[vzzbuckz]

Renewal month this month (May 2025): I got offered 50,000 MR last year but this year, I was only offered 10K for £1K spend in three months. I asked if I could get the 25MR for £5K spend in three months but was told by Brighton retention’s that the offer is tied to your card.

As such, it does seem Amex are expecting people to pay the full fee this year with little opportunity for offset and the offer is fairly conservative based on monthly spend history.

[vzzbuckz]

What annoying is that Collinson Group owns both Priority Pass and a number of lounges in UK airports; would be nice if you could use them without having to pay to reserve or at least, reserve for free for Priority Pass members; it’s the same group after all.

[vzzbuckz]

MikeP wrote:

Ihar wrote:

John wrote:

<
You can access all websites for free with a VPN + proxy, I have been doing this on board BA for over a year.

Sorry, who uses a public hotspot without a VPN??? Madness!!

I’ve been in IT for 20 years. I don’t use a VPN unless I have to in order to connect to a network (e.g. connect to a corporate network).

As long as you’re using HTTPS and haven’t done anything stupid (like accept a self signed certificate) then a man in the middle attack is impossible.

There’s a lot of hype and FUD around VPNs.

You have an app (the BA one for example). You are at an airport. You connect to public wifi. Via DHCP, it gives you a DNS server but the DNS server is under the control of the bad guy and they direct mobile.ba.com to their own IP address that has a valid SSL certificate – just for a different address – but you are using an app so you can’t see it. You connect, provide your user name and password. Not strictly a man-in-the-middle attack but you get the idea.

[vzzbuckz]

As you know, if you have pre-existing conditions, they won’t be covered.

If you get a Nationwide Flexplus account, this includes Worldwide travel Insurance through Aviva, and you can pay to get cover for pre-existing conditions e.g. high blood pressure, raised cholesterol or something more serious. Never hurts to get better cover as you get older.

[vzzbuckz]

Lady London wrote:

My problem is I don’t know to what extent we are all being manipulated to take these views on what is happening in US politics.

America is full of decent hard working people who need a President to take a firm direction and they hope he will make progress on problems important to them. They voted him as the best of the available alternatives and maybe he was.

No one’s perfect and I wish America luck and thank them for the leadership role they took in the world in the past century and more and thank them for what they achieved. They need to do more for Americans now and I hope their leadership finds a path to that.

Totally agree. You can tell by the language some people use, which ‘news’ outlets they get their information from. Outside the echo chamber they are surprised when challenged on their phrase of words. If people want to avoid the USA, then that’s up to them – nobody else is interested in their manipulated political opinion though unless it’s well reasoned and though out – which is rarely is.

[vzzbuckz]

AMEX know how much you typically spend in a month so, for example, if you spend £2K a month but you know you need £250 off to make the fee worth while, would they offer you the MR equivalent on £6K in three months, or would they try to push to £2.5K a month or not even bother?

Certainly for me, I’m wondering what AMEX actually want from their card holders.

[vzzbuckz]

Garethgerry wrote:

I have a dedicated computer for banking , never browse or access websites like HFP etc on that. Don’t read emails on it. Do all that on tablet or phone.

Nothing on my phone that could link to bank .

Presumably you have a different home router, separate broadband account and private DNS provider for this computer or would that be a bit over the top?

[vzzbuckz]

Harrier25 wrote:

Believe it or not they don’t have to give you a retention bonus and it’s mainly Amex’s fault that card holders now think they’re entitled to a pile of bonus MR points every year.

Equally, the cardholder doesn’t have to renew and AMEX will lose out on spend fees and membership fee income. Some people don’t / can’t make use of all the benefits of the card to justify the £650 fee. A large chunk can’t use the Travel Insurance, for example, because it doesn’t cover per-existing minor conditions and nobody in their right mind would travel to the US, say, without cover for high cholesterol if there is the remotest chance it could be used as a reason to deny a claim. Offsetting the fee with MR points seems a reasonable strategy to me.

[vzzbuckz]

Thanks – strange the offer was so low then… £40K spend equates to about £3K per month.

[vzzbuckz]

everyotheridwasused wrote:

Also offered 25,000 MR for £5k spend in 3 months which I politely declined. As reference we have put c.£40k through the card in the last 12 months but this was the best offer they had.

Was the £40K personal spend i.e. travel costs, holiday, restaurants etc or was it something else. Trying to work out what they value.

