US-CERT Warns About Airline Phishing Scams

What if there was a new phishing scam that had an open rate of 90%.  That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.

These attacks begin with the scammer researching the target victim.  These targets usually work at companies where there is a lot of air travel.  The emails are personalized, and designed to look like airline flight confirmations, or travel company invoices.  Subject lines include details such as airline, ticket price, and destination that would be believable to the recipient.

There are two versions of this exploit.

  • One uses malicious attachments that look like flight itineraries, invoices, or receipts. Opening the attachment will install a remote access Trojan or keylogger.  The keylogger collects more personal data, including user IDs and passwords to other websites and internal systems.
  • The other provides a link to a replica website login screen, and captures the victims’ user credentials.  Often there are additional web forms to capture more detailed information about the victim and their organization.
  • If they can gain access to a user’s computer, they can pivot to other computers and extend the exploit deeper into the organization.

Like other phishing scams, the best way to protect yourself is:

  • When confirming travel arrangements, use the vendor’s website.  Do not click on the offered link in the email.  Open your browser and go directly to the airline website by typing the address into the address bar, or use a bookmark or favorite you created earlier.
  • Never click on any link in an email without at least checking the destination by hovering over the link and reading what appears in the tool tip box.  If the web address looks unusual, just assume the email is a fake and delete it.
  • Never open an attachment without confirming with the sender,
  • Or forward the email with the attachment to scan@virustotal.com.  Change the subject line to SCAN, and wait for a response from VirusTotal.  The attachment will be scans, and if the attachment contains malware, you will be notified in the scanner results email.  This process takes less than 10 minutes.

Be aware, and pass this warning on to others in your company.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment