Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA Account Hacked / Reports of Fraudulent Award Travel Redemption

UA Account Hacked / Reports of Fraudulent Award Travel Redemption

    Hide Wikipost
Old Sep 8, 18, 6:59 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: WineCountryUA
Wiki Link
This thread to follow reports of MP accounts that actually have been hacked / improperly accessed. If you have missing miles and beleive you have been hacked, contact [email protected]

In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.

A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
Print Wikipost

Old May 27, 14, 2:03 pm
  #121  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Gold 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Gold
Posts: 47,242
Originally Posted by shengwan View Post
No, I was hoping to get suggestions or at least a phone number from UA fraud department. I was wondering if a police report would help my case anyway (in UA's view).
Absolute contact the UA fraud department. To do this initially call the standard UA numbers or MileagePlus Service Center -- explain the situation and ask specifically for the Fraud Desk. Today!

And file a police report but I suspect the response for the police will underwhelm you. They have bigger issues (small dollar, non-violent crime -- but there is likely a computer crime department).
WineCountryUA is offline  
Old May 27, 14, 2:22 pm
  #122  
 
Join Date: Nov 2010
Location: NYC
Programs: AA EXP, COdbaUA 1K, Hyatt Plt, Hilton GLD, SPG Plat50, Marriott Gld, Hertz PC, NEXUS/GE
Posts: 2,872
Originally Posted by FlyingNut724 View Post
That could have been stolen as well. At some point, this turns into a flying public security issue....
No, it doesn't. The passenger, whoever they were, underwent the same screening as everyone else on this flight.

Checking IDs against boarding passes is there to protect revenue for the airlines (by keeping you from easily reselling your nonrefundable tickets to someone else).
FlyerChrisK is offline  
Old May 27, 14, 2:25 pm
  #123  
 
Join Date: Dec 2009
Location: COS
Programs: UA Plat/1.5MM, SPG P100, Marriott LTP(P, coming to you in Jan '19), Hertz Prez, CBP GE, et al
Posts: 1,816
I don't follow the agent's logic here? If he/she feels this person must be so close to you, then why not identify them to you?? It's your account and should be able to verify the details of any transaction against it.

Has this moron never heard of keystroke loggers? And how many of us have found ourselves, at one time or another, needing to use a public use computer for which we have no control over the security measures taken (or not) to check or change something with an itinerary? Just truly absurd. I acknowledge the paradox here, but one truly hopes that karma visits a digital compromise on this individual resulting in irrevocable loss and suffering.
CCIE_Flyer is offline  
Old May 27, 14, 2:34 pm
  #124  
A FlyerTalk Posting Legend
 
Join Date: Apr 2013
Location: SFO
Programs: UA 1K 1MM; AS MVPG75K; Marriott Titanium; Hilton Diamond (Aspire); Hyatt Refugeeist
Posts: 40,846
Originally Posted by CCIE_Flyer View Post
I don't follow the agent's logic here? If he/she feels this person must be so close to you, then why not identify them to you?? It's your account and should be able to verify the details of any transaction against it.

Has this moron never heard of keystroke loggers? And how many of us have found ourselves, at one time or another, needing to use a public use computer for which we have no control over the security measures taken (or not) to check or change something with an itinerary? Just truly absurd. I acknowledge the paradox here, but one truly hopes that karma visits a digital compromise on this individual resulting in irrevocable loss and suffering.
This is the same reaction that customers initially got when they reported unauthorized cancellations of their CA itineraries - UA customer service refused to believe the activity was unauthorized and refused to do anything. It is to me a horrible indictment of UA's customer service that when presented with an instance of unauthorized account activity, their consistent first reaction is to blame the customer.

By contrast, I recently had unauthorized activity in my Amazon account. I called, and they GOT IT immediately. I could not be more satisfied with how quickly and effectively Amazon responded.
Kacee is offline  
Old May 27, 14, 2:39 pm
  #125  
Marriott Contributor Badge
 
Join Date: Jan 2009
Location: BTR
Programs: AA PlatPro 2.3MM; Marriott LT Plat; Hilton Gold; Vistana 5-Star Elite; National Car Exec Elite
Posts: 6,090
Originally Posted by Kacee View Post
This is the same reaction that customers initially got when they reported unauthorized cancellations of their CA itineraries - UA customer service refused to believe the activity was unauthorized and refused to do anything. It is to me a horrible indictment of UA's customer service that when presented with an instance of unauthorized account activity, their consistent first reaction is to blame the customer.
I thought the same thing. It appears to be systemic and if not part of their training it is at least in their mind what they believe their supervisor would approve.
controller1 is offline  
Old May 27, 14, 2:44 pm
  #126  
 
Join Date: Aug 2004
Location: San Juan Capistrano, CA
Programs: UA Premier Gold (1MM), AS MVP
Posts: 988
To the OP, sorry to hear it happened. Of course I would go after it, afterall, you are out the miles, which I imagine for even a relatively (?) short flight, at standard award level, is not small change. I would not put up with the implication that you did it. I have been accused of cancelling a reservation (I forget all the circumstances exactly) online by UA in the last year, and their only point to stand on was that if it was "cancelled online", by their logic it MUST have been done by me. For all the reasons mentioned above, that is faulty logic.
GimmeLegRoom is offline  
Old May 27, 14, 2:54 pm
  #127  
 
Join Date: Mar 2001
Location: IAH
Programs: UA 1K/*G
Posts: 2,397
Originally Posted by AlreadyThere View Post
Doesn't really matter, he or she will know very well from whom s/he got the ticket. His or her credit card is "on the line", and since the trip was international, there can't be an identity fraud issue.
I highly doubt that the card belongs to the traveler or that the source of the ticket (e.g., a broker) is going to result in any information.

Could UA allege fraud and charge the full fare to that card?
When, under any circumstance, has a company been able to charge arbitrary amounts to customer credit cards?
dbaker is offline  
Old May 27, 14, 2:54 pm
  #128  
 
Join Date: May 2009
Location: Washington, DC
Programs: UA 1K, AA, DL, LH, VX, HA
Posts: 5,573
Originally Posted by GimmeLegRoom View Post
which I imagine for even a relatively (?) short flight, at standard award level, is not small change
60k miles one way.

Depart:
15:27
Fri., Jun. 6, 2014
Kosrae, Federated State of Micronesia (KSA)

Arrive:
02:50
Fri., Jun. 6, 2014
Honolulu, HI (HNL)
Flight Time:
8 hr 23 mn

Travel Time:
8 hr 23 mn
Flight: UA155
Aircraft: Boeing 737-800
Meal: Dinner
No Special Meal Offered.
See On-Time Performance
View Seats

2 Stops. Time on the ground in Kwajalein, Marshall Islands (KWA) is 39 minutes. Time on the ground in Majuro, Marshall Islands (MAJ) is 48 minutes.
drewguy is offline  
Old May 27, 14, 2:56 pm
  #129  
 
Join Date: Mar 2001
Location: IAH
Programs: UA 1K/*G
Posts: 2,397
Originally Posted by FlyingNut724 View Post
Yes contact you police department and file a report. They then should be able to get the information from UA as to who actually booked the ticket.
Have you ever actually filed a police report? The notion of the local cops pursuing a frequent flier mileage scheme reminds me of this. How would they compel information from UA, anyway? Get the DA's office involved and start issuing subpoenas?
dbaker is offline  
Old May 27, 14, 2:59 pm
  #130  
 
Join Date: Jan 2014
Location: NYC
Programs: UA 1K, GE/Nexus, Marriott Gold
Posts: 266
OP, IMHO, the jurisdiction here belongs to the FBI. (You are also likely to get more traction from them than from the local police department.) Internet Crime Complaint Center (IC3) has a site for such complaints at:

http://www.ic3.gov/complaint/default.aspx

Also, I would call and tell UA that you are reporting this to the FBI; their reaction is likely to be somewhat less dismissive, especially if you escalate.

Also, changing your current PIN, email address and CC - basically everything associated with you UA account - is probably an excellent idea.

Finally, if you know a local journalist...
nikolastojsin is offline  
Old May 27, 14, 3:10 pm
  #131  
 
Join Date: Oct 2009
Location: SNA
Programs: UA Plat, Global Entry, Avis President's Club
Posts: 253
I think that the logic in filing a police report is that it will hopefully convey to the Fraud Department at UA that this is in fact a real problem, and not a situation as originally claimed by the customer service agent that someone close to the OP took the trip.

By filing the police report and then providing that report number to UA, the OP is telling UA that this is a serious matter (to the OP) and that they would like UA to also take it seriously.

I don't believe that anyone here actually believes that any police department in any jurisdiction would take this single case on its own seriously and actually do anything. But it might help the OP in making the case to UA that this is for real and not some sort of goof on the OP's part (or anyone close to him/her).
sakaike is offline  
Old May 27, 14, 3:11 pm
  #132  
 
Join Date: Apr 2013
Location: NYC/WAS
Programs: UA GS, AA EXP, DL '90s PM, now FK (Flying Kettle)
Posts: 503
Originally Posted by dbaker View Post
I highly doubt that the card belongs to the traveler or that the source of the ticket (e.g., a broker) is going to result in any information.
And the use of a third-party credit card (MP account in one name, flyer another name, credit card third name, conf e-mail not sent to address currently on account) somehow fails to indicate fraud?
AlreadyThere is offline  
Old May 27, 14, 3:29 pm
  #133  
 
Join Date: Mar 2012
Location: Navajo Nation, Northern Arizona
Programs: ex-Con *Gold (earned)
Posts: 8,879
Originally Posted by nikolastojsin View Post
OP, IMHO, the jurisdiction here belongs to the FBI.
My thought as well, especially since this involves an International flight. But even if it were Interstate domestic, I would assume the Interstate Commerce clause would give jurisdiction to the G Men.
kale73 is offline  
Old May 27, 14, 3:40 pm
  #134  
FlyerTalk Evangelist
 
Join Date: Nov 1999
Posts: 22,377
Originally Posted by shengwan View Post
Possibly.
doesnt make a difference, they can out who did the booking but are Responsible. They can always go after whomever sold it or stole it for them (if it wasnt sold)
craz is offline  
Old May 27, 14, 3:47 pm
  #135  
 
Join Date: Mar 2013
Posts: 42
Just changed my password and pin, I should probably do the same with my AA and Alaska account. Thanks for the advice.
shengwan is offline  

Thread Tools
Search this Thread