Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    2:01 am (UTC-7)   |    by

    Do you want to go to US for a vacation? For the obvious convenience, most travelers already buy airline tickets online. Beware, though, because as Advanced Threat Researcher Paul Ferguson has discovered the following American Airlines phish it seems a unique profit opportunity for malware writers is emerging:

    Figure 1. American Airlines phishing page

    The login page looks exactly like the original site luring users to enter their airline advantage number and password. After logging in, users will be automatically redirected to the following survey form:

    Figure 2. Fake American Airlines survey form

    As the users enter the required information, phishers can now access their account and may fly to whatever country they like freely and the bills will be charged to the innocent customers. Another interesting aspect here is that the phishers seem to have set up a spare phishing Web site (the source code contains another phishing URL):

    Figure 3. American Airlines phishers’ plan B

    American Airlines AAdvantage is the oldest frequent-flier and rewards program. It also remains the world’s largest to date (at least according to its Wiki entry). Members receive an array of benefits which, despite recent news of airline difficulties related to the increase in jet fuel costs, continue to attract and retain patrons. Said subscribers should be wary of email purporting to come from the American Airlines AAdvantage department as they may unknowingly be giving away their hard-earned miles to phishers for free.

    That phishers are now eyeing this aspect of the broad landscape of online transactions suggests that cybercriminals will only continue to get more creative in thinking of ways to wrongfully profit online.

    Other non-traditional (as the “traditional phishing” typically involves either online banking or ecommerce sites) phishing attacks seen of late are the following:

    The two malicious URLs mentioned in this post are now blocked by the Trend Micro Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice