Have you booked any airline travel recently? One way or the other, you may be surprised to find some email in your inbox telling you that you have. And, that your credit card has been charged for it! Don’t let curiosity or concern get the better of you—do not open the attachment that is likely accompanying the message. If you do, you would probably end up installing malicious code on your machine.
There are spam messages circulating that are purportedly coming from several major airlines. United Airlines is the latest airline that has been mentioned, but Security Response has seen spam email falsely claiming to be from Northwest Airlines, JetBlue, Midwest Airlines, and Sun Country Airlines. Undoubtedly other airlines will be exploited as well. The email will usually name a specific dollar amount that your credit card has supposedly been charged for air travel. It even offers you a login and password for the airline’s website, but what the bad guys want you to do is click on the attached “invoice and the airplane ticket.” The “invoice” is actually malicious code.
We strongly encourage all users to follow best practices and not to click links in unsolicited email messages. Also, make sure your operating system is fully patched and your antivirus software is fully up-to-date in order to guard against this and other threats finding their way onto your computer.