Website security

Your online security is very important to us. We're constantly enhancing our security, and will continue to update you on any changes.

Read our security essentials

There are some really simple things you can do to ensure your details are safe and secure online. Take a look through our easy tips to ensure you are using ba.com safely and securely.

collapsedshowPasswords
  • Think of passwords as keys. Use a different one for each account, as if it is stolen it can be used to take over all your accounts.
  • Make it strong by using a mixture of upper and lower case letters, numbers and special characters. The longer it is, the better.
  • Avoid using personal information, dictionary words and consecutive numbers as these can be guessed.
  • Consider using a passphrase. For example, choose a song or phrase and take the first letter of each word, substitute in numbers and special characters. e.g. Tx2l*hIwwUR (decrypts as "twinkle twinkle little star how I wonder what you are").
collapsedshowPhishing scams

There is an internet fraud practice known as 'phishing' which is the illegal gathering of personal information by deception. Fraudsters pose as a trusted source (like your bank), and try to get you to divulge your personal details.

If you suspect that you have received a fraudulent email:

  • Don’t click on any links or attachments, and check the sender's address.
  • Report a phishing email that appears to be from British Airways by sending it to phishing@email.ba.com (please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply)

Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail, yahoo, etc. In addition, we will never request money payments through a third party or promise you any kind of cash prize.

Here are the incidents of fraudulent emails and other phishing scams that we're currently aware of:

August 2016:

1) Facebook-related fake British Airways pages with offers for free First class flight tickets (sometimes with hotel stays too). Most mention it's because of our 40th or 42nd birthday. We're sorry but this isn't an offer we're running and it's not from our legitimate/official British Airways Facebook page.

2) Some people have reported receiving an email with this subject line: "British Airways - You won a 10,000 miles flying card / Promo #99993392". The message refers to offering a gift card with the value 399 GBP. Please do not click the link nor reply to the email. This email was not sent by British Airways.

3) There are additional emails being sent offering non-existent vouchers for the amounts of 2,500 GBP, 1,000 GBP or £1,000. These emails have a few different subject lines, including references to “free flights” or “travel discounts” or “complimentary flights”. Again, these emails were not sent by us and the email address is not one British Airways would use.

4) An email is being sent out with a subject line: "Your e-ticket receipt 1TKG86: LHR-JFK 30 Sep 2016". It is then referring to the following booking reference and payment amount: "Thanks for the purchase! Booking number: 1TKG86 - Your credit card has been charged for $691.62." This booking doesn't exist and you haven't been charged by British Airways.

5) Some people have received an email referring to booking number "BRAIR-12586-GB". This reference doesn't exist, nor is there a travel package to win.

March-May 2016: We're aware of fraudulent "WhatsApp" or text messages that tell you there is a package/suitcase/letter in your name that is very valuable (although you had no idea about this parcel/package until you received this message) and which needs you to pay some money to 'release' it from British Airways World Cargo. Usually the people sending these message ask for the money to be sent through a company such as Western Union, or another money-sender. British Airways or IAG Cargo would not pass customers items to a third party to arrange repatriation. We would not collect any fees/charges in this way.

April 2016: An email with the subject line "E-ticket confirmation" has been mailed out, referring to a fake e-ticket number "549843215952132" and a ticket price "2216.45 GBP". This email was not sent by us, and this ticket does not exist.

collapsedshowPurchasing
  • Look for ‘https’ at the start of the web address (the ‘s’ stands for secure).
  • Check that a padlock is displayed when entering personal or financial information.
  • A green bar may also appear which means that the website has a valid security certificate.
collapsedshowSecure your computer
  • Ensure you have anti-virus protection installed, and that it is up to date.
  • Keep your operating system and software up to date as these protect against the latest security threats.
  • Protect your computer with a password and keep the password secret.
collapsedshowScams

If it seems too good to be true, then it probably is.

  • Scams come in many guises; be it social media, email, phone calls, etc.
  • Be suspicious if you are offered a deal, service or prize, especially if you are required to make a payment or provide personal details.
  • Often the deals are only available for limited time periods, forcing you to make an instant decision.
collapsedshowWi-Fi hotspots

Wi-Fi hotspots in public places are convenient but are often not secure.

  • Many hotspots do not encrypt information sent over the Wi-Fi network and might be accessed by someone else.
  • Don’t log in to personal or financial accounts when using public wireless networks.
  • Don’t log on to sites that don’t seem legitimate. Always ensure the site is fully encrypted.
  • When you have finished using an account, remember to log out.
collapsedshowMobile devices

Mobile devices are essentially small computers.

  • Install anti-virus software to protect from 'malware' (malicious software).
  • Protect your mobile with a password or PIN.
  • Keep your apps up to date.
collapsedshowPrivacy and identity

Treat your personal information like cash.

