Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









American Airlines Flight Ticket Order Malware Emails

Outline
Emails purporting to be ticket order notifications from American Airlines claim that the recipient can follow a link or open an attachment to print out airline tickets.



Brief Analysis
The emails are not from American Airlines. Opening attachments or following links in the messages can install malware on the recipient's computer.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 7th December 2011
First published: 7th December 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Fwd: Re: Your Flight Order AM76-646592

Dear Customer,

FLIGHT ELECTRONIC NUMBER 606-851707
DATE & TIME / DECEMBER 10, 2011, 03:12 PM
ARRIVING AIRPORT: Chicago O’Hare International Airport
PRICE : 313.92 USD

Please download and print out your ticket here:
Download

Rolland THOMSON,
Airlines America


Subject: ORDER ID: 045294099, American Airlines

Notification,
FLIGHT NUMBER A545IL
ELECTRONIC 0333457903
DATE & TIME / DECEMBER 16, 2011, 10:45 PM
ARRIVING / NEW YORK JFK
TOTAL PRICE / 320.43 USD

Please find your ticket attached.
To use your ticket you should print it.

Thank you for using our airline company services.
American Airlines.



Detailed Analysis
These emails, which purport to be from American Airlines, claim to provide the recipient with information about a recent flight ticket order and include details about flight times, dates, destinations and costs. The emails instruct recipients to print out their flight tickets either by opening an attached file or by following a link to a website.

However, the emails are not from American Airlines and the claim that the user can print out flight tickets is a ruse designed to trick people into opening attachments or following links. In fact, the attachments and websites harbour malware, that once installed, can steal sensitive personal and financial information from the compromised computer and relay it to Internet criminals.

American Airlines has posted a warning about the malware on its website.

Details, including subject lines, order numbers and flight information in the malware emails vary considerably. And, as noted earlier, some hide the malicious payload in an attached file while others direct users to a website that contains the malware. In another very similar malware campaign, the malicious emails claim to contain ticket information from Delta Airlines.

If you receive one of these malware emails, do not open any attachments or follow any links that it may contain.

Bookmark and Share

References
Phony Delta, American Airlines itineraries lead to malware
American Airlines Malware Warning



Last updated: 7th December 2011
First published: 7th December 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer