Home Malware American Airlines, ‘eTicket Itinerary and Receipt Confirmation’ Malware Email
Malware

American Airlines, ‘eTicket Itinerary and Receipt Confirmation’ Malware Email

written by Brett M. Christensen November 3, 2015

This email, which purports to be from American Airlines, claims to be an ‘eTicket Itinerary and Receipt Confirmation’ and claims that you can print out your flight ticket by opening an attached Microsoft Word document. 

The email includes information supposedly pertaining to the ticket purchase and features seemingly legitimate American Airlines formatting and related graphics. Links in the message open the genuine American Airlines website.

However, despite appearances, the email is not from American Airlines and the attached file does not contain flight tickets.

Instead, opening the attached file can lead to a malware infection.

The attachment is a seemingly harmless Microsoft Word (.doc) file and you may, therefore, be inclined to open it without due concern. But, if you do open the attachment, a popup message will state that you must enable macros before the file can be viewed correctly.

If you do enable macros as suggested, a malicious macro can then run. The macro can download further malware components and install them on your computer. Once installed, this malware may steal information such as banking passwords, download even more malware, and allow criminals to take control of the infected computer.

To clarify, a ‘macro’ in this context is a group of instructions that can act as a single command in order to automatically carry out a specified task. Macros can save time by making repetitive tasks easier to achieve. Microsoft Office programs and other types of software allow you to create your own macros as required to aid your workflow.

However, macros can also be used maliciously. In the past, macro virus threats were common. Thankfully, later versions of Microsoft Office disabled macros by default thereby lessening the threat posed by macro viruses. But, online criminals are again using macros to trick people into installing malware. Unless you have a specific need to use macros and are aware of the potential risks, you would be wise to leave macros disabled. 

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?

Learn more...

Emails like this one use simple social engineering tricks to get people to infect their computers. Some people who receive the email may think that their credit card has been fraudulently used to purchase airlines tickets and open the attachment in the hope of getting more information. Some may open the attachment because they think a mistake has been made or are simply curious. And some may have recently purchased American Airline tickets and therefore be especially vulnerable.

Criminals have used very similar ruses in the past to distribute malware. If you receive one of these fake airline ticket emails, do not open any attachments that it contains even if they appear to be innocuous Microsoft Office documents.

Example

Subject: E-Ticket Confirmation

American Airlines ETicket Malware Email

Attached file: ‘ticket_AA77799543.doc’



 

Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Thank-you.
Brett Christensen