Website security

• Think of passwords as keys. Use a different one for each account, as if it is stolen it can be used to take over all your accounts.
• Make it strong by using a mixture of upper and lower case letters, numbers and special characters. The longer it is, the better.
• Avoid using personal information, dictionary words and consecutive numbers as these can be guessed.
• Consider using a passphrase. For example, choose a song or phrase and take the first letter of each word, substitute in numbers and special characters. e.g. Tx2l*hIwwUR (decrypts as "twinkle twinkle little star how I wonder what you are").

If it seems too good to be true, then it probably is. 

Scams come in many guises; be it social media, email, phone calls, etc. Be suspicious if you are offered a deal, service or prize, especially if you are required to make a payment or provide personal details. Often the deals are only available for limited time periods, forcing you to make an instant decision.

There is an internet fraud practice known as 'phishing' which is the illegal gathering of personal information by deception. Fraudsters pose as a trusted source (like your bank), and try to get you to divulge your personal details.

If you suspect that you have received a fraudulent email:

• Don’t click on any links or attachments, and check the sender's address.
• Report a phishing email that appears to be from British Airways by sending it to phishing@email.ba.com (please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply)

Legitimate emails from British Airways will not have been sent from a web-based mail server such as gmail, hotmail, yahoo, etc. In addition, we will never request money payments through a third party or promise you any kind of cash prize.

Here are the incidents of fraudulent emails and other phishing scams that we're currently aware of:

September 2018:

Email sent to customers referencing the criminal theft of customer data and advising that they are entitled to full reimbursement and two free tickets from British Airways to a place of your choice.

June 2018:

1. Since 21 June we have noticed fake travel booking emails are being sent form an email address that says the company is "Travel2be", with a Subject line: "Thank you for your booking, XXX" ("XXX" will be your first name taken from your email account registration). The email is signed-off by British Airways. This is not about a genuine booking - please don't reply to the message or click any links. The email would typically read: 'Dear Jane Doe, Thank you for your booking with British Airways! We're very happy to welcome you on board on the 1st of July to Barcelona!'. It continues: 'We would love to hear about your experience with our booking system and in return for your feedback we reward you with a few exclusive gifts like the newest iPhone X or a Samsung Galaxy S9. We'd like to invite you to our survey of 6 short questions.'
2. A message is circulating online, claiming to be from British Airways about naming luggage tags. You can spot a scam message from spelling and grammatical errors in the text.
3. There are some fake promotions on Whatsapp mentioning 2000/2500 free business class tickets/5000 free tickets on our flights: "*British Airways giving freeXXXX Class Tickets.*. Get your free tickets at: http://www.britishạirways.com/freetickets/Enjoy?” or "Get your free ticket at: “http://www.briṭishairways.com". If you click the link it will take you to a non-British Airways website and request personal information - a letter in the website link has a little character/dot underneath it which changes the letter and enables the link to look like one of ours, but takes you to another website. Therefore, do not follow these links. 
4. Some people are receiving an email that implies they had previously made a tax-free goods order that now enables them to answer some quiz questions to win free flights from British Airways. The email has been sent with a few different Subject lines:  "Last purchase - " , "Order...",  "Your last purchase - " , "Tickets - ", or "Duty-Free order". Most times the sender of the email is named as "James Hiller - BA" or "Clara - British Air". These emails are not sent by us, nor have we participated in helping compile the quizzes or questionnaires being offered in them.
5. An email is being sent from this email address "travel@britishaeryways.co.uk", with a Subject saying "Booking confirmation". This isn't one of our email addresses and we would recommend that you don't click any of the links in the message, or reply to the email.
6. An email is being sent advising the person receiving it that they've won a lot of money in a promotion being operated by us. The email is allegedly being sent from "BRITISH AIRWAYS PROMOTION CLAIMS DEPARTMENT WATERSIDE", and is asking for some money to release the funds plus personal information. This is not a promotion we are running.
7. A fraudulent email is being sent asking people to click on attachments to view their British Airways tickets, for a journey they've not booked. The email is sent from unusual email addresses, and the Subject lines we have seen are: "Your flight order notification", "Flight tickets" "Flight order notification", "Canada Air",  "Flight order", "Your flight order", etc. Please do not click on any links or open any attachments.
8. There are fake 'offers' on Facebook saying we're offering two free tickets to customers to celebrate our company anniversary, if you click a link to complete a survey. If you're in any doubt about any offers like this you see on Facebook, please check our official Facebook profile - you can tell our official one as we have the blue circle with the white tick in it, to the right of our name. Similarly, some people have received a 'Whatsapp' message saying that British Airways are giving away free tickets for our anniversary celebrations, and asking the recipient to complete a survey to be entered into the draw. Again, this isn't an offer we're running.
9. Finally, some people are receiving emails inviting them to enter a competition to become a "mystery shopper", or to win large amounts of holiday vouchers by completing a survey - we're sorry to disappoint you but these aren't real competitions.
10. Some people are receiving emails from a fake email address "flights@britishairways.com" with a Subject Line "Voucher #57487 - 2 free flights".  Also look out for "Travel Reservation for xxx" / Travel Confirmation - #115157487" or "Travel Confirmation for xxx" (the "xxx" will match the part of your email address before the "@" symbol). In the main section of the email it refers to "Travel Confirmation - (#115157487)". This isn't a legitimate British Airways promotion and we didn't send you the message. 
11. There are also other fake emails offering vouchers toward holidays or flights with us, in exchange for clicking a link and providing personal information. The Subject line is usually "Choose your destination" or "Where to next?" Again, this isn't an offer we're aware of and your personal information could be in danger if you follow these links.
12. Several people have reported receiving WhatsApp messages making reference to accessing a link for a voucher to use for BA flights. We don't use WhatsApp as a channel to send out promotions or offers and this isn't an offer we're involved in. 

