PSA: Check your BA accounts for fraud

Old May 18, 16, 6:26 pm
  #1  
Original Poster
 
Join Date: Aug 2012
Posts: 193
PSA: Check your BA accounts for fraud

I just posted this on reddit, but figured would echo it here as well.

Just logged on to check mine the other day and noticed a 30,000 point Avios redemption from May 12th.

I had not made any bookings nor did I receive an email about one being made. Immediately changed my password and started dialogue with BA. Turns out the points were used to book an inter-Russian flight for 2 passengers. They read me the names and said that the itinerary confirmation email was sent to another email address. Case has been moved to the audit department as fraudulent activity to hopefully get my points back.

Could be isolated, but figured I would put that out there in case you don't check all your accounts daily, especially the ones that you don't use often.
Jpr0930 is offline  
Old May 18, 16, 6:42 pm
  #2  
 
Join Date: Jul 2014
Programs: Mucci de l'Arbitrage
Posts: 918
Thanks for the warning. Seems to be a regular occurrence though.

Am surprised the system does not send you any warning at any point: assume the hacker manages to login as you. They then change the email address to theirs. Then make the booking, and get the confirmation on their new email.

I would expect that a change in personal data (in this case, email) would result in a confirmation email to your old email address from the system - prompting you to login and check what has happened.

Obviously the system does not do that - despite emailing you for loads of other reasons from booking confirmation, 'prepare to fly in 16 days', you have changed your seat request etc. Odd...
Takiteasy is offline  
Old May 18, 16, 6:47 pm
  #3  
 
Join Date: Oct 2015
Location: LON/PEK
Programs: BA Silver; LH FTL, IHG Spire; Hertz 5*
Posts: 1,531
Worth using Award Wallet for this purpose - you get a weekly digest with all your loyalty programme movements from that week, so at least you should notice fairly soon after the attack - hopefully soon enough to contact BA and get the avios refunded.
Deltus is online now  
Old May 18, 16, 6:53 pm
  #4  
 
Join Date: May 2010
Location: Global
Programs: OWS IHG Spire
Posts: 431
I would add that recently I checked my personal details and found my telephone number was now Russian..all log in info was changed immediately.
Appears to be a trend for this, from whats being reported here.
Engineering Travel is offline  
Old May 18, 16, 7:07 pm
  #5  
 
Join Date: Mar 2016
Location: Glasgow, UK
Programs: Seigneur des Tarifs Utils First Class Mucci with Honours :) - BA GGL / CCR
Posts: 1,450
Originally Posted by Jpr0930 View Post
I just posted this on reddit, but figured would echo it here as well.

Just logged on to check mine the other day and noticed a 30,000 point Avios redemption from May 12th.

I had not made any bookings nor did I receive an email about one being made. Immediately changed my password and started dialogue with BA. Turns out the points were used to book an inter-Russian flight for 2 passengers. They read me the names and said that the itinerary confirmation email was sent to another email address. Case has been moved to the audit department as fraudulent activity to hopefully get my points back.

Could be isolated, but figured I would put that out there in case you don't check all your accounts daily, especially the ones that you don't use often.

There was a post on here not long ago with the same scenario and from memory it was inter russian flights / Russia located. Seems more than one Avios account is being targeted. Although could be a coincidence
cgtechuk is offline  
Old May 18, 16, 7:21 pm
  #6  
Original Poster
 
Join Date: Aug 2012
Posts: 193
Originally Posted by Takiteasy View Post
Thanks for the warning. Seems to be a regular occurrence though.

Am surprised the system does not send you any warning at any point: assume the hacker manages to login as you. They then change the email address to theirs. Then make the booking, and get the confirmation on their new email.

I would expect that a change in personal data (in this case, email) would result in a confirmation email to your old email address from the system - prompting you to login and check what has happened.

