Website security

• Think of passwords as keys. Use a different one for each account, as if it is stolen it can be used to take over all your accounts.
• Make it strong by using a mixture of upper and lower case letters, numbers and special characters. The longer it is, the better.
• Avoid using personal information, dictionary words and consecutive numbers as these can be guessed.
• Consider using a passphrase. For example, choose a song or phrase and take the first letter of each word, substitute in numbers and special characters. e.g. Tx2l*hIwwUR (decrypts as "twinkle twinkle little star how I wonder what you are").

If it seems too good to be true, then it probably is. 

Scams come in many guises; be it social media, email, phone calls, etc. Be suspicious if you are offered a deal, service or prize, especially if you are required to make a payment or provide personal details. Often the deals are only available for limited time periods, forcing you to make an instant decision.

There is an internet fraud practice known as 'phishing' which is the illegal gathering of personal information by deception. Fraudsters pose as a trusted source (like your bank), and try to get you to divulge your personal details.

If you suspect that you have received a fraudulent email:

• Don’t click on any links or attachments, and check the sender's address.
• Report a phishing email that appears to be from British Airways by sending it to phishing@email.ba.com (please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply)

Legitimate emails from British Airways will not have been sent from a web-based mail server such as gmail, hotmail, yahoo, etc. In addition, we will never request money payments through a third party or promise you any kind of cash prize.

Here are the incidents of fraudulent emails and other phishing scams that we're currently aware of:

September 2018:

Email sent to customers referencing the criminal theft of customer data and advising that they are entitled to full reimbursement and two free tickets from British Airways to a place of your choice.

June 2018:

1. Since 21 June we have noticed fake travel booking emails are being sent form an email address that says the company is "Travel2be", with a Subject line: "Thank you for your booking, XXX" ("XXX" will be your first name taken from your email account registration). The email is signed-off by British Airways. This is not about a genuine booking - please don't reply to the message or click any links. The email would typically read: 'Dear Jane Doe, Thank you for your booking with British Airways! We're very happy to welcome you on board on the 1st of July to Barcelona!'. It continues: 'We would love to hear about your experience with our booking system and in return for your feedback we reward you with a few exclusive gifts like the newest iPhone X or a Samsung Galaxy S9. We'd like to invite you to our survey of 6 short questions.'
2. A message is circulating online, claiming to be from British Airways about naming luggage tags. You can spot a scam message from spelling and grammatical errors in the text.
3. There are some fake promotions on Whatsapp mentioning 2000/2500 free business class tickets/5000 free tickets on our flights: "*British Airways giving freeXXXX Class Tickets.*. Get your free tickets at: http://www.britishạirways.com/freetickets/Enjoy?” or "Get your free ticket at: “http://www.briṭishairways.com". If you click the link it will take you to a non-British Airways website and request personal information - a letter in the website link has a little character/dot underneath it which changes the letter and enables the link to look like one of ours, but takes you to another website. Therefore, do not follow these links. 
4. Some people are receiving an email that implies they had previously made a tax-free goods order that now enables them to answer some quiz questions to win free flights from British Airways. The email has been sent with a few different Subject lines:  "Last purchase - " , "Order...",  "Your last purchase - " , "Tickets - ", or "Duty-Free order". Most times the sender of the email is named as "James Hiller - BA" or "Clara - British Air". These emails are not sent by us, nor have we participated in helping compile the quizzes or questionnaires being offered in them.
5. An email is being sent from this email address "travel@britishaeryways.co.uk", with a Subject saying "Booking confirmation". This isn't one of our email addresses and we would recommend that you don't click any of the links in the message, or reply to the email.
6. An email is being sent advising the person receiving it that they've won a lot of money in a promotion being operated by us. The email is allegedly being sent from "BRITISH AIRWAYS PROMOTION CLAIMS DEPARTMENT WATERSIDE", and is asking for some money to release the funds plus personal information. This is not a promotion we are running.
7. A fraudulent email is being sent asking people to click on attachments to view their British Airways tickets, for a journey they've not booked. The email is sent from unusual email addresses, and the Subject lines we have seen are: "Your flight order notification", "Flight tickets" "Flight order notification", "Canada Air",  "Flight order", "Your flight order", etc. Please do not click on any links or open any attachments.
8. There are fake 'offers' on Facebook saying we're offering two free tickets to customers to celebrate our company anniversary, if you click a link to complete a survey. If you're in any doubt about any offers like this you see on Facebook, please check our official Facebook profile - you can tell our official one as we have the blue circle with the white tick in it, to the right of our name. Similarly, some people have received a 'Whatsapp' message saying that British Airways are giving away free tickets for our anniversary celebrations, and asking the recipient to complete a survey to be entered into the draw. Again, this isn't an offer we're running - sorry!
9. Finally, some people are receiving emails inviting them to enter a competition to become a "mystery shopper", or to win large amounts of holiday vouchers by completing a survey - we're sorry to disappoint you but these aren't real competitions.
10. Some people are receiving emails from a fake email address "flights@britishairways.com" with a Subject Line "Voucher #57487 - 2 free flights".  Also look out for "Travel Reservation for xxx" / Travel Confirmation - #115157487" or "Travel Confirmation for xxx" (the "xxx" will match the part of your email address before the "@" symbol). In the main section of the email it refers to "Travel Confirmation - (#115157487)". This isn't a legitimate British Airways promotion and we didn't send you the message.) 
11. There are also other fake emails offering vouchers toward holidays or flights with us, in exchange for clicking a link and providing personal information. The Subject line is usually "Choose your destination" or "Where to next?" Again, this isn't an offer we're aware of and your personal information could be in danger if you follow these links.

