few numbers on every card, so hackers don't need to guess 16 numbers. Once they find a number that works, they can just proceed sequentially from there and hack lots of other cards. This has been going on for years.

It would be easy to fix this by randomizing the numbers, but they haven't done it. That would be work.

PS--Never buy US Bank gift cards! ;-)

Interesting, never knew of this, thanks for the tip, will check this out latter.
arollins is offline  
Old Aug 25, 2017, 9:17 am
  #423  
 
Join Date: Dec 2007
Location: ABE
Programs: AA G, UA, HH G
Posts: 141
Originally Posted by VibeGuy
If we are talking enough miles for multiple round trips in F, consider going one step further and file this as a homeowners insurance claim. In some jurisdictions the miles could be considered personal property held outside the home. The value of the miles would be the cost of buying them directly from AA, not the value of the tickets you could purchase with them.
I don't claim to speak for every carrier or policy, but I would caution the OP to run any potential HO claim through his agent first. Off-premises PP coverage often requires the property to be tangible, something that you can physically return to your residence premises. Additionally, any coverage for digital monies/accounts/securities is usually very narrowly defined in the policy and covered only up to a certain sublimit (~$250-1000 max) after deductible.
isabeloh is offline  
Old Aug 25, 2017, 12:17 pm
  #424  
 
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
yeah, not going to go the route of an insurance claim...just crossing my fingers and trusting the process that AA has in place will put the miles back in my account sooner than the "up to 6 month" policy so I can quickly book a trip for my family!
arizonawildcat is offline  
Old Aug 25, 2017, 2:49 pm
  #425  
FlyerTalk Evangelist
 
Join Date: Apr 2001
Location: NYC
Posts: 27,191
FWIW, my husband just had a non-trivial amount of $ fraudulently transferred from his bank account, to pay a random person's credit card bill. Fortunately he won't have to wait as long as 6 months, I think it's max about 10 days by regulation, but it's still annoying.

I hope they resolve this for you quickly!
ijgordon is offline  
Old Aug 25, 2017, 3:13 pm
  #426  
 
Join Date: Jun 2012
Location: CLT
Programs: Marriott Plat, AA Gold
Posts: 1,076
Originally Posted by arizonawildcat
Ouch. So my AA account got hacked on Sunday 8/13. Got an email alerting me that miles were used to book a ticket. Didn't look right and by the time I called AA just minutes later, I found out that three trips had been booked - one of which was actively in the air. All were tickets were booked using a different credit card (not mine as I don't keep one on file ever) but wiped out my miles.

Spoke to a couple of different phone agents that day that assured me all would be OK...I was lucky to catch it so fast...blah blah. Called back on Monday per their request to talk to Customer Service and go through the process of getting a new AA number and set up a new profile. Went through the questionable PNRs again and validated everything.

Heard nothing back all last week. Called again yesterday as I was a little surprised that the miles for the two trips that were not yet flown and were still not back in my account. Was told now that their policy is that the investigation could take up to 6 months to complete and no, I could not speak to anyone to get a little more clarity.

Wanting to book a trip in a month or two for my family with the miles, but obviously now am in a holding pattern. Not sure if there is a logical next step I should take. Thoughts??
Not that it would necessarily help you, but if one was actually in the air couldn't they confront the culprit upon landing?
GoPhils is offline  
Old Aug 25, 2017, 5:18 pm
  #427  
 
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
Originally Posted by GoPhils
Not that it would necessarily help you, but if one was actually in the air couldn't they confront the culprit upon landing?
You would think.
arizonawildcat is offline  
Old Aug 25, 2017, 7:04 pm
  #428  
 
Join Date: Mar 2009
Location: LAX
Posts: 3,267
Originally Posted by arollins
Interesting, never knew of this, thanks for the tip, will check this out latter.
No problem...there's a thread about it in another forum, which is where I learned about it. Here's a link:

Problems with US Bank GCs
lobo411 is offline  
Old Aug 25, 2017, 7:18 pm
  #429  
FlyerTalk Evangelist
 
Join Date: May 2004
Location: DFW/DAL
Programs: AA Lifetime PLT, AS MVPG, HH Diamond, NCL Platinum Plus, MSC Diamond
Posts: 21,422
Originally Posted by ijgordon
FWIW, my husband just had a non-trivial amount of $ fraudulently transferred from his bank account, to pay a random person's credit card bill. Fortunately he won't have to wait as long as 6 months, I think it's max about 10 days by regulation, but it's still annoying.