Obviously the system does not do that - despite emailing you for loads of other reasons from booking confirmation, 'prepare to fly in 16 days', you have changed your seat request etc. Odd...
The rep actual told me that I didn't get an email because they have an option to specify an email during booking. Still, the system should alert for that too, or at least cc the default email address.
Jpr0930 is offline  
Old May 18, 16, 9:56 pm
  #7  
 
Join Date: Jan 2012
Location: HEL
Programs: anti-MaRiot SPG-P IHG-S HH-D LeClub/CC-G, BA/A3-G DL/AY-P, Octopus
Posts: 4,975
To me this sounds more like a phone agent error (intentional or not), not a normal hack. OP, did you enquire who's credit card was used?
remymartin is offline  
Old May 19, 16, 1:25 am
  #8  
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
 
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 40,626
Originally Posted by cgtechuk View Post
There was a post on here not long ago with the same scenario and from memory it was inter russian flights / Russia located. Seems more than one Avios account is being targeted. Although could be a coincidence
Correct, with a variant involving booking Russian hotels:

http://www.flyertalk.com/forum/briti...y-account.html

http://www.flyertalk.com/forum/briti...os-hacked.html

http://www.flyertalk.com/forum/briti...os-points.html

Everyone should ensure their BA.com password is unique to BA, not shared with other accounts, Apps, store cards etc, and ideally changed monthly.
corporate-wage-slave is offline  
Old May 19, 16, 3:53 am
  #9  
FlyerTalk Evangelist
 
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 36,048
Originally Posted by Engineering Travel View Post
I would add that recently I checked my personal details and found my telephone number was now Russian ...
Rather irritatingly, though, there is also a known ba.com bug which interprets many UK mobile phone numbers (+447...) as Russian numbers (+7...) and stores them accordingly. I have had to change my companion's phone number via MMB so often that I've lost count.
Globaliser is offline  
Old May 19, 16, 5:23 am
  #10  
 
Join Date: Dec 2014
Location: London
Programs: BAEC Silver, HH Diamond, Avis President's Club
Posts: 1,189
Originally Posted by Engineering Travel View Post
I would add that recently I checked my personal details and found my telephone number was now Russian..all log in info was changed immediately.
Appears to be a trend for this, from whats being reported here.
Was that definitely a fraudulent thing? Had your number changed?

I ask because there was a glitch where BA deleted the +44 dialling code so that your mobile number started with a '7', which it then registered as being a Russian number (Russian dialling code).

So:
+44 7712 345678
became
+7 712345678

If that makes sense. People complained on here that it kept happening repeatedly.
Foltan is offline  
Old May 19, 16, 6:01 am
  #11  
 
Join Date: May 2006
Location: 5 miles from EMA
Programs: BD, BAEC Pleb, VS Pleb, Accor Gold, HHonors Silver, Big White Season Pass
Posts: 5,276
Originally Posted by Deltus View Post
Worth using Award Wallet for this purpose - you get a weekly digest with all your loyalty programme movements from that week, so at least you should notice fairly soon after the attack - hopefully soon enough to contact BA and get the avios refunded.
It was Award Wallet that triggered the mass temporary suspension of accounts last year wasn't it?
Tiger_lily is offline  
Old May 19, 16, 6:15 am
  #12  
formerly rxfleming
 
Join Date: Jan 2009
Location: AUH, DXB (and GLA)
Programs: BA Gold, HHonors Diamond, Marriott Plat Elite
Posts: 2,448
Originally Posted by Tiger_lily View Post
It was Award Wallet that triggered the mass temporary suspension of accounts last year wasn't it?
Yup.

I changed all my passwords yesterday as a result of quite a few breaches of security at my end as well, including my BA account which became temporarily locked due to repeated attempts to login.

It would be great if BA would introduce 2FA (ideally, with a mobile text or phone call).
travelwithross is offline  
Old May 19, 16, 6:21 am
  #13  
 
Join Date: Oct 2003
Location: London
Posts: 3,500
Originally Posted by Tiger_lily View Post
It was Award Wallet that triggered the mass temporary suspension of accounts last year wasn't it?
No, I don't think it was. BA kept the suspected breach very close to their chest.

I would not recommend changing your password regularly if you have not been hacked.
710 77345 is offline  

Thread Tools
Search this Thread