BA Phishing WarningBack to Forum
Anonymous17 Sep 2011
A number of fraudulent emails are currently in circulation claiming to be from British Airways, including:
Emails with a subject line like “BA e-ticket receipt” or mentioning booking reference ZVBN70 indicating that your credit card has been debited USD391.62
Emails asking you to pay a BTA (Basic Travel Allowance) Tax, or similar, to enable your friend to travel
Unsolicited offers of employment with British Airways requiring you to purchase a visa
Emails advising you of a parcel awaiting collection and requesting your bank details
Emails congratulating you on winning a cash prize in a competition you haven’t entered
Offers of tickets to sporting or music events claiming to come from a member of British Airways cabin crew
These emails are NOT from British Airways. Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail, yahoo, etc. In addition, we will never request money payments through a third party or promise you any kind of cash prize.
If you have any doubts about the email you have received, do not click on any links or download any files.
Please forward suspected email scams to “<a href="mailto:firstname.lastname@example.org“>email@example.com“. We will investigate its authenticity and take appropriate action. (Please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply.)17 Sep 2011
I was pleased to see the headline on BA web page…very helpful.
In general they have a very secure site but I am in correspondence with them over unauthorised access to PNRs and seats changes via BA.com which do not subsequently generate email advice that a change has been made. This is a bit different to Phishing but none the less people should be aware
The initial reaction to the concerns raised was poor, with a suggestion that I change my BAEC password. This response showed that the staff answering my concerns really do not know how MMB works. It is not necessary to log into your BAEC account to access a PNR. All that is required is the PNR and family name.
It seems odd that whilst Iam required to input a credit number number to obtain a receipt for my e ticket, almost any other change can be made with nothing more than the PNR and name.
The incidents were irritating rather than serious but there are flaws to BAs sytems and they are not, as yet, taking them seriously.17 Sep 2011
For what it’s worth, I’ve just a completely authentic looking one, part of the text is below.
The clues that it is spoofed are :
No passenger name
Sent to an email address I don’t use for bookings
The attachment was a zip file, whereas a real ITR would be a pdf
Still, it has the potential to catch people out.
THIS IS AN AUTOMATED EMAIL – PLEASE DO NOT REPLY AS EMAILS RECEIVED AT THIS ADDRESS WILL BE AUTOMATICALLY DELETED.
Virus checking of emails (including attachments) is the responsibility of the recipient.
This message is private and confidential and may also be legally privileged. If you have received this message in error, please advise the sender and immediately, permanently destroy the document. Please do not read, print, re-transmit, store or act in reliance on it or any attachments.
Posted Image Posted Image
Posted Image Dear, Booking reference: RUL7MZ
Thank you for booking with British Airways.
Ticket Type: e-ticket
This is your e-ticket receipt. Your ticket is held in our systems, you will not receive a paper ticket for your booking.
Your itinerary is attached.
British Airways Customer Services17 Oct 2012
I’m always startled at how people fall for these phishing attempts, because however good the spoof, the email address it comes from is always a giveaway.
Well, it is on Macs, anyway, if you mouse-over it.18 Oct 2012
Just thought of a way BA can scam the scammers
BA should set some fake accounts with lots of points then once a scammer transfers either the points or spends them the authorites make a swoop on them once they checkin at the airport.23 Oct 2012
On the same theme of being conned/stolen from.
For those of you with a mobile phone…. If you’ve a modern generation mobile, you MUST download an app enabling you to locate the device by GPS and/or lock it remotely. Have you got a password installed to prevent illicit use?
I had an older generation mobile stolen from me in Whiteleys, west London and before I realised that it had gone (that’s another story), the grubby little oik had made calls to Sierra Leone, Oz, the USA et al costing over £1K. Vodafone have declined to provide any explanation for their failure to pick up the 50 times increase in my call usage within two days. We are still arguing the toss about this over a year later and they refuse to explain themselves. BTW, I had to pick up the bill and the Met Police cannot be bothered to investigate because no-one got hurt…23 Oct 2012