I recently received this email message, reprinted here in entirety:
E-TICKET NUMBER / 2 675 1193306895 2
SEAT / 56F/ZONE 3
DATE / TIME 27 OCTOBER, 2012, 10:45 PM
ARRIVING / Sacramento
FORM OF PAYMENT / CC
TOTAL PRICE / 279.79 USD
REF / OE4753 ST / OK
BAG / 5PC
Your bought ticket is attached.
To use your ticket you should print it.
Thank you for using our airline company services.
That’s it. No infected attachment, no link to some malware source, no phone to call, no information to supply. The account origin showed as “firstname.lastname@example.org,” which appears to be the correct AA URL.
American confirms (obviously) that it didn’t send this email. American’s representative indicated that it probably was phishing, but, like me, couldn’t find any scam mechanism. Maybe somebody forgot to include or attach something. For now, however, it remains, in the words of the King, “a puzzlement.”
But not all phishing is so benign. You encounter lots of phishing ostensibly originating from an airline. American Airlines has posted a special page on its website with examples of phishing, instructions about coping with it, and information on the most prevalent phishing characteristics. (Although I’m citing an example from American, this problem is common among many airlines.) Here are the highlights:
- No airline will ever send you a blind email asking for personal information or to update an account.
- The from airline often looks valid but the email actually redirects you to a spoof site.
- Never try to open an attachment from a suspicious source.
You already knew this, didn’t you? And yet—as a good friend recently found out to his dismay—even supposedly computer savvy folks can get caught. Much malware these days is so bad that you have to reformat your hard disc and reinstall everything. Your only defense is to keep a current offline backup.
Oh, and one last tidbit. American doesn’t have any planes with a seat 56F.
You Might Also Like: