Navigating through the world of travel hacking can be complicated and overwhelming. For those unfamiliar with travel hacking this term simply means accumulating and redeeming credit card points, hotel points and air miles for travel rewards. In this article we focus on travel hacking American Airlines for flights with AAdvantage miles.
The main strategy for the largest travel reward redemption is through the use of credit card bonuses. Most major airlines have branded credit cards. Before applying for a credit card you will want to look at 4 factors. The interest alone may negate any benefit or savings you may have gained through the travel hack. Having said that pay your bills before or when they are due. The best way to gain the maximum amount of points is to combine getting a business card and a personal card.
Some airline brands, like American Airlines, will have both a business credit card and a personal credit card. If you want to be more economical you can simply get a round-trip ticket to anywhere American Airlines flies!
What does this mean? While you can directly transfer points with the partners, you can also book directly through American Airlines.
The options are endless but do require some creativity. Check out some more flying hacks. Did you find this guide helpful? Share your thoughts and other travel hacking tips with me. Vedante is a blogger, an adventurist and a traveler. When not surfing away on the internet, you can most likely find him seeking an adventure or just simply roaming about in the sun.
Great tips for those getting into travel hacking and for those that prefer to fly Ameican Airlines. These are really great tips! However, I agree using credit card points for flight bookings is a great idea. Being frequent travellers, we do own some co-branded travel credit cards and we have used our points multiple times for flight bookings.
Yes, credit card points hack is a good idea. I just began collecting miles!When it pulled in my emails I saw a very curious one pop up. After reading the email and, realizing it was neither spam nor a phishing attempt, my heart sank.
My AAdvantage account was compromised. Someone had gained access to my account and, in their efforts to mask it and hope I, nor American, would notice, they added a few digits to the end of my email address. Let me pause briefly here. I was frustrated and felt violated and the EXP agent was frustrated for me and was as comforting as she could be, coming back on the line every five minutes or so to let me know that she was still working on things internally for me while I endured lengthy holds.
I commend her for not only her skill of making the right internal people aware of what was happening but for her empathy with me. Her immense compassion and kindness embodied the best of American Airlines customer service during a tough situation. At that point, however, I had bigger fish to fry. I tried to think like a hacker and guess what their next move would be, as changing my email address back to my own and changing the password on my AAdvantage account had seemed to stop them in their tracks for the moment.
I had work to do. And then I waited. There was nothing else I could do. I felt helpless. But then I got my first data point. On it, I finally had the name of a suspect.
I did not recognize the name and it was nobody I knew.
FBI: Hacker claimed to have taken over flight's engine controls
Yes, I blurred out their name. I knew this email was automatically generated a few hours probably some batch process after an award booking. They had received the report, thanks to the hard work of the EXP desk agent the night before, and reviewed the bookings. Here was the crux of it:. I had a caseworker and everything. It was reassuring that I had that information and I was grateful that they were able to get me the information so quickly.
A friendly AAgent picked up the phone and helped me set up a new AAdvantage account and begin the process of merging my old account data into the new one. At this point, they had done what they were capable of doing and the rest was in the hands of Corporate Security.
I did some online sleuthing and was quickly able to figure out their likely whereabouts and was even able to pull up some lengthy criminal histories for names which matched the suspects. I live in Dallas, Texas. DPD has a helpful online information page for filing police reports so I gathered the necessary information and went down to the police headquarters yesterday to file a police report and start the process of getting my miles back.
Since the accused thieves are outside of DPD jurisdiction I knew there was nothing they could do but I at least wanted to get the police report going in order to get my miles back.
Why did I have to get a police report? Corporate Security asked for one. Why did they ask for one? I have to wait for the police report and then need to send it over to Corporate Security in order for American to reinstate my miles.
I struggle with patience so this will be good practice for me. It would be the recipient of the fraudulent award that gets arrested, not the hacker.
As always, try and make sure your passwords are unique from website to website. Stay tuned for the next post!I gave a pretty thorough explanation of exactly what happened in my previous post here.