  • Don’t hand personal information out to just anyone.
  • Only provide this information over encrypted websites (look for 'https' at the beginning of the web address).
  • Use password protection for securing personal data.
  • Protect your passwords. Keep them secure and out of plain sight.
  • Do not use the same password for multiple accounts, as if it is stolen it can be used to take over all your accounts.

Booking online with British Airways is quick, easy, convenient and safe

British Airways makes every effort to maintain customer confidentiality when securing an online payment. This includes ensuring the security of your credit card details and other personal information.
collapsedshowHow we secure your payment information when you book online
  • When you buy a British Airways ticket over the Internet, your web browser connects with the website through an SSL ("Secure Sockets Layer").  SSL is an industry-standard protocol for encryption over the Internet.
  • All of your personal information is encrypted as it travels over the Internet, to and from www.ba.com. When information is encrypted, it is scrambled between your computer and our server. The information is only unscrambled when it safely reaches us. It's fast and safe, and it ensures that your personal information cannot be read by anyone else.
  • However, as with any standard email, emails containing your personal data sent to or from British Airways will travel in a non-encrypted format.
Once you have made a booking

As you make a booking we need to capture your personal details to go into the booking. At this point the information is encrypted. You can tell this is happening as browsers will display a key or padlock at the bottom left corner of the screen.

Completing the transaction

When you send your personal details to us, none of the information is stored on the website, it is passed straight back to our secure servers at our Heathrow headquarters, where it only exists as part of the record of your transaction.

Security messages

If you see a security message during the booking process, it is simply informing you that you are entering a secure area of the site. You will also see this message when you are severing the connection with our secure server, and moving into an open, public area of the site. At this point all of your personal information has been deleted, whether or not you actually completed a purchase. Your browser can be configured to display this message or not, as you choose.

Your personal information

British Airways considers your privacy to be of the utmost importance, and we are governed by the UK Data Protection Act 1998. If you are concerned with how we might collect and use information about you, you can find a complete explanation in our Privacy Policy.

View the Privacy Policy

collapsedshowUsing Manage My Booking to securely service your booking

British Airways makes every effort to ensure only authorized access is made to your booking when using Manage My Booking. This includes applying different levels of authentication depending on who you are and which services are being used.

If you are not a member of the Executive Club or you are a member but you are not logged into your account, then you will need to provide your booking reference and your surname to view your itinerary, add and change seat and special meal requests, add your Advance Passenger Information (API) or email your itinerary to a friend.

You will need to provide additional information to view details of any special meal previously requested, view or change your API or to print or email your e-ticket receipt. We will not ask for new information as part of this process; it will already have been provided by whoever made your booking at that time or by you when updating your booking. The information which may be requested includes your passport number and associated travel details, or all or part of the credit or debit card number of the card used to make your booking. If any of this information is not attached to your booking, then these second level authenticated services will not be used.

If you are a member of the Executive Club and you are logged into your account, we will recognise the bookings which you have associated to you through your account. We will only request additional information from you (as described above) to view or change another person’s API (on the same booking as yourself), or to print or email your e-ticket receipt.

Note: This information reflects our current security policy. If there are any changes in industry standards, the law or our procedures, the information in these pages will be updated.

collapsedshowIf your access to ba.com is blocked

Every effort is made to block suspicious activity, however in some circumstances a small number of customers may have their access to ba.com blocked.

If you are using a desktop PC or laptop

British Airways uses an external company, Webroot BrightCloud, as a threat intelligence service to enable traffic from genuine customers to flow through. Should you get an error message to say that the ba.com page you were trying to visit has been blocked, please follow the below instructions.

  • Paste the following URL into your browser and enter your computer's IP address:
    http://www.brightcloud.com/tools/change-request-ip-reputation.php
  • Your request should take 24 to 48 hours to complete.
  • Should your request fail and you feel it should not, then please contact our support team on +44 (0)344 493 0787 option 3 (calls charged at local rate with the UK, open daily 06:00-20:00 UK time).
  • Please quote your support reference (made up of 20 numbers) and your IP address.

If you are using a mobile

  • Turn off your Wi-Fi and try again.
  • Try using ba.com on a desktop PC or laptop and if the problem persists follow the instructions above.
collapsedshowImportant notice about internet fraud

For your protection please be aware of the following facts:

  • You will only be asked for your card payment details if you wish to change or refund your booking on ba.com. We require this information specifically to debit or credit your card in relation to your booking.
  • Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail or yahoo.
  • British Airways will never request money payments through a third party, such as Western Union.

If you have reason to suspect an email claiming to be from British Airways is fraudulent, please forward it to phishing@email.ba.com so we can investigate its authenticity and take appropriate action. Please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply.

Last updated: September 2016
© British Airways Plc