Airline Phishing Attack

There is another cyber attack out there and it is toward airline clients and their employees. This new cyber campaign is attacking companies involved with shipping goods and employee traveling.

How IS the attack set up?

First cyber criminals do research on their victims. The research consists of looking through an individual's social media and figuring out where they are or were they are going to be traveling. After the first step is completed, they set up a phishing email.  The email is created with content including destination, airline, time, date and other details for the victim's trip.  As an example:

"Fwd: United Airlines: Confirmation – Flight to Tokyo – $3,543.30"

The victim recieves an email with an attachment. The attachment is masked as a flight confirmation or flight receipt and the file is displayed as either a PDF or DOCX file.  If the attachment is clicked, the malware intended for the victium is automatically downloaded onto their computer.  

These scammers are also creating fake airline web pages. These airline web pages look almost identical to the real one with the main goal getting the individual's log in information.

How to prevent this airline attack

1. Use anti-phishing protection. Anti-phishing protection scans for links that have malicious code, and removes them before a user can click on them, or quarantines an email that it feels could be malicious.

2. Make sure to have employee training sessions.  Train your employees on what to look for in malicious emails and social engineering.

Sources: https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attack?utm_source=hs_email&utm_medium=email&utm_content=49722363&_hsenc=p2ANqtz--pCvTXC_bEMw6jI7AihaPWwXS1LFhPlNYINh-b0fMiGubcI-3BQBt1Nu0L2TyUFa22-Bk5iq1FeMcLoYuYD6t3_-YBiw&_hsmi=49722363