.
PSA reminder: British Airways Executive Club accounts continue to be hacked, as evidenced by one of our clients who recently received an email: “Your email address has been changed as requested. If you did not request this email address change, please contact us immediately.”
Since he hadn't changed his email address, he called British Airways (in the U.S., the number is 800-452-1201), which was in itself an ordeal, because, unlike with banks, there's no option to press for fraud. Instead, you press “3” for Executive Club, but are then met with a request to explain the issue. Often as not, it will try to text something to you so that you can log on to Executive Club (the self service option) which obviously is of no help when you're unable to log on in the first place, due to someone hacking your account. He eventually said something about locking his account due to fraud, and managed to get his call transferred (after an extensive hold) to someone at Executive Club.
After explaining the issue, the representative locked his account and confirmed that fortunately, no Avios from his account had been used yet. He stressed that no communication should be emailed to the email that the hacker changed his account to; it should only be emailed to his own email, the previous email on the account. He was told it will take 7-10 business days for the fraud team to investigate, so he plans to call back at the end of the two weeks if he hasn't heard from them.
Avoid Having Your British Airways Executive Club Account Hacked / Losing Avios
Moral of the story: have a complex alpha-numeric password for British Airways Executive Club, and change it regularly, given the many data breaches. A password manager is ideal for this. If you're part of a Household Account, be sure ALL members of your Household account do this (or get your Household Account members to allow you to do this for them) since your account and Avios are only as secure as the weakest link.
If you do get an email that your British Airways email has been changed, call British Airways Executive Club immediately, as you may be able to lock your account before the fraudsters manage to use any of your Avios.
Finally, avoid keeping a lot of Avios in your account; only transfer credit card points such as Chase Ultimate Rewards or AMEX Membership Rewards into your account as needed, since Chase and AMEX are more secure repositories for your points, and it's better to keep flexible bank points anyway as a hedge against the devaluation of any particular airline's frequent flyer miles.
.
Why Doesn't British Airways Have 2 Factor Authentication?
In addition to the difficulty in getting through to speak to someone at Executive Club, it mystifies us as to why British Airways Executive Club doesn't use 2 Factor Authentication (2FA), the way virtually all other major frequent flyer programs and bank accounts do: a code should be sent to one's phone number, and it shouldn't be easy to change the phone number on one's account without additional verification (most people tend to keep their phone number, even if switching cell phone providers).
It's not as if British Airways Executive Club is a stranger to hacking attempts: there are numerous accounts online, dating back 10 years or so, of British Airways Executive Club accounts being compromised.
I'm guessing there may be a legacy code issue or a stretched IT/security team or both, but maybe a reader with more knowledge of why British Airways hasn't enabled 2FA can chime in.
Recommended Posts
Chase to Avios 20% Transfer Bonus
PSA: Avoid AI Voice Phone Scams
Review: British Airways Lounge, San Francisco SFO
Award Flight Change: Can Avios Open Up Partner Award Space?
If you enjoyed this, join 200,000+ readers: follow TravelSort on Twitter or like us on Facebook to be alerted to new posts.
Subscribe to TravelSort on YouTube for travel inspiration.
Become a TravelSort Client and Book 5-Star Hotels with Virtuoso or Four Seasons Preferred Partner Benefits