Kacee

There is no such thing as the "Interstate Commerce Clause." There is a "Commerce Clause," but that simply gives Congress power to act in matters that affect interstate commerce.

FBI jurisdiction would be premised on specific statutory authority, including criminal wire fraud (18 U.S.C. § 1343) and the federal computer fraud and abuse statute (18 U.S.C. § 1030).

UA Insider

Hi everyone,

As WineCountryUA alluded to above, if you feel there has been fraudulent activity in your MileagePlus Account, I recommend you contact the MileagePlus Service Center for assistance.

To the OP (shengwan): I have sent you a private message about the activity in your account; please check the Your Notifications box on the top-right portion of the page to view the message and respond to us directly.

-UA Insider

Passmethesickbag

^^^ Aaron! We all understand that there are big problems that UA Insider is not empowered to fix, but it's most reassuring to know that you are doing your best to assist in cases like this.

dank0014

^woo hoo. Thanks Aaron for jumping in!

bruceba

Good luck with that. Still miss Scott

zabes64

Surprised no one had mentioned the other obvious possibility; UA IT debiting the wrong account. We've seen people able to change other people's itineraries when they were trying to change their own. OP obviously spoke to a CO agent who believes their systems always work right.

RaflW

Hmm. I just bought a next-day ticket for a relative to fly to a funeral using DL SkyMiles. Now, he doesn't have a computer, so I had his receipt e-mailed to me, but I manually entered that address. I did not get any other correspondence from SkyMiles that the 25K miles were debited. That will show on my next statement, and when I log in to DL's site, the new balance was updated ASAP.

But if UA functions similarly, then I'm not sure the OP would get an immediate e-mail that a transaction occurred.

(I've been lurking the UA threads here recently because I just status-matched to UA and am curious about what I may be in for if I stick with UA).

wwu123

I tend to agree with others who guess that the person traveling was not aware of the fraud; assuming that airport security is still worth something, then they were traveling under their real identity. If so, islands with very limited escape routes are not the best place to hide or hang out after committing fraud with your real identity captured at multiple points along the way. Hackers would probably make real dollars off the hacked account rather than traveling in their own name; come to think of it a few years back my wife called a shady website advertising much better pricing on int'l business class tickets, seemed a little odd down the to gruff "Eastern European" agent as if from a movie..

If the person traveled under another identity to the U.S., the feds would want to know why - wasn't a one-way ticket esp considered suspicious by itself a few years back? If the person traveled under their own identity with internet hacking and maybe credit card fraud committed by someone else to come to the U.S., wouldn't the feds similarly want to know why? But the tough part seems to be being able to get in front of a federal agent and explaining it in the context they'd care about it.

5khours

1. Thanks Aaron for helping the OP.

2. Pax probably got the tix through the Internet so unlikely the perp will be caught unless the NSA helps out.

3. Everyone needs to avoid disclosing their MP number. If crooks know an MP account number, with a 4 digit PIN, crooks will eventually find and crack an account with sufficient miles to book an award. A lot of times a credit card will be on file as well so they could actually book paid tickets.

4. UA needs to beef up their security. IMHO because of the very poor security, UA should clearly take responsibility for this type of fraud.

5. The Feds and police should definitely prosecute these types of crimes vigorously. Individually the losses are small, but in aggregate it's a huge problem. A few 10 year jail sentences and well publicized prosecutions would definitely help alleviate this problem. UA should use their political weight to get the Feds to track this down. People do this crap because they know they can get away with it scott free 99.99% of the time.

shengwan

Hi UAInsider,

I have contacted MPSC again and replied to your PM, I can provide more details if needed, Thanks for looking into this.

Everyone, I will update if there are more information on my case. Thanks FTers.

katstarr

Shengwan - I am the author of Will Run For Miles - I was also hacked - I'm assuming it was either on my trip to dubai in january or in Japan in february (which transited through TPE and PEK) the blog post that you linked above is my experience. I guess I was lucky that UA Security noticed the breach before I did - because then I didn't have to go through the level of reps who knew nothing or cast blame. The corporate security people at UA were professional and helpful. Please contact me if you have any questions. perhaps my experience will help you.

shengwan

Just for an update.
I have tried to file reports with Boston PD and FBI in Boston. Let along if they will do anything, they refused to hear my case. BPD A-1 District told me to goto Postal Inspector and person at reception keep telling me "I don't want to hear any of these." As suggested by follower FTers, I went to FBI but only to find out they won't look into this either. FBI told me to file a complaint with IC3.GOV. If there are large numbers of people who report similar incidents, then they will start an investigation. Even though FBI website suggested they take walk appointment http://www.fbi.gov/boston/contact-us/contact, I was refused for an walk in appointment and told they no longer take walk-in appointment.

On 5/28, United Fraud department contacted me and instructed remove the fraudulent email, phone number, and address from my account. I didn't know they were in my account so I had to change my pin again. I have to thanks UA insider and Janet from United Fraud department who was really professional and helpful to reset my account and reinstate the miles taken.^

I also thank for FTers suggestions and especially WillRunForMiles for sharing her case.

At the end, I hope IC3 will do something find those hackers and if anyone have any similar experience please report IC3 to motivate law enforcement.

aacharya

A good outcome - but I thought many of us postulated about the fake e-mail/etc already?

shengwan

I had to click view my address to see all of the addresses in my account, click view my emails and phone numbers etc to delete them all. Phone number was a boston number, address is in Utah, email is my last name + number @gmail.com. Ticket was issued from an IP from Micronesia. It is shame law enforcement don't want to hear any of these information.

GimmeLegRoom

I do feel for you. Mr GLR had his Ipad and Macbook stolen, and since he locked everything down to display his phone number, he then got a phishy text asking for his logon info from a fake "Apple Store employee" with a link to a fake (but authentic looking) page. Neither Apple nor the local PD really gave a crap. I told him he should incessantly call that number from an untraceable phone as payback, but in the end it won't get his stuff back.