≡ Menu

Delta Airlines Spam

I received some new spam/phishing attempt in my email today.

Here’s a screen shot:

delta screenshot of phish attempt spam

So many links, so little time…

Here’s the text (with links portrayed in red bold and actual html pointers removed):

 

Thank you for choosing Delta. We encourage you to review this information before your trip.
If you need to contact Delta or check on your flight information, go to delta.com/itineraries
Now, managing your travel plans just got easier. You can exchange, reissue and refund electronic tickets at delta.com/itineraries
Take control and make changes to your itineraries at delta.com/itineraries
Speed through the airport. Check-in online for your flight. 
 
Check-in
Flight Information
DELTA CONFIRMATION #: DCEA5743
TICKET #: 00415873598959
Bkng Meals/ Seat/
Day Date Flight Status Class City Time Other Cabin
— —– ————— —— —– —————- —— —— ——-
Mon 11MAR DELTA 372 OK H LV NYC-KENNEDY 820P F 19C
AR SAN FRANCISCO 8211P COACH
 
Fri 15MAR DELTA 1721 OK H LV LOS ANGELES 1145P V 29A
AR NYC-KENNEDY 812A# COACH
 
Check your flight information online at delta.com/itineraries
 

I’ve written before about similar spam emails, but this one is particularly funny because each one of those links contained a different site. Not a different page on a larger site, totally different sites with various domains. Note the filename at the end of each link is the same except for #4.

Don’t click on any of these (I haven’t). Here are the sender’s address and the links contained in this email:

  • Sender: DELTA CONFIRMATION <CVgTTMHTk@govdataservices.com>
  • 1st link: http://bjhonglu-hotel.com/wps.php?v20120226
  • 2nd link: http://fidele.com.ua/wps.php?v20120226
  • 3rd link: http://cgtlmh.com/wps.php?v20120226
  • 4th link: http://www.guitarska.com/wp-content/plugins/akismet/a.php?v20120226
  • 5th link: http://www.sust.edu/department/ipe/templates/beez/wps.php?v20120226

Here are some ways you can determine this is spam:

  1. Are you expecting any communication from this company? If no, then immediately become suspicious of spam.
  2. Is the letter professionally written? In this case, No. When would you see official correspondence with so many links? Also, many companies now do not send any links at all in their emails, due to the high number of these types of phishing attempts. When in doubt, always open up a new browser window and go directly to the site. E.g. paypal.com – and don’t click on the type ahead entry your browser may have saved.
  3. Hover over the links. Do they look strange? Yes? Don’t click.
  4. Is the sender’s address from the business? This spam has a spammy sender address. Dead giveaway.
  5. Did you receive this email at your regular account or an account you don’t use much for transactions? I have an account solely for business, and another for this site, and yet more for family things. I can easily identify spam when it is sent to another account that I do not use for transactions. Obviously a “crawler” gleaned my email address from somewhere and sent the spam. If you do not have multiple email accounts to help you keep business transactions separate, perhaps you can signup at a free service like Yahoo or Google.
  6. Go to a search engine like Google and type in “[company name] spam” (leaving out the brackets and quotes). See if any similar spam emails come up.
  7. When in doubt, write to the company directly by typing their name into a search engine, then finding their contact page. I’d also say check social media channels for the company and see if there was an announcement about the spam, but I find that Delta and others are loath to address this problem publicly. Maybe as the years go by companies will face this issue more pro-actively.

I searched Delta Airlines’ site and did a pretty good search of the Web but I couldn’t find any official statement addressing this phishing attempt. I wrote them an email asking for one. I’ll update this post if/when I do get it.

Here’s what to do if you have clicked one of the links:

  • Clear out your browsers cache and erase all cookies.
  • Run anti-virus software on your machine very diligently for the next week to four weeks, updating every day.
  • Keep an eye on your credit card statements and credit report if you suspect you’ve lost financial information. Probably it’s pretty harmless if you did download and run a .exe or other file containing virus, and most anti-viral software will get rid of it.
  • If you find your computer has slowed down dramatically, take it to a shop to get cleaned up immediately. It may be a “zombie” and being used to send out spam to others.

Be careful out there, folks. And just remember: almost all large companies have hired security and communications experts. They will not be sending emails that give you even the slightest pause. If a communication seems hinky, it probably is. Typing the company name into a new browser window and logging in there is a small price to pay for your safety.

 

****UPDATE March 6, 2013

I received this email from the Delta support desk yesterday:

Dear Ms. Cavalier,

RE: Case Number 8389561

Thank you for your email alerting Delta of a suspicious email you have
received claiming to be from a department of our airline.

Please be advised to take the following action;

>We recommend you change your SkyMiles account PIN immediately and
monitor your account for any misuse.
>These emails were not sent by Delta Air Lines.
>You should not click on the link in the email or open any attachments.
>Instead, you should delete the email from your inbox.

These emails claim that you have purchased a Delta ticket, a credit card
has been charged and/or an invoice or receipt is attached to the email.
If you receive one of these emails, do not open the attachment as it may
contain potentially dangerous viruses or harm your computer.

Be assured that Delta did not send these emails, and our customers’
credit cards have not been charged by Delta as a result of the emails.
These emails did not originate from Delta, nor do we believe that any
personal information that you provided us was used to generate these
emails. We will continue to post updates on this page as additional
information becomes available.

We appreciate your selection of Delta and will always welcome the
opportunity to be of service.

Sincerely,

Uma Stone
Online Customer Support Desk
http://www.delta.com