American Airlines Loyalty Program Phishing Scam

Email claims that the recipient can receive $50 from American Airlines for taking a short online survey.

Subject:American Airlines AAdvantage(R) programGreetings from

Welcome to the American Airlines AAdvantage(R) program, the first and largest loyalty program in the world! We are proud to inform you that today June. 23 /2008 launch a new reward program. Please log in to your American Airlines account and take the 5 questions survey. For your effort you will be rewarded with $50

Your 50 dollars bonus code is AA-001NXX-2008NX22. Please log in to: [Link to bogus website removed] and follow the steps.

Thank you very much for your help and your patient and hope you will enjoy the American Airlines reward program in the future

American Airlines Reward Department
Please do not reply to this auto-answer message

Discover the rewards that come with AAdvantage membership and start earning miles toward AAdvantage elite status today. Members can also earn miles at more than 1,500 participating companies including:
* over 20 participating airlines
* leading hotel chains
* car rental agencies
* credit/debit cards
* dining
* financial services
* retail and gifts
* telecommunications companies
* vacations and cruises

Detailed Analysis:
This email, purportedly from US based airline American Airlines, promises the recipient $50 in return for logging on to a website and filling out a short customer survey. The message claims that the bonus is a new rewards program that forms part of the existing American Airlines AAdvantage program. Customers are instructed to click a link in the message to logon to the American Airlines website and “follow the steps” to claim their bonus.

However, the message certainly does not originate from American Airlines and the promised bonus is simply the bait in a clever trap designed to steal financial information from unwary Internet users. Although “AAdvantage” is the name of the genuine American Airlines rewards program, this email is in no way associated with the program and uses the name without permission.

Those who take the bait and click the included link will be taken to a bogus website where they are instructed to login to take the survey. The login page looks almost exactly like that on the genuine American Airlines website, as shown in the screenshot below:

Once “logged in” to the bogus site, the visitor will be asked to fill out the following brief survey:

Finally, the visitor is presented with a further online form that asks for a large amount of personal and financial information, including a social security number, name and address and credit card details:

All of the information entered into the bogus form can be harvested by scammers and used for credit card fraud and identity theft.

Incarnations of this classic phishing scam were also distributed back in June 2008. At that time, the airline warned their AAdvantage customers about the scam messages.

Internet users should be very cautious of any unsolicited emails that promise some manner of reward or prize or request users to login to a webpage and provide personal information. Phishing scams have become quite sophisticated, and it may be difficult to tell the difference between a genuine company website and a fake web page designed to steal customer information. Always check the veracity of any suspect emails before clicking any links or opening any attachments.

Last updated: 25th September 2008
First published: 25th September 2008
By Brett M. Christensen
About Hoax-Slayer

American Airlines Warned Against a Phishing Scam
Email scam targets frequent flyers

Leave a comment