Latest Phishing Attack: Airline Confirmations


Our friends at KnowBe4 are warning about a pretty malicious email phishing attack that spoofs airline confirmation or flight update messages.  The hackers are getting better all the time and this latest attack looks as real as they come.

AirlinePhishHackers are researching individuals on social media and when they detect you are about to travel or planning travel, they target you with what appear to be legitimate messages from the airline you may be booking with.  They are spoofing the from address, so play close attention to verifying the from address, making sure it isn’t missing a letter or using a close, but false domain like  I’m just using Delta as an example here.  You could insert any airline name in place of Delta in this example.  Airlines typically just use their name for their domain, so anything other than that should be an immediate red flag.

Airlines also do not attach PDF or other types of document attachments to confirmation and update messages.  Never open one, it’s surely a trick.  Once you have your ticket booked, check for updated information directly on the airline web site, even if you get an email about a change or update.  If you click the link or attachment in the email, it’s more than likely that you are allowing malicious hacker code onto your computer and therefore compromising your network.

Play it safe and don’t let the hackers take off with your personal information and ruin your trip.

2 thoughts on “Latest Phishing Attack: Airline Confirmations

  1. Brian Guenther

    Good post.
    IMO it’s also a good idea to inform your audience of misleading URLs that display one thing but lead to another domain entirely, or an IP address. I always would advise that my clients “hover” over the URL and see where it points, if using a desktop or laptop. Maybe not as simple with a mobile device?

    • MJ Shoer

      Hey Brian,

      Thanks for the those tips. Yes, hovering over URL’s is a best practice for sure. I have written about that in the past, but did not specifically call it out in this post, so thanks for pointing it out. It’s excellent advice. Hope all is well with you!


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.