Beware the Delta Air Lines phishing attack

Summary: A phishing attack that mimics Delta Air Lines has enough real links to lull you into thinking a bogus email is real.

By Larry Dignan for Between the Lines | November 16, 2011 -- 06:52 GMT (22:52 PST)

Follow @ldignan

A phishing scam mimics Delta Air Lines and is done so well that it may snare more than a few victims.

Below is a message that was sent allegedly from Delta. What's the big deal? This phishing attempt includes real links to Delta in the beginning and then sprinkles in legit addresses to the U.S. government's traffic agency.

Once you're lulled into thinking the links are legit, the rest of the addresses go to the bad guys. In addition, the email contains no obvious typos. Overall, this phishing attempt is well done.

Here's the diagram with my notes to the right (click to enlarge).

As for Delta, the airline said it is on the case and has issued an advisory.

We have recently received reports from customers of fraudulent emails claiming to be from Delta Air Lines. As such, please be advised of the following:

We recommend you change your SkyMiles account PIN immediately and monitor your account for any misuse.

These emails were not sent by Delta Air Lines.

You should not click on the link in the email or open any attachments.

Instead, you should delete the email from your inbox.

Please call us at 1-888-750-3284 if you have questions or need further information.

These emails claim that you have purchased a Delta ticket, a credit card has been charged and/or an invoice or receipt is attached to the email. If you receive one of these emails, do not open the attachment as it may contain potentially dangerous viruses or harm your computer.

Be assured that Delta did not send these emails, and our customers’ credit cards have not been charged by Delta as a result of the emails. These emails did not originate from Delta, nor do we believe that any personal information that you provided us was used to generate these emails. We will continue to post updates on this page as additional information becomes available.

Topics: Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments

Log in or register to join the discussion

RE: Beware the Delta Airlines phishing attack

Larry-
Any chance you could update the article with the From address on the scam email? Both display and header address? That's one of the first things I check on a suspicious email

swmace
16 November, 2011 09:50

Reply Vote
Darn, deleted mine already

It was a good cast. Header information looked legit. About a half dozen other employees of our company were listed in the To: box, including the CIO. I thought it weird I got it because we're major cash strapped at the moment, causing most travel to be disapproved. So I'm not on any business trips this year. Plus, it indicates one seat, and while I like everyone here well enough, sticking 7 of us in the same seat is just going a bit too far. ;-)

Dr_Zinj
16 November, 2011 10:41

Reply Vote
RE: Beware the Delta Airlines phishing attack

This is a good case for the fact that only newbies and totally ignorant people are going to be the actual targets. It all falls back to one rule: Never click ANYTHIING in any e-mail you receive which you were not expecting and delete quickly if you see an attachment. If you aren't already familiar with them via your own experiences and addresses YOU have entered, they are BOGUS or worse.
re Attachments: If you didn't know one was going to be coming by previous setup agreement, REMEMBER THAT, AND DELETE THE SPAM UNREAD. Before long, even the most rank newbie catches on that they're out to scam him at best, to rob him at worst of anything from his bank or social security account/insurance to outright dangerous people that aren't put off by murder. The FBI web site has some excellent information on the stuff these criminals will try and how they operate. NEVER accept an unknown person or entity as willing to do anything "good" for you! And never provide personal information to such requests; legit web sites will NOT ask for personal info in an e-mail!

HTH,

Twayne`

tom@...
16 November, 2011 11:56

Reply Vote
RE: Beware the Delta Airlines phishing attack

Duh,it's Delta Air Lines,really simple but obviously too complicated for the author of this blurb.

kanrmatourer
16 November, 2011 12:26

Reply Vote
RE: Beware the Delta Airlines phishing attack

It was well executed, gotta admit. Had me going for 5 seconds. (Right after that I got a "prize" notification from "Google Corporation", makes you wonder what kind of lowlife runs these scams.)
Another wonder I have is, how can we gang up on jerks like this? Ten million or so of us?

james.vandamme
16 November, 2011 17:32

Reply Vote
RE: Beware the Delta Airlines phishing attack

I have a weird-looking sponsored ad appearing on my Facebook page purportedly from Delta Airlines inviting me to look at Black Friday specials from Macy's???

natalie@...
16 November, 2011 22:54

Reply Vote
RE: Beware the Delta Airlines phishing attack

Why would we have to change our PINs?

paulhahn3
18 November, 2011 03:17

Reply Vote
Just wait

Just wait until some black hat cracks Delta's flight information database and is sending out targeted messages like this to real travelers...

vikrant48
18 November, 2011 09:28

Reply Vote
RE: Beware the Delta Airlines phishing attack

Odd that I have recently received actual, physical post cards "from Delta" offering "free" tickets, while claiming not to be for real estate type pitches - really? No strings? Pardon my paranoia, but I don't fly anyway due to a hearing problem (pressure changes could finish it off) exacerbated by distrust of airline safety - seats facing forward, shoddy maintenance, cost-cutting pressure - and now TSA molesting/radiation) - think I will pass.

aroc
19 November, 2011 08:21

Reply 1 Vote