I hope they resolve this for you quickly!
That sounds like someone entered the wrong account number or something.
After all, the credit card company is going reverse the payment, so there is no gain there.
mvoight is offline  
Old Aug 25, 2017, 7:31 pm
  #430  
Suspended
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
The agent told you up to six months because it could theoretically take that long and it is far better to tell people that and get it done in 6-8 weeks, than the reverse.

AA will investigate and dig down to figure out who did this. Entirely possible that the actual passengers responded to ads for cheap F tickets and and by tracking them, AA can get back to the brokers who do this for a living.

On the other side of this, AA will make certain that you are not part of the fraud or that the hacking did not occur by someone with access to your account.
Loren Pechtel likes this.
Often1 is offline  
Old Aug 25, 2017, 7:34 pm
  #431  
Suspended
 
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
The agent never should have said it can take up to 6 months.
JonNYC is offline  
Old Aug 26, 2017, 7:40 am
  #432  
 
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
Originally Posted by JonNYC
The agent never should have said it can take up to 6 months.
Yep, that's been essentially my whole point. I fully understand the need to properly investigate and the time involved in doing so...but AA could rethink their communication plan of attack when things like this happen to their customers. A little more empathy in what is undoubtedly a stressful situation for those who have lost their hard earned miles would go a long way. Simply quoting in a robotic manner "it can take up to 6 months and no you can't talk to anyone" certainly does not help.

If someone were to have told me personally (even reading from a script of sorts), "Hey, this is a horrible situation and we are really sorry you are experiencing this. Here at AA we take fraud very seriously and have elevated your case to our security team. While it could take several months to unravel the situation and get your miles back into your account, most cases are solved within a few weeks. The next step is typically us reaching back out to verify some additional information so be on the lookout for this request via email. In the mean time, if you have any additional questions, feel free to reach out to this email address: XXXX.
arizonawildcat is offline  
Old Aug 26, 2017, 8:30 am
  #433  
 
Join Date: Jul 2010
Location: SFO
Programs: AA EXP
Posts: 5,270
Originally Posted by GoPhils
Not that it would necessarily help you, but if one was actually in the air couldn't they confront the culprit upon landing?
Originally Posted by arizonawildcat
You would think.
If you asked the authorities to mobilize tens of thousands of dollars in resources for a couple stolen plane tickets, I suspect the reaction would be something like

rjw242 is offline  
Old Aug 26, 2017, 8:42 am
  #434  
 
Join Date: Feb 2008
Location: STL
Programs: MR Plat Premier, IHG Spire, Hilton Diamond, Southwest CP
Posts: 623
Haha...well, that's just like your opinion man.
arizonawildcat is offline  
Old Aug 26, 2017, 9:07 am
  #435  
Suspended
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
In the abstract, it is "only a couple of plane tickets." But, in reality, this happens with some frequency and if it is not caught & dealt with, that is where the fraudsters go.

Years ago, what was then Bell Atlantic used to follow up on $0.05 pay phone frauds when people used tone generators to beat the then unsophisticated system. I suspect that Bell Atlantic could have cared less about any $0.05 loss, but overall it knew that if it did not crack down, the fraud would become massive.

If these tickets represented $5K in revenue forgone each, that is $15K. If that happens only 200x / year, that is $1 Million in shrinkage to AA. And 200 would be the luckiest year in AA's recent history. By far.

It is always possible that whoever did this did it for his own account and never did anything like this before and will never do it again. But, that is not reality.

Three separate tickets on separate dates screams out a ticket broker who does this regularly and a sophisticated operation which does the hacking and sells the information.

Here, AA will have CC information (likely stolen / hacked) and that is another lead.

Maybe the guy already in the air beats everybody to the destination. But, it is easy enough to flag the other two tickets and either cancel them or let them stand and see who shows up.
Often1 is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.