April 27, 2017


There is a new spin on an existing phishing scam that employers and employees should be made aware of. It comes in the form of an email that leads the end user to believe the email is coming from a major airline company used previously on a business trip or a scheduled trip coming up in the near future. This airline phishing attack combines all “criminal best-practices” to steal credentials and drop malware on disk which is used to then further hack into the network you are using.

First, the hackers do research on you personally using social media or by other means and find out where and when you may travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit. On occasions, there will even be a link in this email that goes to a website that looks identical to a real airline website, but it is fake.

They try to do two things with this scam:

  1. Try to steal your company username and password, and;
  1. Try to trick you into opening the attachment which could be a PDF or DOCX.

If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the individual(s) to hack into your network.

The campaign targets companies that deal with frequent shipping of goods or employee travel. For example, logistical, shipping, or manufacturing companies. However, almost any organization that has people that frequently visit customers or business partners via airline travel can be potential targets.

A quick and easy fix to check your airline reservation or flight status, simply open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. Don’t be so quick to click!

Tips to Fight off the Scam:

Companies should use a multi-layered security approach to block this type of attack. Such as:

  1. The first layer is sandboxing. Effective sandboxing with advanced persistent threat prevention should be able to block malware before it ever reaches the corporate mail server.
  1. The second layer is anti-phishing protection. Advanced phishing engines with Link Protection looks for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document.
  1. The third layer, and the most inexpensive, is employee training and awareness. Regular training and testing of your employees will increase their awareness and help them catch targeted attacks without compromising your internal network.



“Scam of the Week” Article.