Beware the Delta Air Lines phishing attack

Beware the Delta Air Lines phishing attack

Summary: A phishing attack that mimics Delta Air Lines has enough real links to lull you into thinking a bogus email is real.


A phishing scam mimics Delta Air Lines and is done so well that it may snare more than a few victims.

Below is a message that was sent allegedly from Delta. What's the big deal? This phishing attempt includes real links to Delta in the beginning and then sprinkles in legit addresses to the U.S. government's traffic agency.

Once you're lulled into thinking the links are legit, the rest of the addresses go to the bad guys. In addition, the email contains no obvious typos. Overall, this phishing attempt is well done.

Here's the diagram with my notes to the right (click to enlarge).

As for Delta, the airline said it is on the case and has issued an advisory.

We have recently received reports from customers of fraudulent emails claiming to be from Delta Air Lines. As such, please be advised of the following:

  • We recommend you change your SkyMiles account PIN immediately and monitor your account for any misuse.
  • These emails were not sent by Delta Air Lines.
  • You should not click on the link in the email or open any attachments.
  • Instead, you should delete the email from your inbox.
  • Please call us at 1-888-750-3284 if you have questions or need further information.

These emails claim that you have purchased a Delta ticket, a credit card has been charged and/or an invoice or receipt is attached to the email. If you receive one of these emails, do not open the attachment as it may contain potentially dangerous viruses or harm your computer.

Be assured that Delta did not send these emails, and our customers’ credit cards have not been charged by Delta as a result of the emails. These emails did not originate from Delta, nor do we believe that any personal information that you provided us was used to generate these emails. We will continue to post updates on this page as additional information becomes available.

Topics: Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Beware the Delta Airlines phishing attack

    Any chance you could update the article with the From address on the scam email? Both display and header address? That's one of the first things I check on a suspicious email
  • Darn, deleted mine already

    It was a good cast. Header information looked legit. About a half dozen other employees of our company were listed in the To: box, including the CIO. I thought it weird I got it because we're major cash strapped at the moment, causing most travel to be disapproved. So I'm not on any business trips this year. Plus, it indicates one seat, and while I like everyone here well enough, sticking 7 of us in the same seat is just going a bit too far. ;-)
  • RE: Beware the Delta Airlines phishing attack

    This is a good case for the fact that only newbies and totally ignorant people are going to be the actual targets. It all falls back to one rule: Never click ANYTHIING in any e-mail you receive which you were not expecting and delete quickly if you see an attachment. If you aren't already familiar with them via your own experiences and addresses YOU have entered, they are BOGUS or worse.
    re Attachments: If you didn't know one was going to be coming by previous setup agreement, REMEMBER THAT, AND DELETE THE SPAM UNREAD. Before long, even the most rank newbie catches on that they're out to scam him at best, to rob him at worst of anything from his bank or social security account/insurance to outright dangerous people that aren't put off by murder. The FBI web site has some excellent information on the stuff these criminals will try and how they operate. NEVER accept an unknown person or entity as willing to do anything "good" for you! And never provide personal information to such requests; legit web sites will NOT ask for personal info in an e-mail!


  • RE: Beware the Delta Airlines phishing attack

    Duh,it's Delta Air Lines,really simple but obviously too complicated for the author of this blurb.
  • RE: Beware the Delta Airlines phishing attack

    It was well executed, gotta admit. Had me going for 5 seconds. (Right after that I got a "prize" notification from "Google Corporation", makes you wonder what kind of lowlife runs these scams.)
    Another wonder I have is, how can we gang up on jerks like this? Ten million or so of us?
  • RE: Beware the Delta Airlines phishing attack

    I have a weird-looking sponsored ad appearing on my Facebook page purportedly from Delta Airlines inviting me to look at Black Friday specials from Macy's???
  • RE: Beware the Delta Airlines phishing attack

    Why would we have to change our PINs?
  • Just wait

    Just wait until some black hat cracks Delta's flight information database and is sending out targeted messages like this to real travelers...
  • RE: Beware the Delta Airlines phishing attack

    Odd that I have recently received actual, physical post cards "from Delta" offering "free" tickets, while claiming not to be for real estate type pitches - really? No strings? Pardon my paranoia, but I don't fly anyway due to a hearing problem (pressure changes could finish it off) exacerbated by distrust of airline safety - seats facing forward, shoddy maintenance, cost-cutting pressure - and now TSA molesting/radiation) - think I will pass.
  • Here's a copy of a bogus email:

    From: "Delta Air Lines"
    To: (removed for privacy)
    Sent: Thursday, September 18, 2014 7:25:14 PM
    Subject: Your order # NR00763147 has been completed

    Order Notification,

    TICKET NUMBER / ET-12026054
    SEAT / 32A/ZONE 1
    DATE / TIME 18 OCTOBER, 2014, 09:45 AM
    ARRIVING / Spokane
    TOTAL PRICE / 270.95 USD
    REF / EK.4087 ST / OK
    BAG / 1PC
  • Email address attached

    For some reason the email address associated with "Delta" did not copy above. So here it is. "Edmund Garage Door Repair" sending out Delta Airlines reservation confirmations? Gimme a break!
  • Earthlink Virus Blocker Alert - Message Quarantined - Virus: Unknown

    I've received three messages from my email supplier, over this past week. Each has stated that I've received the Delta Airlines "Your Ticket is Ready" email, and that they have quarantined it because of Virus. Good job Earthlink!