I would use the MR points as a statement credit as I think £650 fee is a bit high when I add all the benefits I use – and 25,000 points is only worth about £112.

[vzzbuckz]

They are likely trying to get rid of the low end spenders who get the card for the perks, don’t spend on it and then cancel.

[vzzbuckz]

peter_london9 wrote:

Has anyone experienced a serious accident in the U.S. and had to rely on their Amex Platinum for coverage? I’m trying to figure out if, in the event of a total loss, they’d require me to pay upfront and then reimburse me later.

My strategy in the USA (if you have a Plat AMEX), is to join the Avis / Hertz status scheme, use your Plat AMEX as the payment method and book directly with either Avis or Hertz using the account you joined the status scheme with. I’ve found that the excess is then $0 (but check).

As an example, I had a chipped windscreen, returned the car and heard nothing afterwards.

You may pay slightly more but it’s probably worth it (IMHO).

[vzzbuckz]

My experience of a chipped windscreen in the USA was somewhat different.

I used the Plat Amex to upgrade to President’s club and rented a car directly with Avis.

I decline the additional insurance but noted my excess was automatically set to $0 and that the Amex Corporate Code had already been applied when I searched for rental prices (you get a 10% discount I think).

I got a chipped windscreen and returned the car and heard nothing afterwards.

Maybe the trick is to rent either Avis or Hertz, as part of the Amex upgrade in status to not have to deal with an insurance claim, or pay the lower prices for some rental companies and take the risk of paying out of pocket first.

[vzzbuckz]

I use Avis in the US and as part of the Platinum Insurance / Platinum President’s Club benefits, and have registered my card with them. For whatever reason, when I book directly, using my Avis account, my excess always shows as zero and my Amex is associated with the account.

Not sure if that’s just luck or just how Avis/Amex does it. You also get enhanced Roadside with President’s Club too – which could be useful. I can’t help with any actual experience but I’d rather not play the game in the first place. The only incident I had was a chipped windscreen but as I said, I returned the car and heard nothing hence.

[vzzbuckz]

You can be sure they will fully understand the terms and conditions should you come to make a claim.

[vzzbuckz]

For those who want to try it for themselves, make sure you are using Microsoft Edge on a Mac. Safari appears to work ok. Note Edge also won’t ask you for the 2FA protection too – you just zip straight in with username and password, even if 2FA is set up.

and yes, I will tell BA and from experience, won’t expect them to do anything about it unless they get a number of complaints.

[vzzbuckz]

Although to be fair, BA doesn’t exactly help itself.

For example, for me, if I log into my BA account, look at my personal information, then log out. If I then log in as another person in the household, then go to personal information, I see my’s information there.

If I log out, close the browser and then then go back in as the second person, and change their email address, then log out and close the browser, if I try to log in as the first user, I get a message saying I haven’t validated the new email address of the second user.

Basically a security nightmare; seems their session cookie management is broken. Do others see this?

[vzzbuckz]

masaccio wrote:

Well the Lastpass hack did involve brute forcing. Lastpass like 1Password only stores encrypted vaults so the hackers should not have been able to access the data in users’ vaults, but they brute forced the master passwords to decrypt the vaults. Then they sucked out the crypto wallet keys they could find and pocketed all that lovely cryptocurrency.

I guess some people really don’t like passwords and choose things like ‘tiddles’ or ‘fido’ as the their master password.

Of course even strong passwords can be brute-forced on a large GPU cluster but you’d need to know that the target password vault was worth the 10s of k$ that it would cost to attack just one master password.

This is one of the reasons I like 1Password – it uses two passwords to form the master password. One is a very long and complex password that you enter once, on any machines you want to use 1Password with e.g. your desktop, laptop and phone. You then set a master password. This could be ‘tiddles’. If someone manages to get your vault, they would need both passwords to access it – and with the complexity of the ‘static’ master password, brute forcing the vault would be almost impossible. That being said, the downside of 1Password is that you have to enter the complex password on every machine you want to use it on, once. This can confuse some people.

[vzzbuckz]

As I understand it – you can’t easily unless you muck around with the booking e.g. book your flight using RJ Frequent Flyer number then once you’ve gone through security and are sitting quietly in the lounge, change the FF number to your BA one. Then, once you go through the gate, you’ll be credited with Avios as this is where the trigger for Avios is.

