Fake Aeroplan or Air Canada Reward Email/Call Scam--BEWARE but don't be alarmed
Jul 9, 2012, 6:19 am
#1
Original Member
Original Poster
Join Date: May 1998
Location: Canada
Programs: AC SE 2MM, HH Dd, SPG; IC Pl/A; AA; DL
Posts: 14,321
Fake Aeroplan or Air Canada Reward Email/Call Scam--BEWARE but don't be alarmed
i am sure all of us get these from other fake (but apparently real) companies, mostly banking institutions but this was a first for me (I have made no reward bookings for quite some time by the way):
"From: Aeroplan [mailto:[email protected]]
Sent: July-08-12 6:12 PM
To: undisclosed-recipients:
Subject: Aeroplan Reward - Electronic Ticket Itinerary/Receipt
Thanks for the purchase!
Your booking is confirmed.
Booking number: K4QCTI
Your credit card has been charged for $438.60 (CAD)
Please print the itinerary/receipt for your reference.
Sign in to aircanada.com and print it by clicking the link below
https://book.aircanada.com/pl/AConli...NRsListServle/
To cancel your booking online, please click the link below:
https://book.aircanada.com/pl/AConli...ipPlanServlet/
On board you will be offered:
– Beverages;
– Food;
– Daily press.
Thank you for choosing Air Canada and we look forward to welcoming you
on board.
Best regards,
Air Canada"
The first link goes to:
http://grandemarvinpiueurophoto.com/vetrina/aircanada/
The second to:
http://grandemarvinpiueurophoto.com/vetrina/aircanada/
Obviously not Aeroplan and not Air Canada--DO NOT enter your information on the page these links take you.
"From: Aeroplan [mailto:[email protected]]
Sent: July-08-12 6:12 PM
To: undisclosed-recipients:
Subject: Aeroplan Reward - Electronic Ticket Itinerary/Receipt
Thanks for the purchase!
Your booking is confirmed.
Booking number: K4QCTI
Your credit card has been charged for $438.60 (CAD)
Please print the itinerary/receipt for your reference.
Sign in to aircanada.com and print it by clicking the link below
https://book.aircanada.com/pl/AConli...NRsListServle/
To cancel your booking online, please click the link below:
https://book.aircanada.com/pl/AConli...ipPlanServlet/
On board you will be offered:
– Beverages;
– Food;
– Daily press.
Thank you for choosing Air Canada and we look forward to welcoming you
on board.
Best regards,
Air Canada"
The first link goes to:
http://grandemarvinpiueurophoto.com/vetrina/aircanada/
The second to:
http://grandemarvinpiueurophoto.com/vetrina/aircanada/
Obviously not Aeroplan and not Air Canada--DO NOT enter your information on the page these links take you.
Jul 9, 2012, 6:49 am
#3
Original Member
Original Poster
Join Date: May 1998
Location: Canada
Programs: AC SE 2MM, HH Dd, SPG; IC Pl/A; AA; DL
Posts: 14,321
You can report fraudulent emails according to:
Fraudulent emails
Obviously have been going around for at least past year but this is first for me.
Fraudulent emails
Obviously have been going around for at least past year but this is first for me.
Jul 9, 2012, 9:49 am
#4
Join Date: Aug 2010
Location: Why? Why? Zed! / Why? You? Elle! / Gee! Are You!
Programs: Irrelevant
Posts: 3,543
It's most likely a drive by download site
I've been getting a few of those as well, not from AC/AE, but for AA, US & DL flights.
Clicking on the link will take you to a site (case of AA, US & DL) that will install a rootkit (special program that lets someone remotely control your computer, monitor keystrokes, websites visited, etc) on windows PCs. The rootkits from the AA US & DL branded e-mails I received were older technology and current A/V anti-malware protection programs did the job. No idea about the AC/AE one though and since I don't have to original e-mail I can't do any traces in my VM (virtual machine) to see what nefarious deeds are being performed.
I usually just delete such things and don't think twice about 'em.
Clicking on the link will take you to a site (case of AA, US & DL) that will install a rootkit (special program that lets someone remotely control your computer, monitor keystrokes, websites visited, etc) on windows PCs. The rootkits from the AA US & DL branded e-mails I received were older technology and current A/V anti-malware protection programs did the job. No idea about the AC/AE one though and since I don't have to original e-mail I can't do any traces in my VM (virtual machine) to see what nefarious deeds are being performed.
I usually just delete such things and don't think twice about 'em.
Jul 9, 2012, 10:18 am
#5
FlyerTalk Evangelist
Join Date: Jun 2003
Location: YYC
Posts: 23,803
I tried logging in with random Aeroplan number and password, and the site would not take it. So, might be smart enough to deal with the check digit on the Aeroplan number (assuming there is one).
Else, it just captured the data I entered. And they'll find it won't work (presumably).
You get these mostly on banks, trying to capture your code and password. Potentially worse than Aeroplan, assuming you don't have tons of miles. But then even if you do, not so easy to get rewards on short notice. So there should be some room for AC's Aeroplan's fraud people to catch these guys.
Else, it just captured the data I entered. And they'll find it won't work (presumably).
You get these mostly on banks, trying to capture your code and password. Potentially worse than Aeroplan, assuming you don't have tons of miles. But then even if you do, not so easy to get rewards on short notice. So there should be some room for AC's Aeroplan's fraud people to catch these guys.
Jul 10, 2012, 10:59 am
#6
A FlyerTalk Posting Legend
Join Date: May 2002
Location: YEG
Programs: HH Silver
Posts: 56,446
http://www.aircanada.com/en/news/120710.html
Important notice about e-mail scam
July 10, 2012
There currently is a phishing scam affecting Canadians to obtain Aeroplan numbers and passwords.
If you receive an email that claims to come from Air Canada or Aeroplan and you believe it to be fraudulent, do not respond and do not click on any links or open attachments contained within the email.
Report suspicious email scams to the RCMP Canadian Anti-Fraud Call Centre 1-888-495-8501 and/or send an email to them at: [email protected] .
Additional useful information is available on the RCMP site: http://www.rcmp-grc.gc.ca/scams-frau...ishing-eng.htm
Notify Aeroplan by calling: 1-800-361-5373 and delete the email afterwards. Note that if the email is deleted without clicking on any links, there is absolutely no risk to your Aeroplan account.
Important notice about e-mail scam
July 10, 2012
There currently is a phishing scam affecting Canadians to obtain Aeroplan numbers and passwords.
If you receive an email that claims to come from Air Canada or Aeroplan and you believe it to be fraudulent, do not respond and do not click on any links or open attachments contained within the email.
Report suspicious email scams to the RCMP Canadian Anti-Fraud Call Centre 1-888-495-8501 and/or send an email to them at: [email protected] .
Additional useful information is available on the RCMP site: http://www.rcmp-grc.gc.ca/scams-frau...ishing-eng.htm
Notify Aeroplan by calling: 1-800-361-5373 and delete the email afterwards. Note that if the email is deleted without clicking on any links, there is absolutely no risk to your Aeroplan account.
Jul 10, 2012, 4:13 pm
#7
Join Date: Dec 2011
Location: Canada
Programs: *void
Posts: 2,408
Anyway, thanks for sharing.
Jul 10, 2012, 4:59 pm
#8
FlyerTalk Evangelist
Join Date: Jun 2003
Location: YYC
Posts: 23,803
Instead of posting the actual link, even though you've noted that it's a phishing target, I would have posted the links like this (above)...disable the actual hyperlinking, as there are more than a few of us who are magneted to click the links when we really shouldn't, for our own safety. Leave it to the REALLY curious/careless (*ahem*) to edit the link and enter those sites at their own risk.
