PSA: Check your BA accounts for fraud
 

I just posted this on reddit, but figured would echo it here as well.

Just logged on to check mine the other day and noticed a 30,000 point Avios redemption from May 12th.

I had not made any bookings nor did I receive an email about one being made. Immediately changed my password and started dialogue with BA. Turns out the points were used to book an inter-Russian flight for 2 passengers. They read me the names and said that the itinerary confirmation email was sent to another email address. Case has been moved to the audit department as fraudulent activity to hopefully get my points back.

Could be isolated, but figured I would put that out there in case you don't check all your accounts daily, especially the ones that you don't use often.

Thanks for the warning. Seems to be a regular occurrence though.

Am surprised the system does not send you any warning at any point: assume the hacker manages to login as you. They then change the email address to theirs. Then make the booking, and get the confirmation on their new email.

I would expect that a change in personal data (in this case, email) would result in a confirmation email to your old email address from the system - prompting you to login and check what has happened.

Obviously the system does not do that - despite emailing you for loads of other reasons from booking confirmation, 'prepare to fly in 16 days', you have changed your seat request etc. Odd...

Worth using Award Wallet for this purpose - you get a weekly digest with all your loyalty programme movements from that week, so at least you should notice fairly soon after the attack - hopefully soon enough to contact BA and get the avios refunded.

I would add that recently I checked my personal details and found my telephone number was now Russian..all log in info was changed immediately.
Appears to be a trend for this, from whats being reported here.

There was a post on here not long ago with the same scenario and from memory it was inter russian flights / Russia located. Seems more than one Avios account is being targeted. Although could be a coincidence

The rep actual told me that I didn't get an email because they have an option to specify an email during booking. Still, the system should alert for that too, or at least cc the default email address.

To me this sounds more like a phone agent error (intentional or not), not a normal hack. OP, did you enquire who's credit card was used?

Correct, with a variant involving booking Russian hotels:

http://www.flyertalk.com/forum/briti...y-account.html

http://www.flyertalk.com/forum/briti...os-hacked.html

http://www.flyertalk.com/forum/briti...os-points.html

Everyone should ensure their BA.com password is unique to BA, not shared with other accounts, Apps, store cards etc, and ideally changed monthly.

Rather irritatingly, though, there is also a known ba.com bug which interprets many UK mobile phone numbers (+447...) as Russian numbers (+7...) and stores them accordingly. I have had to change my companion's phone number via MMB so often that I've lost count.

Was that definitely a fraudulent thing? Had your number changed?

I ask because there was a glitch where BA deleted the +44 dialling code so that your mobile number started with a '7', which it then registered as being a Russian number (Russian dialling code).

So:
+44 7712 345678
became
+7 712345678

If that makes sense. People complained on here that it kept happening repeatedly.

It was Award Wallet that triggered the mass temporary suspension of accounts last year wasn't it?

Yup.

I changed all my passwords yesterday as a result of quite a few breaches of security at my end as well, including my BA account which became temporarily locked due to repeated attempts to login.

It would be great if BA would introduce 2FA (ideally, with a mobile text or phone call).

No, I don't think it was. BA kept the suspected breach very close to their chest.

I would not recommend changing your password regularly if you have not been hacked.