April 2017:

1. Some people are receiving emails from a fake email address "flights@britishairways.com" with a Subject Line "Voucher #57487 - 2 free flights".  Also look out for "Travel Reservation for xxx" / Travel Confirmation - #115157487" or "Travel Confirmation for xxx" (the "xxx" will match the part of your email address before the "@" symbol). In the main section of the email it refers to "Travel Confirmation - (#115157487)". This isn't a legitimate British Airways promotion and we didn't send you the message.
2. There are also other fake emails offering vouchers toward holidays or flights with us, in exchange for clicking a link and providing personal information. The Subject line is usually "Choose your destination" or "Where to next?" Again, this isn't an offer we're aware of and your personal information could be in danger if you follow these links.
3. Several people have reported receiving WhatsApp messages making reference to accessing a link for a voucher to use for BA flights. We don't use WhatsApp as a channel to send out promotions or offers and this isn't an offer we're involved in.

November 2016:

1. An email is being sent out with the subject line "Your Order #27395739 / 24 November 2016" or "Your Order #13847935 / 24 November 2016" (the date might change). The message is from tickets.BA@email.ba.air.com and refers to the booking reference "3OWJ13". This email was not sent by British Airways. If you have a concern whether a booking you receive an email about is legitimate, you can check via Manage My Booking.

August 2016:

1. Facebook-related fake British Airways pages with offers for free First class flight tickets (sometimes with hotel stays too). Most mention it's because of our 40th or 42nd birthday. We're sorry but this isn't an offer we're running and it's not from our legitimate/official British Airways Facebook page.
2. Some people have reported receiving an email with this subject line: "British Airways - You won a 10,000 miles flying card / Promo #99993392". The message refers to offering a gift card with the value 399 GBP. Please do not click the link nor reply to the email. This email was not sent by British Airways.
3. There are additional emails being sent offering non-existent vouchers for the amounts of 2,500 GBP, 1,000 GBP or £1,000. These emails have a few different subject lines, including references to “free flights” or “travel discounts” or “complimentary flights”. Again, these emails were not sent by us and the email address is not one British Airways would use. If you hover your cursor over any links in the email, you will see that these do not direct to ba.com. Our logo is also being used fradulently in these instances.
4. An email is being sent out with a subject line: "Your e-ticket receipt 1TKG86: LHR-JFK 30 Sep 2016". It is then referring to the following booking reference and payment amount: "Thanks for the purchase! Booking number: 1TKG86 - Your credit card has been charged for $691.62." This booking doesn't exist and you haven't been charged by British Airways.
5. Some people have received an email referring to booking number "BRAIR-12586-GB". This reference doesn't exist, nor is there a travel package to win.

March-May 2016:

We're aware of fraudulent "WhatsApp" or text messages that tell you there is a package/suitcase/letter in your name that is very valuable (although you had no idea about this parcel/package until you received this message) and which needs you to pay some money to 'release' it from British Airways World Cargo. Usually the people sending these message ask for the money to be sent through a company such as Western Union, or another money-sender. British Airways or IAG Cargo would not pass customers items to a third party to arrange repatriation. We would not collect any fees/charges in this way.

