Checking an email for malware
Home Malware Fake Delta Air Lines Ticket Order Emails Point to Malware

Fake Delta Air Lines Ticket Order Emails Point to Malware

by Brett M. Christensen

A malicious email that is designed to emulate a flight ticket receipt from Delta Air Lines is currently hitting inboxes.  The email, which features the Delta logo, claims that your ticket order has been confirmed and your credit card has been charged.


It urges you to click a link to check your flight status or check-in online

The Email is Not From Delta Air Lines

Despite its seemingly official appearance, the email is not from Delta and the ticket purchase claims are untrue. The links in the email do not open flight information documents.

The fraudulent message is designed to trick people into following the links in the mistaken belief that their credit card has been used to buy flight tickets that they know nothing about.

Scammers know that such fake invoices will panic at least a few recipients into clicking without due caution,

Clicking Links Downloads Malware

Those who do click one of the links in the email will be taken to a compromised website that harbours an infected Microsoft Word document.  The document will be downloaded to the victim’s computer.

Once installed, this malware can download further malware that can steal passwords and other sensitive information from the infected computer.

An Example of the Malicious Email

Subject: Your order 74381363 with Delta Air Lines has been confirmed!
Your order on Delta.com website is now complete and your credit card has been charged.
Your flight number , seat number and other important details can be found on your ticket, below:

https://www.delta.com/orders/viewTicket Online.do?name=[removed]&flight_no=NY334588765

To check your flight status , please visit : [link removed]
You can do the check-in online, here: [Link removed]

Thank you for flying with us

©2017 Delta Air Lines, Inc.    |   Travel may be on other airlines.

Terms and conditions apply to all offers and SkyMiles benefits. See specific offer for details, and visit SkyMiles Membership Guide & Program Rules

Details, such as the bogus order and flight numbers may vary in these emails.

Fake Invoice Emails Repeatedly Used in Malware and Phishing Campaigns

Fake purchase receipt emails for airline tickets and other items are commonly used to distribute malware and phishing scams.  There have been several similar scam campaigns that have used fake Delta flight ticket invoices to trick users into downloading malware.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer