Home Malware Delta Air Lines Passenger Itinerary Receipt Malware Emails

Delta Air Lines Passenger Itinerary Receipt Malware Emails

by Brett M. Christensen

Email purporting to be from Delta Air Lines provides details of a supposed ticket purchase and instructs recipients to follow a link or open an attached file to review flight information. 

Brief Analysis
The email is not from Delta Air Lines. Following links or opening attachments in the email can install malware that may allow criminals to control the compromised computer and steal personal and financial information.

Subject: Your Electronic Ticket

Thank you for choosing Delta.We encourage you to review this information before your trip.
If you need to contact Delta or check on your flight information, go to
[removed]Your eTicket is attached to your e-mail receipt as a PDF document.

Baggage and check-in requirements vary by airport and airline, so please
check with the operating carrier on your ticket.
Please review Delta’s check-in Requirements and baggage guidelines for

You must be checked in and at the gate at least 15 minutes before your
scheduled departure time for travel inside the United States.

You must be checked in and at the gate at least 45 minutes before your
scheduled departure time for international travel.


Thank you so much for choosing our carrier. Please spare a moment to review this information before your flight. In case you need to contact Delta or check on your flight information, go to our URL, call 800-222-1212 or call the number on the back of your SkyMiles© card.

Now, manage your travel plans easyly online. You can exchange, reissue and refund electronic tickets at delta.com. Take control and make changes to your itineraries at delta.com/itineraries.

Speed through the airport. Check-in online for your flightright now.

Flight Information

Delta airlines malware email

Detailed Analysis
These emails which purport to be from US based air carrier Delta Air Lines, supposedly contain information about a recent online ticket purchase. They instruct recipients to either follow a link or open an attached file, ostensibly to review flight information.

However, the emails are not from Delta and opening links or attachments can install malware that may allow criminals to control the infected computer and steal personal and financial information. Delta Air Lines has published the following advisory on its website warning Internet users about the threat:

We have recently received reports from customers of fraudulent emails claiming to be from Delta Air Lines. As such, please be advised of the following:

  • We recommend you change your SkyMiles account PIN immediately and monitor your account for any misuse.
  • These emails were not sent by Delta Air Lines.
  • You should not click on the link in the email or open any attachments.
  • Instead, you should delete the email from your inbox.
  • Please call us at 1-888-750-3284 if you have questions or need further information.

These emails claim that you have purchased a Delta ticket, a credit card has been charged and/or an invoice or receipt is attached to the email. If you receive one of these emails, do not open the attachment as it may contain potentially dangerous viruses or harm your computer.

Be assured that Delta did not send these emails, and our customers’ credit cards have not been charged by Delta as a result of the emails. These emails did not originate from Delta, nor do we believe that any personal information that you provided us was used to generate these emails. We will continue to post updates on this page as additional information becomes available.

Details in the malware emails may vary. Very similar malware emails have falsely claimed to be from American Airlines. As in this case, opening attachments or following links in the emails can install malware on the user’s computer.

In fact, Internet criminals regularly send malware emails that use cover stories designed to trick recipients into opening an attachment or clicking a link without due care and attention. Delta Air Lines customers have been targeted in several similar malware campaigns since 2009. During 2008 several air lines were targeted in similar malware emails that claimed that the recipient’s credit card had been charged for flight tickets. Again, an attachment carried malware that could steal information.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,