Anyway, thanks for sharing.
Anyway, thanks for sharing.
As to the issue of clicking on the link, if you never get your browser to save passwords, and if you don't use a microcrap OS , you should be safe. Microsoft *IS* the virus.
Microsoft, we won't be happy until is computer is not totally unreliable and insecure.
Jul 10, 2012, 5:36 pm
#9
Join Date: Jun 2000
Location: YYZ
Programs: AC, AA, UA, BA, Hilton
Posts: 2,907
Phew...I didn't get that one. But I did get a wonderful email today informing me that I had won 4.5 million pounds sterling in the UK lottery, and someone in Qatar (where the email originated when I right-clicked the subject line, so as to read it without it actually opening), directed me to send $95.00 on my credit card to the Royal Bank of Scotland (of course!), attention of some Doctor, and include my credit card info, full address, work address and employer, social insurance number, phone number, my wife's maiden name, my height and weight, birthday, and other assorted info, which, of course, I promptly did. 
Waiting with bated (or is it baited, as in gone fishin') breath for my 4.5 million, as we really need a new Lexus RX 350.
bj-21.
Waiting with bated (or is it baited, as in gone fishin') breath for my 4.5 million, as we really need a new Lexus RX 350.
bj-21.
Jul 10, 2012, 5:53 pm
#10
Join Date: Dec 2011
Location: Canada
Programs: *void
Posts: 2,408
Phew...I didn't get that one. But I did get a wonderful email today informing me that I had won 4.5 million pounds sterling in the UK lottery, and someone in Qatar (where the email originated when I right-clicked the subject line, so as to read it without it actually opening), directed me to send $95.00 on my credit card to the Royal Bank of Scotland (of course!), attention of some Doctor, and include my credit card info, full address, work address and employer, social insurance number, phone number, my wife's maiden name, my height and weight, birthday, and other assorted info, which, of course, I promptly did.
Thanks,
JJJ, who is so gullible that he would actually click on links and send all required info.
Jul 10, 2012, 6:11 pm
#11
Join Date: Dec 2009
Location: YYC - not the centre of the universe
Programs: AC*S100K 1MM, LH FTL, Hyatt Globalist, Accor Plat
Posts: 4,768
I tried the thing too... entered 111222333 and 112233445566 as password. A popup comes up "Please try again!". Then it redirects you to the legitimate AC website. Smart!
I did a Google search: "site:http://grandemarvinpiueurophoto.com/ airline" and chanced upon this: http://grandemarvinpiueurophoto.com/...s.com/en/club/
I did a Google search: "site:http://grandemarvinpiueurophoto.com/ airline" and chanced upon this: http://grandemarvinpiueurophoto.com/...s.com/en/club/
Jul 10, 2012, 7:37 pm
#13
Join Date: Dec 2011
Location: Canada
Programs: *void
Posts: 2,408
I tried the thing too... entered 111222333 and 112233445566 as password. A popup comes up "Please try again!". Then it redirects you to the legitimate AC website. Smart!
I did a Google search: "site:httpNOGO://grandemarvinpiueurophoto.comairline" and chanced upon this: httpNOGO://grandemarvinpiueurophoto.com/vetrina/china-airlines.com/en/club
I did a Google search: "site:httpNOGO://grandemarvinpiueurophoto.comairline" and chanced upon this: httpNOGO://grandemarvinpiueurophoto.com/vetrina/china-airlines.com/en/club
JJJ, who can't resist to click on any hyperlink to see what's up (and ensuing giving-up of username/pwd info).
Jul 10, 2012, 7:54 pm
#14
Join Date: Dec 2009
Location: YYC - not the centre of the universe
Programs: AC*S100K 1MM, LH FTL, Hyatt Globalist, Accor Plat
Posts: 4,768
Jul 10, 2012, 8:20 pm
#15
Join Date: Dec 2011
Location: Canada
Programs: *void
Posts: 2,408