BA Phishing Warning

Back to Forum

This topic contains 9 replies, has 6 voices, and was last updated by  AnthonyDunn 23 Oct 2012
at 17:20

Viewing 10 posts - 1 through 10 (of 10 total)

  • Anonymous


    A number of fraudulent emails are currently in circulation claiming to be from British Airways, including:

    Emails with a subject line like “BA e-ticket receipt” or mentioning booking reference ZVBN70 indicating that your credit card has been debited USD391.62
    Emails asking you to pay a BTA (Basic Travel Allowance) Tax, or similar, to enable your friend to travel
    Unsolicited offers of employment with British Airways requiring you to purchase a visa
    Emails advising you of a parcel awaiting collection and requesting your bank details
    Emails congratulating you on winning a cash prize in a competition you haven’t entered
    Offers of tickets to sporting or music events claiming to come from a member of British Airways cabin crew
    These emails are NOT from British Airways. Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail, yahoo, etc. In addition, we will never request money payments through a third party or promise you any kind of cash prize.

    If you have any doubts about the email you have received, do not click on any links or download any files.

    Please forward suspected email scams to “<a href="“>“. We will investigate its authenticity and take appropriate action. (Please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply.)


    I was pleased to see the headline on BA web page…very helpful.
    In general they have a very secure site but I am in correspondence with them over unauthorised access to PNRs and seats changes via which do not subsequently generate email advice that a change has been made. This is a bit different to Phishing but none the less people should be aware

    The initial reaction to the concerns raised was poor, with a suggestion that I change my BAEC password. This response showed that the staff answering my concerns really do not know how MMB works. It is not necessary to log into your BAEC account to access a PNR. All that is required is the PNR and family name.
    It seems odd that whilst Iam required to input a credit number number to obtain a receipt for my e ticket, almost any other change can be made with nothing more than the PNR and name.
    The incidents were irritating rather than serious but there are flaws to BAs sytems and they are not, as yet, taking them seriously.


    I think the balance between security and ease of use is just about right at the moment.


    For what it’s worth, I’ve just a completely authentic looking one, part of the text is below.

    The clues that it is spoofed are :
    No passenger name
    Sent to an email address I don’t use for bookings
    The attachment was a zip file, whereas a real ITR would be a pdf

    Still, it has the potential to catch people out.


    Virus checking of emails (including attachments) is the responsibility of the recipient.

    This message is private and confidential and may also be legally privileged. If you have received this message in error, please advise the sender and immediately, permanently destroy the document. Please do not read, print, re-transmit, store or act in reliance on it or any attachments.
    Posted Image Posted Image

    e-ticket receipt
    Posted Image Dear, Booking reference: RUL7MZ

    Thank you for booking with British Airways.

    Ticket Type: e-ticket
    This is your e-ticket receipt. Your ticket is held in our systems, you will not receive a paper ticket for your booking.

    Your itinerary is attached.

    Yours sincerely,

    British Airways Customer Services


    I’m always startled at how people fall for these phishing attempts, because however good the spoof, the email address it comes from is always a giveaway.

    Well, it is on Macs, anyway, if you mouse-over it.


    In the case of the BA one I received, the email address was spoofed and was identical with, and not just similar to, the genuine one:

    “<a href="“>

    These scum are getting smarter!


    Just thought of a way BA can scam the scammers

    BA should set some fake accounts with lots of points then once a scammer transfers either the points or spends them the authorites make a swoop on them once they checkin at the airport.


    Scammers using BA flights have indeed been identified in the past.


    On the same theme of being conned/stolen from.

    For those of you with a mobile phone…. If you’ve a modern generation mobile, you MUST download an app enabling you to locate the device by GPS and/or lock it remotely. Have you got a password installed to prevent illicit use?

    I had an older generation mobile stolen from me in Whiteleys, west London and before I realised that it had gone (that’s another story), the grubby little oik had made calls to Sierra Leone, Oz, the USA et al costing over £1K. Vodafone have declined to provide any explanation for their failure to pick up the 50 times increase in my call usage within two days. We are still arguing the toss about this over a year later and they refuse to explain themselves. BTW, I had to pick up the bill and the Met Police cannot be bothered to investigate because no-one got hurt…

Viewing 10 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic.
BTUK June 2018
BTUK June 2018
Be up-to-date
Magazine Subscription
To see our latest subscription offers for Business Traveller editions worldwide, click on the Subscribe & Save link below