Avios stolen – contacting BA?

[neilhd]

Hey all,

Logged into my exec club account yesterday, and discovered that approx 200,000 Avios have been stolen a month ago. Another person had been added to my household account, and they were transferred out to them as a redemption contribution. I didn’t see any emails advising either of these things happening.

Trying to get hold of BA on the phone is impossible – it doesn’t even let me hold. I have messaged them on Twitter, but 24hrs later, no response.

Anyone got any suggestions for contacting them?

Many thanks!

[NorthernLass]

Presumably you changed your log in details as soon as you became aware? I would suggest even changing your email address in case that’s how this started – something similar happened to me last year. Get as many details of the new “member” as are on the system in case they suddenly disappear.
It’s going to take a while to sort out but your options are to call BA (I know!), write to them on or try Twitter/chat who might at least point you in the right direction. There are also online forms for contacting BA but I have no idea how long they take to respond.

Good luck!

[neilhd]

Thanks, I changed the email address immediately. I’ve got the Name and Number of the “new” member.

[NorthernLass]

Have they used the avios to make a booking or transferred them out somewhere else?

[neilhd]

All I can see is “Household Redemption: Contribution sent”

I can’t tell if it was for a booking or not.

[NorthernLass]

That’s odd – I have exactly that message for the recent refunds when BA refunded the FTVs, but obviously that’s avios coming into my account, not leaving. It’s the first time I’ve seen that.
I’m guessing you can’t get into the fake member’s account to see what the transaction shows as at their end?

[Rui N.]

That’s likely a redemption in the new account. Since the IT restructuring, in HH bookings the avios come out all of the account making the booking and then there are the adjustments to make things even.

[neilhd]

NorthernLass wrote:

That’s odd – I have exactly that message for the recent refunds when BA refunded the FTVs, but obviously that’s avios coming into my account, not leaving. It’s the first time I’ve seen that.
I’m guessing you can’t get into the fake member’s account to see what the transaction shows as at their end?

I did have a try, just incase it was using my password, but no.

Rui N. wrote:

That’s likely a redemption in the new account. Since the IT restructuring, in HH bookings the avios come out all of the account making the booking and then there are the adjustments to make things even.

That seems to be the case, yeah. I can see adjustments on my wife/son’s accounts too. Have changed all their passwords/emails as well.

[NorthernLass]

Possibly not related but last year my email was hacked – we know this as my OH is quite IT savvy and could see what had happened and when once I realised. The weirdest thing was that the only thing the hackers had done was to remove completely any reference to a number of BA and other holiday bookings I had. I have no idea what they were hoping to achieve by doing this – maybe try to get there before me and check in pretending to be me?! It wasn’t too difficult to retrieve them via ba.com and other contacts, thankfully. We’ve still to take those trips so we’ll see if another family tries to check in for them!!

[DaveB]

I had my Avios stolen pre pandemic. The process was quite straightforward though I did have to call the executive club. They froze the account for around 8 weeks and the fraud team did an investigation, after that the avios were returned. At the same time my email address was bombed with thousands of emails that attempted to hide the avios transactions.

Dave

[neilhd]

DaveB wrote:

I had my Avios stolen pre pandemic. The process was quite straightforward though I did have to call the executive club. They froze the account for around 8 weeks and the fraud team did an investigation, after that the avios were returned. At the same time my email address was bombed with thousands of emails that attempted to hide the avios transactions.

Dave

Interesting – I had noticed a significant uptick in spam emails.

Still haven’t been able to get through on the phone, and no response via Twitter or Facebook. I think next step will be CEO email.

[memesweeper]

Given it can take days to get through on the phone I’d consider getting a letter (yes, a letter) in the post to the fraud team now. You need to notify them as promptly as possible and this might be quickest.

[neilhd]

I sent an email to Sean Doyle yesterday lunchtime. Within a few hours I had an email saying my Exec Club account was now locked pending investigation. I have to assume that was what triggered it, as I’ve still heard nothing back from Twitter/FB.

So progress appears to be happening!

[Jacob]

Is everyone nowadays just emailing Sean Doyle directly?

[neilhd]

Jacob wrote:

Is everyone nowadays just emailing Sean Doyle directly?

It appears to be the only actual way to get in contact with BA these days…

To update my situation with a happy ending, a couple of days after my last post, most my Avios were returned. I replied to that email (even though it said it was a non-monitored address), pointing out it was still 50k short. So they locked my account again, investigated again, and now they are all back, and they removed the imposter account.

[AJA]

That’s great news. Worrying that you had the issue to start with.

[Rui N.]

Sort of similar happpened to me last night.
Wake up today with multiple Stripe SMS approval transactions from BA and an email from BA saying that my email address had been changed.
Called them and got through the phone right away. Someone has stolen over 150k avios. Household members remain unaffected.
Account locked for investigation, and fraud case referred to the respective team.

[Skywalker]

BA’s IT security is atrocious.

I changed my passwords this morning – and there was no email notification that my password had been changed.

