Phishing bait: American Airlines ticket confirmation.
Example:[Collected via e-mail, November 2011]
Sent: Thursday, November 17, 2011 5:17 PM
Subject: Re: Your Flight Order N590-5507130
FLIGHT ELECTRONIC NUMBER 8532856
DATE & TIME / NOVEMBER 28, 2011, 11:17 PM
ARRIVING: NEW YORK JFK
TOTAL PRICE : 278.02 USD
Please download and print out your ticket here:
Please find your ticket attached.
To use your ticket you should print it.
Thank you for using our airline company services.
Origins: In November 2011, Internet users began receiving messages like the one reproduced above that purported to be confirmations of recently purchased tickets for flights on American Airlines. Such messages included instructions for the recipients to follow a hyperlink or open an attachment containing what appeared to be a document (in text, PDF, or Microsoft Word format) in order to download and print their tickets. These messages were intended to lure recipients, concerned about receiving confirmations for airline ticket purchases they didn't remember making, into attempting to view the referenced ticket information — a process which would lead them not to viewing a document but into launching an executable file.
American Airlines has posted a warning about this scheme on its site, advising that:
If you received an email like the example [above] asking you to perform security-related changes to your account or attempting to collect your user name, password, email address or other personal information, you have received a fraudulent email. American Airlines will never send executable files as attachments, nor ask our customers for this type of personal information in email communications.
Login to AA.com by entering www.aa.com manually
Verify your mileage balance, email address, and physical address
Immediately change your password to help protect your account information If you see any discrepancies over the next day or two, please contact our AAdvantage Services Department at 1-800-882-8880. In most cases, attempts to obtain personal information begins with an unauthorized change of the victim's password, preventing the true account owner from logging in.
DO NOT click on any links, open any attachments, call phone numbers listed, or follow any instructions in these fraudulent emails including opening any type of attachments. Instead, delete all emails and attachments.
If you have clicked on any of the links in this fraudulent email, please take these steps:
We deeply regret this inconvenience to you as an American Airlines customer. Your privacy and security is extremely important to us.
Last updated: 5 December 2011
Urban Legends Reference Pages © 1995-2015 by snopes.com.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.