If this doesn’t work – you’ll still get your Royal Jordanian points 🙂

I’ve never tried this though, but others may comment further.

[vzzbuckz]

Mack11 wrote:

Hi all,

I used my 4 prebook vouchers at Gatwick and although some of the lounges showed a charge, there was others that came up as £0, I selected the Number 1 lounge and have now been charged £48. On top of this, flying out of Aruba and I walked in to the lounge using the platinum (no issue) and now I have been charged £24.
I am confused, I thought the Amex platinum was complimentary?

I thought the pre-book vouchers expired on 31st December 2024 and I haven’t seen any renewals.

Also – in Aruba – did you use your ‘Platinum’ card or your ‘Priority Pass’ card? If you used your Platinum card, you’ll be charged (just wondering if this is a wind up)

[vzzbuckz]

I have two who are now turning 16 soon and, like you, flew business before. I couldn’t find a cost effective way of doing the same with children so have endured a decade and a half of flying economy.

That being said, I do see lots of families in Premium and Business and a friend, who is a pilot, say they see kids in First too? Both he and I have no idea how they do it.

[vzzbuckz]

masaccio wrote:

vzzbuckz wrote:

The problem is that the fake wi-fi also has a fake DNS server, so http://www.ba.com is not really sending you to ba.com. Most sites generate a hidden session key when you connect, so you don’t have to log in every time, and when you are connected to that dodgy wi-fi site, the owner will sniff that session key and then use it in what’s called a replay attack

Except BA doesn’t do this until you have logged in over an encrypted connection. So unless they are hijacking all the traffic with a fake certificate and you’ve accepted said fake certificate despite your browser’s warnings, they will be SOOL.

I personally think VPNs are oversold though I do have my own which I use mainly to bypass geo-blocking. I don’t use it for security and can’t anyway on my work phone as we policy out personal VPNs.

Doesn’t Android have its own password safe these days? Keychain in the latest iOS has proved good enough that I will let my 1Password subscription lapse this year.

It’s not as unusual as you say. A lot of corporates send out their own self-signed root cert and employees have to accept this onto their personal devices to use the internet at work (it usually comes pre-loaded on corporate devices). People, especially business users, are used to this sort of thing and are likely to accept such a thing if offered by an offical sounding wifi hotspot.

Apple’s Password product is getting better. I’m keeping my 1Password subscription as it stores other stuff as well and works on Windows. Another useful Apple product is if you subscribe to iCloud+. you get a free VPN called iCloud relay, which works with Mail and Safari. This could help fight the battle against dodgy wi-fi hotspots too – you just need to remember to enable it.

[vzzbuckz]

NorthernLass wrote:

My friend who does cyber security says that the best password is 3 random words and don’t bother with fancy characters. Also, never use public wifi!

The ‘3 random word’ model is advocated because the level of entropy is high (longer passwords are harder to brute force) but people find it very difficult to come up with random words. A tool called ‘Diceware’ is available that generates three random words for you. You still need a password manager though as you have to have a different ‘3 random word’ combination for each site you visit.

Agree with public wi-fi but if you do need to use it, you should use a paid-for VPN like Express VPN or Nord VPN. The reason for this is that airports are notorious places where hackers put up fake wi-fi sites. People join these site but think the connection to their favourite websites is encrypted so they are ok. The problem is that the fake wi-fi also has a fake DNS server, so http://www.ba.com is not really sending you to ba.com. Most sites generate a hidden session key when you connect, so you don’t have to log in every time, and when you are connected to that dodgy wi-fi site, the owner will sniff that session key and then use it in what’s called a replay attack; this will allow them to log into your ba.com account without a username and password. (You connect to dodgy wi-fi, you connect to ba.com, the hacker’s DNS intercepts this, steals the session key your browser generates, forwards you to ba.com as though nothing has happened. They then connect to ba.com with your stolen session key and change your email address etc).

So general lesson is: use a paid-for VPN if on public wi-fi and use a password manager.

[vzzbuckz]

I’m sure this status match will be popular so will be keeping an eye on people’s experience on this thread.

[vzzbuckz]

I’d also check to see if you use your email / password combination with any other account e.g. Amazon and change the password there.

It’s common for hackers to get access to a low security website and check the stolen username / password combinations with other sites (like BA) to see if you use the same password (or slight variation of) in different places.

Good advice about getting a password manager. 1Password / Bitwarden etc which allows you to use different passwords with each account.