Hackers go phishing for AA customers


As Americans lead increasingly online lives, “phishing” is unfortunately increasing as well.

While there are different forms, a simple explanation of “phishing” is a fraudulent email intended to get the recipient to turn over personal information, which can then be used for a variety of treacherous perfidies — none of them good.

While many of us have heard about “phishing” emails that purport to come from banks, paypal, credit card companies and the like, airlines are not immune and are seeing more phishing expeditions than ever.

Several months ago a phishing campaign was launched against USAirways customers. Usually, the emails reported a supposed ticket purchase or the need to check in for a fictitious flight or a change to frequent flier records. The emails came complete with record locator numbers (false, of course) and links to pages that were relatively good reproductions of USAirways.com pages.

Since I rarely fly US Airways, I knew up front the emails were fake, and a closer look usually shows some blatant grammar errors, just for starters. Now, American Airlines is apparently being beset by the same scammers and the airline is concerned enough to alert their customers about the dangers of falling for this new phishing scam.

In a statement on their website, American Airlines warns customers that they will never ask for personal information in an email, and includes some phishing samples.

Some of the emails are pretty obvious fakes, saying, “It’s time to check-in online” or “Your Online Flight Ticket.”

On the other hand, many travelers who themselves write and receive quick emails may be somewhat inured to errors and typos or may just be in too much of a hurry to notice. They also could think someone has fraudulently used their credit card.

So far, the emails themselves apparently are not dangerous; however, entering any personal information in response to them could be.

A particularly insidious variation has copied and pasted legitimate language about the AAdvantage mileage program, then moves to this:

Because not everyone is a frequent traveler, miles can also be earned through non-travel-related partners including assorted financial and retail partners. Miles can be redeemed for a variety of travel awards around the world on American Airlines, AmericanConnection, American Eagle and our airline partners.

Today American Airlines AAdvantage program, gives you the amount of $50 or 15,000 miles, through the AAdvantage Fidelity Program.
To receive the award of the above, please follow these steps:

Log to: http://www.aa.aadvantagemember.com/ with the AAdvantage Number/Password.
Submit the bonus code: AA-MEMBER19240-US2010″

Thank you very much for your help and your patient and hope you will enjoy the American Airlines reward program in the future.

American Airlines Assistance
[email protected]

American is asking anyone who gets such an email to notify [email protected] and to change their passwords immediately if they have clicked on a link.

Delta Airlines apparently has had some of the same problems. They note the issue on their website, although not on the front page. No doubt if the phishers are having any success at all with these fake emails, they are trying with other airlines as well.

The short version on all of this: simply be careful with airline emails. In my experience, travelers have more problems not with scammers and phishers, but with ignoring messages about their travel (which can be about schedule changes or canceled flights).

What I recommend is for travelers to read the subject line of a purported airline email carefully.

If there are any doubts, it’s easy to call the airline involved and ask before even opening the email, or, especially, before clicking on any link or following any other instructions.

In fact, when calling, be careful to use the regular airline number and not the phone number in the suspicious email. (If the email turns out to be on the level, there is no harm done and not much extra time wasted to verify it.)

Fortunately, as noted, these phishing emails, while elaborate, usually contain enough errors to be relatively easy to catch. Although no doubt, as with most online scams, they will get better with time.

So, alas, once again, it’s flier beware.

Photos: AA website phishing warning page