A retired London couple were forced to pay nearly £4,000 for new flights after cyber criminals, enraged by a failed fraud attempt, maliciously cancelled their British Airways booking.
The Lost Jacket That Sparked a Cyber Nightmare
Geoff Spink, a 63-year-old retired broadcaster, and his American wife Dawn had enjoyed the outbound leg of their British Airways Club World trip from Heathrow to Atlanta in late October 2025. The trouble began when Mr Spink realised he had left a specially adapted North Face fleece, crucial for his limb difference, on the aircraft.
His attempts to recover it led him into a bureaucratic loop between BA and Atlanta Airport's lost property. In frustration, he turned to social media platform X (formerly Twitter) for help, unwittingly stepping into a trap set by sophisticated fraudsters.
How the Scam Unfolded and Turned Vicious
Mr Spink was quickly contacted by fake accounts posing as BA customer service, with names like "BA Claim Review" and "BA Assistance Help". These scammers, who routinely intercept passenger complaints online, tried to trick him into downloading a money transfer app under the guise of offering compensation.
"I initially took these to be genuine," Mr Spink admitted. However, he soon recognised the hallmarks of a phishing scam and cut off contact. But in the process, the criminals had already obtained his six-digit Passenger Name Record (PNR) booking reference.
Armed with this code and his surname, the fraudsters accessed his booking on ba.com. With no financial gain possible—as any refund would go to the original card—they cancelled the couple's return business class flights purely out of spite. An aviation insider described the act as the scammers saying, "F*** you."
A Costly Lesson in Airline Security
Mr Spink initially dismissed a BA email about the cancellation, believing it was part of the scam. The devastating truth emerged only when he tried to check in for his flight home. British Airways confirmed the booking was cancelled "via the website" and said it could not be reinstated.
The airline offered only one solution: buy new tickets. The price for a last-minute one-way business class seat was a staggering £13,088. Instead, the couple paid £3,891 for premium economy tickets, incurring a net loss of nearly £4,000 on top of their original £5,091 return fare.
"I would say that I am tech savvy," said Mr Spink, who has taken anti-phishing training. "If it can happen to me, it can happen to anyone. Why on earth doesn't BA have some kind of two-factor authentication?"
The Aftermath and a Warning to Travellers
Mr Spink's travel insurer rejected his claim. However, American Express, the card provider used for the original booking, is investigating and may reimburse the loss. British Airways has declined to comment on the incident.
The case exposes a critical vulnerability in airline booking systems, where knowledge of a PNR and a surname grants full control without further verification. Mr Spink has called for BA and other corporations to take cybersecurity far more seriously.
This alarming story serves as a stark warning to all travellers: never share your booking reference on public social media platforms, and be hyper-vigilant of unsolicited contact from what appear to be airline support accounts.
