I was bombarded with a series of sneaky phishing messages appearing to come from U.S. Airways over the last few days. What made these messages all the more dangerous was I was actually traveling on the days the messages referenced. Fortunately, I wasn’t traveling on U.S. Air, so I wasn’t overly tempted to bite on any nasty links. If I had been — my phishing radar notwithstanding — I might well have clicked without the requisite thought in violation of all my self-imposed rules. I like to think not, but….
The subject line will say “US Airways Online Confirmation,” US Airways Online Check-In,” “Please Confirm Your US Airways Online Registration,” and so on. I personally received seven of these in three days, all for the same flight departing from Washington, D.C., but all with different confirmation numbers, so these are clearly high-volume, fairly random mass mailings, rather than targeted messages.
The link is to Check in online” for online reservation details but in reality leads to malicious websites hosting the notorious and ubiquitous Blackhole exploit toolkit, which currently is being used by the vast majority of malicious and compromised sites.
I’ll add to the drumbeat of oft-repeated advice: Don’t click on a link in an email, chat, Facebook, Twitter message etc. unless you are absolutely, positively sure of what it is and where and who it comes from. Then, before you click, stop and think about it a little more. Make sure the message is directly personally to you, preferably in response to something that is actually happening (a flight you are actually taking, something you have ordered online, an inquiry you have initiated, etc.).
To compound the experience, apparently by coincidence, my wife got a snail-mail notice from t “U.S. Airlines,” which was close enough to U.S. Airways make me think me think at first blush that this was all part of some more elaborate scam. This scam, from the fictitious airline, congratulates the recipient on winning two tickets to anywhere in the continental United States. Just contact the VP whose name appears at the bottom. Apparently unrelated, but a reminder that not all scams are on the Internet and that the world is a pretty risky place.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us