10.Several people have reported receiving WhatsApp messages making reference to accessing a link for a voucher to use for BA flights. We don't use WhatsApp as a channel to send out promotions or offers and this isn't an offer we're involved in. 

April 2017:

1) Some people are receiving emails from a fake email address "flights@britishairways.com" with a Subject Line "Voucher #57487 - 2 free flights".  Also look out for "Travel Reservation for xxx" / Travel Confirmation - #115157487" or "Travel Confirmation for xxx" (the "xxx" will match the part of your email address before the "@" symbol). In the main section of the email it refers to "Travel Confirmation - (#115157487)". This isn't a legitimate British Airways promotion and we didn't send you the message.

2) There are also other fake emails offering vouchers toward holidays or flights with us, in exchange for clicking a link and providing personal information. The Subject line is usually "Choose your destination" or "Where to next?" Again, this isn't an offer we're aware of and your personal information could be in danger if you follow these links.

3) Several people have reported receiving WhatsApp messages making reference to accessing a link for a voucher to use for BA flights. We don't use WhatsApp as a channel to send out promotions or offers and this isn't an offer we're involved in.

November 2016:

1) An email is being sent out with the subject line "Your Order #27395739 / 24 November 2016" or "Your Order #13847935 / 24 November 2016" (the date might change). The message is from tickets.BA@email.ba.air.com and refers to the booking reference "3OWJ13". This email was not sent by British Airways. If you have a concern whether a booking you receive an email about is legitimate, you can check via Manage My Booking.

August 2016:

1) Facebook-related fake British Airways pages with offers for free First class flight tickets (sometimes with hotel stays too). Most mention it's because of our 40th or 42nd birthday. We're sorry but this isn't an offer we're running and it's not from our legitimate/official British Airways Facebook page.

2) Some people have reported receiving an email with this subject line: "British Airways - You won a 10,000 miles flying card / Promo #99993392". The message refers to offering a gift card with the value 399 GBP. Please do not click the link nor reply to the email. This email was not sent by British Airways.

3) There are additional emails being sent offering non-existent vouchers for the amounts of 2,500 GBP, 1,000 GBP or £1,000. These emails have a few different subject lines, including references to “free flights” or “travel discounts” or “complimentary flights”. Again, these emails were not sent by us and the email address is not one British Airways would use. If you hover your cursor over any links in the email, you will see that these do not direct to ba.com. Our logo is also being used fradulently in these instances.

4) An email is being sent out with a subject line: "Your e-ticket receipt 1TKG86: LHR-JFK 30 Sep 2016". It is then referring to the following booking reference and payment amount: "Thanks for the purchase! Booking number: 1TKG86 - Your credit card has been charged for $691.62." This booking doesn't exist and you haven't been charged by British Airways.

