Schultzois

So… I’m wondering if anyone has has something like this happen. If so, please feel free to redirect to an appropriate thread.

I had a cancellation (or actually possibly two) on a single one-way in First from Europe to the USA.

Has been in my queue of things to do.

I get this call from someone saying they are from BA to handle compensation for a cancelation/delay as result of cancelation.

Something feels a bit off, but I go with them as they had things like record locators, etc. But the numbers are off until I mention what the usual compensation figures are (EUR600 equivalent in this case) though I hadn’t gotten into the nitty gritty of extra hotel and transport costs.

Anyway, they can’t handle reimbursement to the card used for initial payment, also fail to handle another card, and then say then can handle a third one.

The bank for which, in turn, sends me a transaction alert for a charge (not a credit) different from any of the amounts previously discussed. There were also all kinds of Western Union/MoneyGram/something else accounts being opened with my data. So I shut down that card, call my other bank whose information I’d passed onto the “so-called BA” person, and feel a bit stupid about the whole thing.

But I’m wondering, has anyone else here had this happen in cases of cancelations? They had a lot of data from either my PNR or my Exec Club profile, which is part of what let my guard down. I feel almost sure that it was a fishing expedition from someone who had enough to try to get financial and identity details from me. And I wish I had been thoughtful enough to stop it.

Finally, what is the proper method for claiming cancelation/delay compensation and incidental reimbursements such as hotel and taxi?

I was momentarily delighted that BA seemed to be reaching out to me, but in fact it just seems like someone managed to get enough data from BA in order to trick me into giving more.

crazy8534

Oh dear, that sounds like a very concerning experience. As you suggest, certainly a scam/fraud. You should cancel any cards that you might have given them information about and, as you have done already, inform your bank. You could imagine a very sophisticated operation that would know to target the sort of customers who are buying one way F fares. Could you have been subject to any kind of personal data breach/ identity details being stolen somehow?

Outside of an airport or onboard setting I have never been offered any compensation or expenses by BA proactively (and in an airport it has only ever extended to a hotel booking, even a taxi fare I was told to claim back later, onboard it would be some avios for a service deficiency via the IFM/iPad) and have always had to call or claim online via the contact us/complaint portal.

The really concerning bit for me is how they accessed all your BA details. Did they go through usual security with you? I guess that could be easily faked on their side anyway.

Best wishes that you don’t have any ongoing problems related to this.

Schultzois

Cards in question cancelled and thankfully I didn’t get to the point of offering up bank details (!) which would have been some of the normal protocol for a BA refund.

I’m just still trying to work out where the got so much on me… they had at least part of the booking reference (though I didn’t let him finish reading it to me and recognized it was mine). Also had last digits of my booking card number. And at least most of my mailing address, which I completed in full for him (stupid but I thought he was being helpful at that point).

Rather certain I didn’t give any super sensitive information like Social Security Numbers or, as I mentioned, definitely not bank details. I’m also in LifeLock so if anyone really tries something sketchy (like new accounts, etc.) that should get flagged.

But it’s an added headache after an already less than ideal trip. I’m trying to focus on an ill mother and this comes up.

And to add… there have been so many cancellations that the number of targets for something like this must be substantial. And so many of us are just trying to live our lives and would like to think that it was someone from BA helping!

DaveS

There is another thread discussing something similar. People have been receiving SMS from a claims company offering to get compensation for delayed flights. Apparently there is a BA investigation into where the leak of data is.

Who sold my data to a flight delay claims handler?

Have a read of that thread and report to BA. It may be the same leak.

Schultzois

Thank you I will take a look… though this was actually an inbound phone call not SMS - and I think from an area code close to my BAEC address, so all the more reason I thought “maybe it’s legit”

Lefly

I don't think BA have ever proactively called someone about compensation for cancellations/delays...
The "usual" procedure is to use the specific form on the website, I think there is also some field to add incidentals but I've never had to use that part so I'm not sure.

DaveS

If someone is prepared to steal the data from BA then I don't suppose they would be too choosy about who they sell it to. Phone numbers can be very easily spoofed, you could see the call coming from a legitimate BA number.

Schultzois

Point well taken.

I guess this is also a good time to change my BAEC login…

DaveS

I don't think there is any reason to believe login credentials have been compromised. You should urgently contact the DPO email mentioned in the thread I linked to earlier as this looks quite serious.

Knodde

Isn't all of that on the e-mail conformation you receive? Could be that you e-mail account have been hacked? So maybe change password for that, and other accounts if you use the same or similar passwords?

Jon MilnerMatthews

Very definitely a vishing attack. There has clearly been a data breach so needs reporting to BA’s DPO, but the breach could equally have been from your emails so make sure you change passwords to your mail accounts as well. All of the information they had sounds like it could have come from emails sent to you by BA not necessarily from BA’s internal systems so it could have been you rather than BA that was hacked.

I know this is a little locking the stable door, but never proactively provide personal information in a case such as this, get them to confirm the information to you from their records. I had an attempted vishing attack trying to get me to provide details for them to handle compensation for a car accident. I already knew it was dodgy so asked them to confirm if they got the details from Churchill, my insurers, and that this was the accident in Hull. When they did, I informed them that I wasn’t insured by Churchill and had never been to Hull at which point the line suddenly went dead…

corporate-wage-slave

Yes, just to confirm this is not BA's way of working on multiple levels. BA rarely make outbound calls, but if they do they will be OK with you calling back on a published, known number. Their security questions follow a particular format and increasingly any credit card data goes via an automation process. Compensation is Customer Relations, not Sales, Sales do handle refunds but that is always back to the original source of payment. I had a distressed text message from my daughter this morning, I must admit that I had forgotten I have a daughter, but in any case I thought it odd she referred to me as Mum. Your call seems unfortunately rather more sophisticated.

r22r44bell47

Worth stressing “rarely “ as CS do sometimes follow up on complaints with a personal call. I had this back in June following a whinge about crew attitude to lighting remaining on for the whole eastbound TA flight. It was a Birmingham number that I didn’t recognise and let go to voicemail. Turned out to be CS apologising, saying they were following up on the issue with crew attitude and that I’d receive the usual 10k Avios. By the time I’d played the message back the Avios were in my account.

AJNEDC

They can't handle the refund to card used to make the purchase is the dead give away. You should have stopped right there as it is a card network rule that refunds should be processed to the original FOP. Of course there could be exceptional circumstances where you the customer explain an issue, but outside of this, the merchant must refund to the original FOP.

Schultzois

It’s a good point - record locator and flight info, yes. And also I think last 4 of credit card used. Address and telephone I don’t think so, but with record locator I’m honestly not positive what you can pull out of MMB. Possibly all the rest. Certainly contact info, which is what they needed to call me.

I had a “strange” occurrence with my email just prior to the trip. Apple shut off access to my iCloud email for around 12 hours… I suspected maybe I had been hacked but when I phoned in Apple said it was a rare “maintenance” issue - but somehow that hadn’t thought about telling their customer that their emails wouldn’t be accessible for 12 hours… Call me skeptical but I wouldn’t rule out that there might have been a data compromise on the side of me email and Apple just didn’t want to own up to it.

I changed all my email login credentials various times whilst trying to figure out why I wasn’t receiving emails. This was just a couple weeks ago, but maybe I’ll do just once more to be sure.

Thanks to all for the various responses and clarifications as to how BA normally works with these matters. As I mentioned in my first post about this, something did seem “off” but I had so much going on that I just optimistically thought BA was taking a proactive step here. But the mode of compensation and the problems with credit cards really ought to have been enough for me to say “Sorry, I can’t do this right now. I make a claim online or ring up. Bye.”