Issue 159 - August, 2013 (1st Edition) - Page 6
Qantas 'E-Ticket Itinerary Receipt' Malware Email
Email purporting to be from Australian based airline Qantas claims that recipients can view an 'E-Ticket Itinerary Receipt' by opening an attached file.
© Depositphotos.com/ Rafael Ben-Ari
The email is not from Qantas. The attached file contains malware.
Subject: Qantas Departure Information - 405F9F YUV BIN 3UE
Thank you for choosing to fly with Qantas.
Attached to this e-mail you will find your E-Ticket Itinerary Receipt and the Terms and Conditions of Carriage. Each passenger travelling is required to carry a printed copy of the E-Ticket document for check-in, immigration, customs, airport security checks and duty free purchases at the airport.
We have also provided some information below to help you prepare for the first flight of your journey. Flight details for all flights in your itinerary are included in your E-Ticket Itinerary Receipt attached.
This email, which claims to be from Australian airline Qantas, advises recipients that they can access an E-Ticket itinerary receipt and terms and conditions of travel by opening an attached file. The email includes the Qantas logo and other information and links about travelling on the airline.
However, the email is not from Qantas and the attachment does not contain flight information as claimed. In fact, the attachment harbours malware. The attachment comes in the form of a .zip file. Unzipping this file will reveal what at first glance may appear to be an innocent PDF. However, the file is actually a malicious .exe file, not a .pdf. In an attempt to fool potential victims, the file has a double extension (.pdf.exe). Clicking on this disguised .exe file will install the malware on the victim's computer.
The exact purpose of this malware may vary in different incarnations of the scam. However, such malware will typically steal personal and financial information from the compromised computer and send it to the criminals operating the malware campaign. It may also download and install more malware and allow criminals to take control of the infected computer.
The goal of the criminals is to panic at least a few recipients into opening the attachment because they mistakenly believe that flights have been booked in their name without their permission or knowledge. People who have actually booked Qantas flights recently might also open the file without due care.
To make the message seem more legitimate, secondary links in the email open the genuine Qantas website.
The Qantas version is just one in a series of very similar malware emails that have targeted users in recent years. Criminals have used the names of several other airline and travel companies, including Jetstar
, Delta Airlines
, American Airlines
If your receive any unsolicited and unexpected email claiming to contain travel or flight booking information, do not open any attachments or click on any links that it contains.
Last updated: July 25, 2013
First published: July 25, 2013
By Brett M. Christensen
Pages in this issue:
- Warning - Grapes and Raisins Toxic to Dogs And Cats
- Circulating Warning Claims Antiperspirants Cause Breast Cancer
- Gareth & Catherine Bull Advance Fee Lottery Scam
- Does a Viral Video Really Depict a Snowfall in the Philippines?
- Wellness Company Woolies Voucher Hoax
- Qantas 'E-Ticket Itinerary Receipt' Malware Email
- The Tale of Pastor Jeremiah Steepek and the Homeless Man
- American Express 'Online Security Service Notification' Phishing Scam
- Dell Computer Giveaway Survey and Like Farming Scam
- Tear Drop Monument - Russian Gift to the United States
- Bank of America Merchant Statement Malware Email
- Disgraceful Hoax - 'All Facebook Companies' Donations to Help 9 Year Old Girl'
- 'Disneyland SuMMer Vacation' Free Tickets Like-Farming Scam
- MBNA 'Request to Terminate Online Card Services' Phishing Scam
- Burned Dog Paws Warning
- Tim Tams 'May Contain Traces of Human Flesh' Hoax Image
- Spurious Facebook Warning - 'Powerful Computer Viruses Named Trojans'
- Big W Samsung TV Giveaway Like-Farming Scam
- Siamese Pike Photograph
- Circulating Message Warns of Drug Called 'Molly'
- 'Confirm Your Apple Account' Phishing Scam
- Windows Live - Hotmail Account Closure Phishing Scam
- Circulating Internet Message Warns of Rotavirus Outbreak
- Facebook 'Graphic App' Privacy Warning Hoax
- Harvey Norman Like Farming Scam