What BA did do however, was helpfully include my BA Exec number, tier points, lifetime tier points and Avios balance in the “change password” email.

So assuming a hacker has already gained access to your email account, all a hacker then needs to do to find out more about your BAEC account more quickly and conveniently and all in one place – is trigger a change password email.

That level of detailed information is not at all required in a “change password” email.

[JDS1991]

On 13th January I also suffered the same fate as some of the above – 600+ spam emails amongst which a BA Exec Club notification of email change. My account was inaccessible through the app and so I called a number, got through to a human.

I passed security questions and was told that my avios balance was zero – it was 209k at last count. Someone had been added to my account, transferred all avios to Qatar Airways. Phone agent could not reveal more on who/how but said the account would be locked and under investigation.

It’s been 10 days and I’ve had nothing in writing to confirm that the investigation is happening. I called again and did not pass security questions and was told that I just have to wait and that the team would be in-touch if they need any activity confirmations.

I asked if these confirmations would be sent to my original details (email / phone) or those of the hacker – they didn’t seem to get my point…..

I’ve some faith reading the above that they will be returned but really 2 step authentication should be used for transfer of assets surely? Really upsetting

[Rui N.]

Rui N. wrote:

Sort of similar happpened to me last night.
Wake up today with multiple Stripe SMS approval transactions from BA and an email from BA saying that my email address had been changed.
Called them and got through the phone right away. Someone has stolen over 150k avios. Household members remain unaffected.
Account locked for investigation, and fraud case referred to the respective team.

Around 2 weeks after my Avios were stolen I got all of them back, so good outcome.
The process was very quick in the beginning. Avios were stolen overnight Friday-Saturday, Saturday morning I called to report fraud and account was locked, Sunday got an email with reference number as asking for ID and proof of address. I sent the documents on Monday and then on Tuesday they said that the case was investigated and then I just needed to change my password and the account would be unlocked and my avios restored. You’d imagine that the hard part was passed by then, but no, it then took them 10 days and multiple message from me for them to unlock the account…
Anyway, all avios back and strong(er) password now in the account.

Funny thing, I see the fraudulent activity in my transactions… all points were moved to Qatar (someone else in the forum reported the same). Top tip for BA: put a freaking restriction of 3 days to transfer points to Qatar after someone changes the email associated with your Executive Club account.

[NorthernLass]

They must know whose account the avios were transferred to – I wonder if they close the offending accounts in these cases (and cancel any travel the account holder has booked)? I also wonder if they ever trace any of these accounts back to their own staff!

[JDS1991]

JDS1991 wrote:

On 13th January I also suffered the same fate as some of the above – 600+ spam emails amongst which a BA Exec Club notification of email change. My account was inaccessible through the app and so I called a number, got through to a human.

I passed security questions and was told that my avios balance was zero – it was 209k at last count. Someone had been added to my account, transferred all avios to Qatar Airways. Phone agent could not reveal more on who/how but said the account would be locked and under investigation.

It’s been 10 days and I’ve had nothing in writing to confirm that the investigation is happening. I called again and did not pass security questions and was told that I just have to wait and that the team would be in-touch if they need any activity confirmations.

I asked if these confirmations would be sent to my original details (email / phone) or those of the hacker – they didn’t seem to get my point…..

I’ve some faith reading the above that they will be returned but really 2 step authentication should be used for transfer of assets surely? Really upsetting

UPDATE: my Avios were returned after an investigation, including sending my passport / bank statement copies to the fraud team. Whilst happy, there’s no further explanation or evidence within the account about who or where they went to.

[Ihar]

BA – please implement 2FA immediately for redemptions/transfers!

The (likely) reality is that it isn’t BA that’s been hacked – but another business where customers have re-used passwords across BA and other sites. Then the phishing expedition begins. Hackers steal “encrypted” data, but in reality only the password is encrypted – and unless it’s a strong password is easy to “decrypt” (not really decrypt, but resolve). Then you’re free game, and in the realm of Avios, any business where you collected points and have linked data.

Get a password manager – have a STRONG (min 16 length) unique password for each login. I have almost 500 passwords – all unique – and I know about 4 of them. The rest are stored in my password vault, automatically filled in on each website/login. I couldn’t even hack myself!!

[NorthernLass]

https://www.msn.com/en-gb/news/world/british-airways-supervisor-on-the-run-in-india-after-organising-3m-immigration-scam-from-his-heathrow-check-in-desk-for-five-years/ar-BB1iVZLJ

Presumably if it’s possible to run a scam like this from the inside, “moving” avios wouldn’t be beyond the realms of feasibility!

[Londonflyer]

Hi All

Piggybacking on this –

My account has “been locked for my own protection” – whenever i call BA to ask them to unlock the agents on the phone say they cannot and they will look to escalate.

I have yet to hear anything from BA –

Does anyone have the fraud /account team email address mentioned above in other threads?

Is this normal – how long should it take? Im at 2 weeks now.

Thanks