An update and conclusion to the story This morning I was finally able to get a printout of the police report I filed with the Dallas Police Department. An hour or so later, I received a reply, reading as follows name of the American employee removed :.
I checked my AAdvantage account and… my miles are back! I had to go down to Dallas Police Department HQ a few times, since they were having some issues with their records system, but ultimately I did exactly what American Airlines asked of me, Dallas PD gave me the exact data needed in the report, and everything is relatively back to normal now! From the first agent who gasped when she saw miles being drained from my account to the corporate security representative who assisted me in getting my miles back, American treated this issue seriously and were super quick to get everything squared away once they had everything they needed.
Ok, American has it tough here. There are certain fields in an AAdvantage account that should be locked down. Birthdate, for instance, should never change.
What did a hacker do with her stolen miles?
That could change all the time. What about email address? The current procedure, emailing the old email address and the new email address, is retroactive and does not prevent theft from taking place.
Whether the challenge is two-factor authentication which would be a nightmare to roll out or answering security questions, changing an AAdvantage account email address should be hard and should take time. Making the email address harder to change would not have prevented the hacker from making false award bookings using my miles.
What it would have done, though, is prevented the award redemption email from going to the new email address they attempted to change it to I changed it back almost as soon as it happened because I happened to check my email shortly after the account was compromised.
The balance between security and convenience is just too delicate. American also has the problem of their users logging into their accounts from all over the world, making IP-based security algorithms incredibly hard. I think tightening up security around email address changes is a reasonable and easy-to-implement change to ensure users are always receiving the notifications they need in order to realize something is wrong.
Just curious if AA can figure out or find who did the bookings now that there has been bookings made Nd seat assignments?
Or do they invalidate the tickets?CNN A cybersecurity consultant told the FBI he hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight, according to federal court documents.
Sorry it's so generic, but there's a whole 5 years of stuff that the affidavit incorrectly compressed into 1 paragraph Chat with us in Facebook Messenger. Find out what's happening in the world as it unfolds. More Videos Man claims entertainment system helped him hack plane Story highlights Document: Hacker told investigators he hacked plane's controls, ordered it to climb FBI detained Chris Roberts in April after he got off of a United Airlines flight in Syracuse Roberts says via attorney that his only interest "has been to improve aircraft security".
Chris Roberts was detained by the FBI in April following a United Airlines flight to Syracuse, New York, after officials saw Twitter posts he made discussing hacking into the plane he was traveling on. An FBI search warrant application filed in the U. District Court for the Northern District of New York describes the investigation of Roberts for possible computer crimes.
Read the search warrant application PDF. During FBI interviews in February and March, the document says, Roberts told investigators he hacked into in-flight entertainment systems aboard aircraft. He claimed to have done so 15 to 20 times from to He also said, according to the document, that once he had hacked into the systems and then overwrote code, enabling him to issue a "CLB," or climb, command. Roberts said he knew of vulnerabilities aboard three types of Boeing aircraft and one Airbus model.
He hacked into in-flight entertainment systems made by Thales and Panasonic, he told agents, according to the document. Canada's APTN first reported on the document. Roberts has accused the FBI via Twitter of "incorrectly" condensing five years of his research into one paragraph. Attorney Andrew Crocker with the Electronic Frontier Foundation, an Internet rights advocacy group, told CNN that Roberts was not available for an interview but offered a brief statement from his client: "Over last 5 years my only interest has been to improve aircraft security.
Given the current situation I've been advised against saying more. In an interview with Wired magazinehe declined to say whether he had hacked the flight mentioned in the federal affidavit.
In that article, he said a key paragraph was out of context. The FBI document says the bureau's agents and technical specialists "believed that Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the in-flight entertainment systems and possibly the flight control systems on any aircraft equipped with an in-flight entertainment system, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.
Roberts said he used a modified Ethernet cable to connect his laptop to an electronic box underneath his seat that controls the entertainment system.Your next vacation might have some unwanted guests — oh, and you're not even invited. Cyber thieves broke into thousands of customer accounts for American and United airlines, and even booked trips on a few.
