A malicious email that is designed to emulate a flight ticket receipt from Delta Air Lines is currently hitting inboxes. The email, which features the Delta logo, claims that your ticket order has been confirmed and your credit card has been charged.
It urges you to click a link to check your flight status or check-in online
The Email is Not From Delta Air Lines
Despite its seemingly official appearance, the email is not from Delta and the ticket purchase claims are untrue. The links in the email do not open flight information documents.
The fraudulent message is designed to trick people into following the links in the mistaken belief that their credit card has been used to buy flight tickets that they know nothing about.
Scammers know that such fake invoices will panic at least a few recipients into clicking without due caution,
Clicking Links Downloads Malware
Those who do click one of the links in the email will be taken to a compromised website that harbours an infected Microsoft Word document. The document will be downloaded to the victim’s computer.
Once installed, this malware can download further malware that can steal passwords and other sensitive information from the infected computer.
An Example of the Malicious Email
Subject: Your order 74381363 with Delta Air Lines has been confirmed!
Your order on Delta.com website is now complete and your credit card has been charged.
Your flight number , seat number and other important details can be found on your ticket, below:
To check your flight status , please visit : [link removed]
You can do the check-in online, here: [Link removed]
Thank you for flying with us
©2017 Delta Air Lines, Inc. | Travel may be on other airlines.
Terms and conditions apply to all offers and SkyMiles benefits. See specific offer for details, and visit SkyMiles Membership Guide & Program Rules
Details, such as the bogus order and flight numbers may vary in these emails.
Fake Invoice Emails Repeatedly Used in Malware and Phishing Campaigns
Fake purchase receipt emails for airline tickets and other items are commonly used to distribute malware and phishing scams. There have been several similar scam campaigns that have used fake Delta flight ticket invoices to trick users into downloading malware.