Wierd credit message-(possible phishing?)
#1
Original Poster
Join Date: Jun 2004
Location: Anchorage, AK
Programs: Lifetime AS 1MM & MVPG, AS MVPG100K, AA, DL, HH-G
Posts: 8,259
Wierd credit message-(possible phishing?)
Logged on to my email account this morning and found two messages from AS. The first titled "Your Credit Certificate from Alaska Airlines" told me that there would be a second message containing a PIN to be able to open the certificate. The second one is labeled "PIN for your alaskaaair.com Credit Certificate".
When I opened the message, the credit is for a whopping $0.40. Yup, forty cents.
Both sites look totally legitimate but for forty cents I am not going to open up my account to deposit it. Something is phishy here.
Anyone else get one of these?
When I opened the message, the credit is for a whopping $0.40. Yup, forty cents.
Both sites look totally legitimate but for forty cents I am not going to open up my account to deposit it. Something is phishy here.
Anyone else get one of these?
#3
Original Poster
Join Date: Jun 2004
Location: Anchorage, AK
Programs: Lifetime AS 1MM & MVPG, AS MVPG100K, AA, DL, HH-G
Posts: 8,259
#5
Original Poster
Join Date: Jun 2004
Location: Anchorage, AK
Programs: Lifetime AS 1MM & MVPG, AS MVPG100K, AA, DL, HH-G
Posts: 8,259
#6
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SGF
Programs: AS, AA, UA, AGR S (former 75K, GLD, 1K, and S+, now an elite peon)
Posts: 23,194
If so, that's a really well-constructed phishing scam, because that's exactly the same procedure AS uses when sending someone a gift certificate or GARR credit. Check the email address: it should be from [email protected]. The "View Certificates" button (if you hover above it) should read https://www.alaskaair.com/certificat...t.aspx?gccode= followed by a bunch of code. If the link doesn't match (i.e. it's something like http://alaskagiftcertificates.xhrt.ru), then it probably is a phishing scam, and definitely delete.
That all said, I probably wouldn't bother with any of this over 40 cents (although I would truly doubt a phisher would put out a 40-cent certificate, since most recipients would probably ignore that--they'd be more likely to put an irresistible amount like $100 or something), but a perfectly safe way for you to obtain this credit (if it is valid) would be to open your MyAccount on your own (i.e. not through the link in the email--use http://www.alaskaair.com/myaccount), go to your MyWallet, and choose the option to deposit a gift certificate and enter the code. If you're worried about malicious code in the email doing something nefarious, print the certificate out (or copy/paste the code and PIN into a plain-text Notepad document) and sign in to your account and enter the codes after closing the email. Simply entering a code into your MyWallet--even if it's an invalid one generated by a phisher--won't do anything to give anyone access to your account. The danger is clicking a link in the email and not recognizing that it's a redirect to a nefarious site where you might reveal your login information (or, less commonly, opening an attachment that would compromise your system).
That all said, I probably wouldn't bother with any of this over 40 cents (although I would truly doubt a phisher would put out a 40-cent certificate, since most recipients would probably ignore that--they'd be more likely to put an irresistible amount like $100 or something), but a perfectly safe way for you to obtain this credit (if it is valid) would be to open your MyAccount on your own (i.e. not through the link in the email--use http://www.alaskaair.com/myaccount), go to your MyWallet, and choose the option to deposit a gift certificate and enter the code. If you're worried about malicious code in the email doing something nefarious, print the certificate out (or copy/paste the code and PIN into a plain-text Notepad document) and sign in to your account and enter the codes after closing the email. Simply entering a code into your MyWallet--even if it's an invalid one generated by a phisher--won't do anything to give anyone access to your account. The danger is clicking a link in the email and not recognizing that it's a redirect to a nefarious site where you might reveal your login information (or, less commonly, opening an attachment that would compromise your system).
Last edited by jackal; Jul 2, 2012 at 8:06 pm
#7
Original Poster
Join Date: Jun 2004
Location: Anchorage, AK
Programs: Lifetime AS 1MM & MVPG, AS MVPG100K, AA, DL, HH-G
Posts: 8,259
#8
Ambassador: Alaska Airlines
Join Date: Feb 2008
Location: ANC, SAP
Programs: AS MVP Gold, Priority Pass
Posts: 1,863