Earlier this week, a reader wrote about an email message he had received. The email message included a confirmation for tickets purchased through the American Airlines website. The reader was concerned that his bank information had been hacked, because he had not purchased any airline tickets.
The email message:
Subject: Your Order#647842534
Date: 15 Jan 2012 07:14:55 -0000
From: American Airlines (firstname.lastname@example.org)
Reply-To: American Airlines (email@example.com)
FLIGHT NUMBER AA683
DATE & TIME / JANUARY 30, 2012, 10:22 PM
ARRIVING / Raleigh
TOTAL PRICE / 395.22 USD
Please find your ticket attached. You can print your ticket. Thank you for your attention.
The email included a ZIP file attachment. Clearly, this was a phishing email scam since it included an incomplete itinerary and the ZIP file attachment. A real airline wouldn't do either. Like most phishing emails, this one tries to trick consumers to open the ZIP file attachment which installs a computer virus on the victim's computer to collect password data, directs the victim's web browser to a fake American Airlines website to collect personal data, or both.
If you receive a phishing message like this, or from any other airline, experts advise consumers to:
- Don't click on any links within the email message,
- Don't open any files attached to the email message,
- Don't send a reply email message to the sender,
- Manually enter the website address into your web browser to visit the airline's official website to verify the email message, and
- Check your credit card or bank statement for any fraudulent charges
The official American Airlines website has a page devoted to phishing email scams. It provides examples of various email scam messages, and advises consumers:
"American Airlines will never ask you to perform security-related changes to your account in this fashion or send emails to collect user names, passwords, email addresses or other personal information. If you receive an email claiming to be from American Airlines, that asks for account information, it should be considered fraudulent... do not click on any links, open any attachments, call any phone numbers listed or follow any instructions in the email. Instead, forward a copy of the email, including the header to firstname.lastname@example.org so that we can investigate further."
The Snopes.com website also contains information verifying email phishing scams, including the above scam.