April 2016:

An email with the subject line "E-ticket confirmation" has been mailed out, referring to a fake e-ticket number "549843215952132" and a ticket price "2216.45 GBP". This email was not sent by us, and this ticket does not exist.

• Look for ‘https’ at the start of the web address (the ‘s’ stands for secure).
  
• Check that a padlock is displayed when entering personal or financial information.
• A green bar may also appear which means that the website has a valid security certificate.

• Ensure you have anti-virus protection installed, and that it is up to date.
• Keep your operating system and software up to date as these protect against the latest security threats.
• Protect your computer with a password and keep the password secret.

Wi-Fi hotspots in public places are convenient but are often not secure.

• Many hotspots do not encrypt information sent over the Wi-Fi network and might be accessed by someone else.
• Don’t log in to personal or financial accounts when using public wireless networks.
• Don’t log on to sites that don’t seem legitimate. Always ensure the site is fully encrypted.
• When you have finished using an account, remember to log out.

Mobile devices are essentially small computers.

• Install anti-virus software to protect from 'malware' (malicious software).
• Protect your mobile with a password or PIN.
• Keep your apps up to date.

Treat your personal information like cash.

• Don’t hand personal information out to just anyone.
• Only provide this information over encrypted websites (look for 'https' at the beginning of the web address).
• Use password protection for securing personal data.
• Protect your passwords. Keep them secure and out of plain sight.
• Do not use the same password for multiple accounts, as if it is stolen it can be used to take over all your accounts.

• When you buy a British Airways ticket over the Internet, your web browser connects with the website through an SSL ("Secure Sockets Layer"). SSL is an industry-standard protocol for encryption over the Internet.
  
• All of your personal information is encrypted as it travels over the Internet, to and from ba.com. When information is encrypted, it is scrambled between your computer and our server. The information is only unscrambled when it safely reaches us. It's fast and safe, and it ensures that your personal information cannot be read by anyone else.
• However, as with any standard email, emails containing your personal data sent to or from British Airways will travel in a non-encrypted format.

Once you have made a booking

As you make a booking we need to capture your personal details to go into the booking. At this point the information is encrypted. You can tell this is happening as browsers will display a key or padlock at the bottom left corner of the screen.

Completing the transaction

When you send your personal details to us, none of the information is stored on the website, it is passed straight back to our secure servers at our Heathrow headquarters, where it only exists as part of the record of your transaction.

Security messages

If you see a security message during the booking process, it is simply informing you that you are entering a secure area of the site. You will also see this message when you are severing the connection with our secure server, and moving into an open, public area of the site. At this point all of your personal information has been deleted, whether or not you actually completed a purchase. Your browser can be configured to display this message or not, as you choose.

Your personal information

British Airways considers your privacy to be of the utmost importance, and we are governed by the UK Data Protection Act 2018. If you are concerned with how we might collect and use information about you, you can find a complete explanation in our Privacy Policy.

British Airways makes every effort to ensure only authorized access is made to your booking when using Manage My Booking. This includes applying different levels of authentication depending on who you are and which services are being used.

If you are not a member of the Executive Club or you are a member but you are not logged into your account, then you will need to provide your booking reference and your surname to view your itinerary, add and change seat and special meal requests, add your Advance Passenger Information (API) or email your itinerary to a friend.

You will need to provide additional information to view details of any special meal previously requested, view or change your API or to print or email your e-ticket receipt. We will not ask for new information as part of this process; it will already have been provided by whoever made your booking at that time or by you when updating your booking. The information which may be requested includes your passport number and associated travel details, or all or part of the credit or debit card number of the card used to make your booking. If any of this information is not attached to your booking, then these second level authenticated services will not be used.

If you are a member of the Executive Club and you are logged into your account, we will recognise the bookings which you have associated to you through your account. We will only request additional information from you (as described above) to view or change another person’s API (on the same booking as yourself), or to print or email your e-ticket receipt.

Note: This information reflects our current security policy. If there are any changes in industry standards, the law or our procedures, the information in these pages will be updated.

For your protection please be aware of the following facts:

• You will only be asked for your card payment details if you wish to change or refund your booking on ba.com. We require this information specifically to debit or credit your card in relation to your booking.
• Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail or yahoo.
• British Airways will never request money payments through a third party, such as Western Union.

If you have reason to suspect an email claiming to be from British Airways is fraudulent, please forward it to phishing@email.ba.com so we can investigate its authenticity and take appropriate action. Please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply.