Maximise your Avios, air miles and hotel points

We have our first example of Avios / Nectar fraud

Links on Head for Points may pay us an affiliate commission. A list of partners is here.

Last week I wrote an article explaining why Avios fraud may be about to increase, and why you should ensure your account is secure.

Stealing frequent flyer miles is not usually a priority. The requirement to pay for the taxes on the flight you book with a credit card, as well as giving your real name and passport details whilst booking, is not attractive to thieves. This is why British Airways Executive Club accounts are not a top target for hackers.

Now things have changed. Hack into an BA account and you can transfer 50,000 Avios onto a random Nectar card, giving the thief £400 to spend.

Nectar Avios light

We have our first hacked reader

Last night I got an email from a reader who had, literally, discovered that he had been hacked an hour before he contacted me.

The reader had checked his email and found around 70 random pieces of content.  “They were all sign ups to weird sites, requests for quotes to Mexican transport companies etc” he wrote.

Halfway through the list was the email from British Airways Executive Club saying that his account had been linked to a Nectar account.

Cunningly, the hacker had hoped that by spamming the inbox with a large amount of content at once, the Nectar email would be missed.

The email said: “Congratulations, your British Airways Executive Club account has successfully been linked to a Nectar account ending in 9013.”

The reader quickly logged in to his British Airways Executive Club account. 50,000 Avios – the monthly maximum – had been transferred to the Nectar card.

(Our reader does have a Nectar card, but it doesn’t end in 9013. He had not yet linked it to his BA account.)

He called British Airways Executive Club and it locked his account. He has been promised an email from BA “in a couple of weeks”.

It is worth noting that our reader was impacted by the British Airways data breach a couple of years ago, during which his Executive Club account details would have been stolen. It isn’t clear if this is connected or not. It is possible that his details are amongst those BAEC accounts being sold on the ‘dark web’.

Conclusion

As I wrote in my article last week, the Avios / Nectar security is lax. There is no attempt to match surnames or email addresses. You can even link and unlink Nectar cards between multiple accounts.

It is possible that the hacker got away with it. Whilst the reader had his British Airways account locked, BA could not lock his Nectar account.

As long as the hacker had already used the Nectar card once, he could immediately head into Sainsbury’s and spend £400. More likely, he will have ordered £400 of eBay credit and used it to buy something from another eBay account under his control.

PS. It turns out we have had a 2nd example of fraud amongst our readers. After this article was published, someone else got in touch.

“Same thing happened to us too! We got an email saying our Executive Club account had been linked to a Nectar account. And 50k Avios were transferred out. We contacted both BA and Nectar but so far no news (BA said it could take up to 28 days for their audit team to investigate but they said we should get our Avios back).”

How to earn Avios points from UK credit cards

How to earn Avios from UK credit cards (December 2021)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways BA Amex American Express card

British Airways American Express

5,000 Avios for signing up, no annual fee and an Economy 2-4-1 voucher for spending ….. Read our full review

British Airways BA Premium Plus American Express Amex credit card

British Airways American Express Premium Plus

25,000 Avios and the UK’s most valuable credit card perk – the 2-4-1 companion voucher Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points, such as:

Nectar American Express

American Express Preferred Rewards Gold

Your best beginner’s card – 20,000 points, FREE for a year & two airport lounge passes Read our full review

American Express Platinum card Amex

The Platinum Card from American Express

30,000 points and an unbeatable set of travel benefits – for a fee Read our full review

Run your own business?

We recommend Capital On Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, along with a sign-up bonus worth 10,500 Avios:

Capital On Tap Business Rewards Visa

The most generous Avios Visa or Mastercard for a limited company Read our full review

You should also consider the British Airways Accelerating Business credit card. This is open to sole traders as well as limited companies and has a 30,000 Avios sign-up bonus:

British Airways Accelerating Business American Express card

British Airways Accelerating Business American Express

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

(Want to earn more Avios?  Click here to visit our home page for our latest articles on earning and spending your Avios points and click here to see how to earn more Avios this month from offers and promotions.)

Category

British Airways and Avios, Sainsbury's and Nectar

Comments (166)

This article is closed to new posts. Discussion continues in the HfP Forums.

  • Greenpen says:
    6 Feb6 February 23:12

    It’s not just death that causes problems. All my devices seem to forget passwords on a regular basis. If I used those long suggested passwords I would spend hours sorting out the subsequent problems

    • Stu says:
      7 Feb7 February 07:43

      You really need to get yourself some password management software by the sounds of it. 1Password or many others similar are available relatively inexpensively given what they offer.

    • Fenny says:
      8 Feb8 February 19:02

      I use Remembear. It’s fab. I pay £24/year and have it on 5 devices, including my phone, tablet & PC. Now I just need to change all the passwords that were easy to remember to something utterly random.

  • Tom says:
    7 Feb7 February 17:49

    “There is no attempt to match surnames or email addresses. You can even link and unlink Nectar cards between multiple accounts.”

    This really is unnacceptable, personally think BA should be at fault here if your account gets hacked. There should at least be some sort of verification or a 3 business day lock before they go through.

  • TheJWag says:
    8 Feb8 February 12:20

    Rather than require surname or address matches I’d prefer to see an sms sent prior to linking accounts or transferring avios to nectar, perhaps integrated into the BA app somehow.

  • Gareth Jeanne says:
    8 Feb8 February 12:52

    It’s completely ridiculous that after bring hacked to the level that BA was, that 2FA isn’t even an option on your BAEC account. With this setup using an authenticator app (Authy e.t.c), even if your password is compromised, they can’t get into your account.

  • Jonathan says:
    9 Feb9 February 09:10

    Seems the Avios Nectar issue just getting worse. Lots of reports of stolen Avios and little being done to stop it. Only a matter of time before the press pick this up!

  • Louise says:
    23 Feb23 February 10:53

    Sorry if this has already been discussed but tried to do a manual Avios to nectar conversion online this morning and this service seems to have been suspended – message says you have to call instead. Guessing this is linked to the frauds reported in the press? Anyone know if this is going to reinstated?

    • Rob says:
      23 Feb23 February 11:07

      It was working for an hour or so last night with a trial of 2FA running. I imagine once the bugs in 2FA are ironed out it will resume.

This article is closed to new posts. Discussion continues in the HfP Forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Learn more on our About page.

VAA

Latest comments

Latest Forum Posts

Get 30,000 points bonus with American Express Platinum

Amex Gold

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.3 million of rooms to date. Click for details.

Get 20,000 bonus points and your first year free with American Express Gold

Amex Gold