5) Some people have received an email referring to booking number "BRAIR-12586-GB". This reference doesn't exist, nor is there a travel package to win.

March-May 2016:

We're aware of fraudulent "WhatsApp" or text messages that tell you there is a package/suitcase/letter in your name that is very valuable (although you had no idea about this parcel/package until you received this message) and which needs you to pay some money to 'release' it from British Airways World Cargo. Usually the people sending these message ask for the money to be sent through a company such as Western Union, or another money-sender. British Airways or IAG Cargo would not pass customers items to a third party to arrange repatriation. We would not collect any fees/charges in this way.

April 2016:

An email with the subject line "E-ticket confirmation" has been mailed out, referring to a fake e-ticket number "549843215952132" and a ticket price "2216.45 GBP". This email was not sent by us, and this ticket does not exist.

• Look for ‘https’ at the start of the web address (the ‘s’ stands for secure).
• Check that a padlock is displayed when entering personal or financial information.
• A green bar may also appear which means that the website has a valid security certificate.

• Ensure you have anti-virus protection installed, and that it is up to date.
• Keep your operating system and software up to date as these protect against the latest security threats.
• Protect your computer with a password and keep the password secret.

Wi-Fi hotspots in public places are convenient but are often not secure.

• Many hotspots do not encrypt information sent over the Wi-Fi network and might be accessed by someone else.
• Don’t log in to personal or financial accounts when using public wireless networks.
• Don’t log on to sites that don’t seem legitimate. Always ensure the site is fully encrypted.
• When you have finished using an account, remember to log out.

Mobile devices are essentially small computers.

• Install anti-virus software to protect from 'malware' (malicious software).
• Protect your mobile with a password or PIN.
• Keep your apps up to date.

Treat your personal information like cash.

• Don’t hand personal information out to just anyone.
• Only provide this information over encrypted websites (look for 'https' at the beginning of the web address).
• Use password protection for securing personal data.
• Protect your passwords. Keep them secure and out of plain sight.
• Do not use the same password for multiple accounts, as if it is stolen it can be used to take over all your accounts.

• When you buy a British Airways ticket over the Internet, your web browser connects with the website through an SSL ("Secure Sockets Layer"). SSL is an industry-standard protocol for encryption over the Internet.
• All of your personal information is encrypted as it travels over the Internet, to and from ba.com. When information is encrypted, it is scrambled between your computer and our server. The information is only unscrambled when it safely reaches us. It's fast and safe, and it ensures that your personal information cannot be read by anyone else.
• However, as with any standard email, emails containing your personal data sent to or from British Airways will travel in a non-encrypted format.

Once you have made a booking

Completing the transaction

Security messages

Your personal information

View the Privacy Policy

Every effort is made to block suspicious activity, however in some circumstances a small number of customers may have their access to ba.com blocked.

If you are using a desktop PC or laptop

British Airways uses an external company, Webroot BrightCloud, as a threat intelligence service to enable traffic from genuine customers to flow through. Should you get an error message to say that the ba.com page you were trying to visit has been blocked, please follow the below instructions.

• Paste the following URL into your browser and enter your computer's IP address:
  http://www.brightcloud.com/tools/change-request-ip-reputation.php
• Your request should take 24 to 48 hours to complete.
• Should your request fail and you feel it should not, then please contact our support team on +44 (0)344 493 0787 option 3 (calls charged at local rate with the UK, open daily 06:00-20:00 UK time).
• Please quote your support reference (made up of 20 numbers) and your IP address.

If you are using a mobile

• Turn off your Wi-Fi and try again.
• Try using ba.com on a desktop PC or laptop and if the problem persists follow the instructions above.

For your protection please be aware of the following facts:

• You will only be asked for your card payment details if you wish to change or refund your booking on ba.com. We require this information specifically to debit or credit your card in relation to your booking.
• Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail or yahoo.
• British Airways will never request money payments through a third party, such as Western Union.

If you have reason to suspect an email claiming to be from British Airways is fraudulent, please forward it to phishing@email.ba.com so we can investigate its authenticity and take appropriate action. Please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply.