Earlier this week, a reader wrote about an email message he had received. The email message included a confirmation for tickets purchased through the American Airlines website. The reader was concerned that his bank information had been hacked, because he had not purchased any airline tickets.
The email message:
Subject: Your Order#647842534
Date: 15 Jan 2012 07:14:55 -0000
From: American Airlines (news-nr221@aa.com)
Reply-To: American Airlines (news-nr221@aa.com)
To: XXXXXXXX@XXXXX.com
Hello
FLIGHT NUMBER AA683
ELECTRONIC 885741402
DATE & TIME / JANUARY 30, 2012, 10:22 PM
ARRIVING / Raleigh
TOTAL PRICE / 395.22 USD
Please find your ticket attached. You can print your ticket. Thank you for your attention.
American Airlines.
The email included a ZIP file attachment. Clearly, this was a phishing email scam since it included an incomplete itinerary and the ZIP file attachment. A real airline wouldn't do either. Like most phishing emails, this one tries to trick consumers to open the ZIP file attachment which installs a computer virus on the victim's computer to collect password data, directs the victim's web browser to a fake American Airlines website to collect personal data, or both.
If you receive a phishing message like this, or from any other airline, experts advise consumers to:
- Don't click on any links within the email message,
- Don't open any files attached to the email message,
- Don't send a reply email message to the sender,
- Manually enter the website address into your web browser to visit the airline's official website to verify the email message, and
- Check your credit card or bank statement for any fraudulent charges
The official American Airlines website has a page devoted to phishing email scams. It provides examples of various email scam messages, and advises consumers:
"American Airlines will never ask you to perform security-related changes to your account in this fashion or send emails to collect user names, passwords, email addresses or other personal information. If you receive an email claiming to be from American Airlines, that asks for account information, it should be considered fraudulent... do not click on any links, open any attachments, call any phone numbers listed or follow any instructions in the email. Instead, forward a copy of the email, including the header to webmaster@aa.com so that we can investigate further."
The Snopes.com website also contains information verifying email phishing scams, including the above scam.
The problem with phishing email scams is they use the same philosophy that a terrorist would use in that they only have to be successful once and the same tactics that a direct sales letter company uses. If a direct sales mailing converts on 1 or 2 % of the mail out the seller makes a pile of money. The same with phishing emails. They send out a million emails and even if only 1% of them convert that's still ten thousand victims, and a pile of money for the criminal.
Posted by: Ian Worrall | Thursday, February 02, 2012 at 08:41 PM
I DID click on it. then I deleted the zip file and deleted my trash. How can I find out if something was installed on my computer???
Posted by: martha | Thursday, February 09, 2012 at 11:11 AM
Martha:
My suggestions: stop whatever else you are doing and:
1) Immediately download the latest update for the anti-virus software installed on your computer,
2) Do a full scan of your computer's hard drive(s) using the anti-virus software you have installed.
3) Set up your anti-virus software to regularly scan ONCE WEEKLY your computer's hard drive(s) for software viruses
If you don't know how to do this, ask somebody you trust for help, or hire a computer professional (e.g., Geek Squad or equivalent). Don't access any online banking accounts until you have completed both #1 and #2 above.
George
Editor
http://ivebeenmugged.typepad.com
Posted by: George | Thursday, February 09, 2012 at 11:31 AM