This email, which purports to be from American Airlines, claims to be an ‘eTicket Itinerary and Receipt Confirmation’ and claims that you can print out your flight ticket by opening an attached Microsoft Word document.
The email includes information supposedly pertaining to the ticket purchase and features seemingly legitimate American Airlines formatting and related graphics. Links in the message open the genuine American Airlines website.
However, despite appearances, the email is not from American Airlines and the attached file does not contain flight tickets.
Instead, opening the attached file can lead to a malware infection.
The attachment is a seemingly harmless Microsoft Word (.doc) file and you may, therefore, be inclined to open it without due concern. But, if you do open the attachment, a popup message will state that you must enable macros before the file can be viewed correctly.
If you do enable macros as suggested, a malicious macro can then run. The macro can download further malware components and install them on your computer. Once installed, this malware may steal information such as banking passwords, download even more malware, and allow criminals to take control of the infected computer.
To clarify, a ‘macro’ in this context is a group of instructions that can act as a single command in order to automatically carry out a specified task. Macros can save time by making repetitive tasks easier to achieve. Microsoft Office programs and other types of software allow you to create your own macros as required to aid your workflow.
However, macros can also be used maliciously. In the past, macro virus threats were common. Thankfully, later versions of Microsoft Office disabled macros by default thereby lessening the threat posed by macro viruses. But, online criminals are again using macros to trick people into installing malware. Unless you have a specific need to use macros and are aware of the potential risks, you would be wise to leave macros disabled.
Emails like this one use simple social engineering tricks to get people to infect their computers. Some people who receive the email may think that their credit card has been fraudulently used to purchase airlines tickets and open the attachment in the hope of getting more information. Some may open the attachment because they think a mistake has been made or are simply curious. And some may have recently purchased American Airline tickets and therefore be especially vulnerable.
Criminals have used very similar ruses in the past to distribute malware. If you receive one of these fake airline ticket emails, do not open any attachments that it contains even if they appear to be innocuous Microsoft Office documents.
Example
Subject: E-Ticket Confirmation
Attached file: ‘ticket_AA77799543.doc’