The December hack was announced Monday when both airlines started notifying compromised customers through emails. A United Airlines spokesperson told the Associated Press the high-flying hackers booked trips or made mileage transactions on about three dozen accounts.
He said customers who had the bogus bookings on their accounts would get their miles restored. An American Airlines spokesperson said about 10, accounts were hacked, including at least two cases of a hacker booking a trip or making an upgrade.
Some of the accounts are frozen as the airline is setting up new ones, starting with customers who had at leastmiles. American is going to pay for a one-year credit-watch service for the hacked customers.
Reps from both airlines said the systems themselves were not hacked — rather, the thieves stole usernames and passwords from a third party and logged into thousands of accounts. Other account information, such as credit card numbers, were not stolen.
Travel Hacking American Airlines for the Luxury Travelers
Skip to content. Both airlines notified customers of the hack through email on Monday and are working to restore credit or miles to compromised accounts. The hackers found the login information through a third party source that is currently unknown. Most Read. Nurses at a hospital in Westchester leave coronavirus ICU shift to find tires slashed.
Two dead, one wounded in East Harlem street shooting. The source of the leaked login information is being investigated. Follow jaysunsilver. Latest U. Some U. New coronavirus-aided record set in New York to L.Login with Facebook.
Find More Posts by ibrandsguest. Originally Posted by NYCommuter. Find More Posts by rjw We're going to need a lot more information to be able to give a useful response. Does this still happen to your relative when they try to go to aa.
Do they have any screenshots? What was the phone number? Probably even more than that, but based on your description of the problem it seems very unlikely aa. If the hackers could do that, they could just get your relative to type their credit card into the hacked site and steal the number that way. Find More Posts by jordyn. Visit HWGeeks's homepage! Hey NYCommuterwas the fake number by chance ? Last edited by rjw; Jun 19, 18 at pm. There are many alternative explanations with much higher probabilities of happening than "selective AA web site hacking".
The likelihood of AA "letting it happen" is almost zero. I do agree - preposterous. Last edited by mvoight; Jun 20, 18 at am. Find More Posts by mvoight. Jun 20, 18, am. That post would be directed at "foreigners" dialing to the USA. Lots of "toll free" and web addresses are purchased by scammers etc.
Find More Posts by nrr. Dave Noble. Originally Posted by nrr.Source: aa. The actual thefts took place sometime in late December, but only made headlines this week. What thieves did manage to do was steal passwords and login information from individual customers' other accounts. Suppose, for example, you've registered with a chat forum to discuss your favorite musician or hobby, share child-rearing tips, or talk about any other topic you find interesting.
And suppose you ignored, or simply didn't know, certain basic password-safety rules, so that you used the same password to login to Chatroom. Then, some hackers managed to breach Chatroom. There's a good chance that this happened without anyone at Chatroom.
The actual Chatroom passwords are probably worthless to thieves — there's little-to-no money to be made from breaking into a small, casual discussion forum shared by a few friends or fellow hobbyists — but there is money to be made if an individual Chatroom member's password also grants access to that individual's bank account, StubHub account — or frequent flyer account. That's probably how various United and American customers had their bonus miles stolen.
A spokesperson for American Airlines told the Associated Press on Monday that roughly 10, customers' accounts were affected. American and United both say they plan to restore lost miles to affected accounts, and in the meantime all compromised accounts have been frozen.
If you have an American or United account, even if or especially if you haven't used it in awhile, check your account status to see if you've been affected. Meanwhile, whether you have frequent flyer miles with an airline or not: remember to make sure that every password-protected account you have has its own unique password.
At the very least, make sure all of your financial accounts have their own unique passwords: your credit or debit cards, savings or investment accounts, frequent-flyer miles or hotel rewards programs — in other words, anything worth actual money. A hacker pretending to be you on Chatroom. Sign up to receive our free weekly newsletter. We value your privacy. Unsubscribe easily. Jennifer Abel.
Take a Quiz Get matched with an Accredited Partner. Find my match. Share your comments.
Get the news you need delivered to you Sign up to receive our free weekly newsletter.