Go Back   FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Lufthansa, Austrian, Swiss, Brussels, LOT and Other Partners | Miles & More
Sign in using an external account

Reply
 
Thread Tools Search this Thread
Old Mar 3, 11, 8:32 am   #1
 
Join Date: Aug 2006
Location: LPI
Programs: SK *B (?)
Posts: 362
Exclamation "Miles & More" scam e-mail

Interesting, I think this is the first time I've seen an FF program targetted by these kinds of scams. I received this yesterday:

Quote:
From: "Miles & More"<noreply@milesandmore.com>
Subject: Your booking confirmation
To: undisclosed-recipients:;
X-Spam-Flag: YES
X-Sent: 22 hours, 8 minutes, 26 seconds ago
X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.2.2

Thanks for the purchase!

Booking number: LVSN50
Your credit card has been charged for $493.67.

Please print PASSENGER ITINERARY RECEIPT by logging into your Miles account
by clicking the link below:

http://www.miles-and-more.com

On board you will be offered:
Beverages;
Food;
Daily press.

You are guaranteed top-quality services and attention on the part of our benevolent personnel.
We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport.
It will help you to pass control and registration procedures faster.

See you on board!

Best regards,
Miles & More
Of course, the link in the HTML e-mail does not actually point to miles-and-more.com, but to a hijacked server in Argentina.
lnixon is offline   Reply With Quote
Old Mar 3, 11, 10:02 am   #2
 
Join Date: Apr 2006
Location: Asia
Programs: LH FTL, EB, AB, PS, VV, NH
Posts: 822
You've got PM.
__________________
Commuting between ITM and LWO @ government's expenses.
olm022 is offline   Reply With Quote
Old Mar 3, 11, 10:41 pm   #3
 
Join Date: Aug 2004
Location: SIN/ZRH (time, not preference)
Programs: UA1K, LH FTL--**, AA EXP
Posts: 18,144
If you log in and don't get the "der Zentralrechner ist zur Zeit nicht erreichbar..." intro, then you know it's something fishy.

Did you give it a try? What are they after? Simply the M&M login? Sounds like yet another looser scam.
__________________
o tempora o miles et mores
weero is offline   Reply With Quote
Old Mar 4, 11, 2:32 am   #4
 
Join Date: Aug 2006
Location: LPI
Programs: SK *B (?)
Posts: 362
Quote:
Originally Posted by weero View Post
If you log in and don't get the "der Zentralrechner ist zur Zeit nicht erreichbar..." intro, then you know it's something fishy.

Did you give it a try? What are they after? Simply the M&M login? Sounds like yet another looser scam.
The link I got was already dead.

However, according to other reports, like http://news.softpedia.com/news/Fake-...d-177840.shtml it's a drive-by attack. If you click on the link in the scam e-mail and you are running an unpatched Windows system, your computer will be compromised, and you will assimilated into the Zeus botnet: https://secure.wikimedia.org/wikiped...rojan_horse%29
lnixon is offline   Reply With Quote
Old Mar 4, 11, 6:57 am   #5
 
Join Date: Aug 2004
Location: SIN/ZRH (time, not preference)
Programs: UA1K, LH FTL--**, AA EXP
Posts: 18,144
Quote:
Originally Posted by lnixon View Post
The link I got was already dead..
for trying .
__________________
o tempora o miles et mores
weero is offline   Reply With Quote
Old Mar 4, 11, 7:32 am   #6
 
Join Date: Aug 2006
Location: LPI
Programs: SK *B (?)
Posts: 362
Quote:
Originally Posted by weero View Post
for trying .
I poked it gently with a stick. From a Linux system.
lnixon is offline   Reply With Quote
Old Mar 5, 11, 12:59 am   #7
 
Join Date: Aug 2004
Location: SIN/ZRH (time, not preference)
Programs: UA1K, LH FTL--**, AA EXP
Posts: 18,144
Quote:
Originally Posted by lnixon View Post
I poked it gently with a stick. From a Linux system.
It is very tempting indeed.

So you reckon that the exploit could have been dangerous even when not using Outlook?
__________________
o tempora o miles et mores
weero is offline   Reply With Quote
Old Mar 5, 11, 3:28 am   #8
 
Join Date: Aug 2006
Location: LPI
Programs: SK *B (?)
Posts: 362
Quote:
Originally Posted by weero View Post
It is very tempting indeed.

So you reckon that the exploit could have been dangerous even when not using Outlook?
I'm pretty sure the attack targetted IE; visit the page with an out-of-date browser - *blam*.
lnixon is offline   Reply With Quote
Old Mar 5, 11, 5:44 am   #9
 
Join Date: Aug 2004
Location: SIN/ZRH (time, not preference)
Programs: UA1K, LH FTL--**, AA EXP
Posts: 18,144
Quote:
Originally Posted by lnixon View Post
I'm pretty sure the attack targetted IE; visit the page with an out-of-date browser - *blam*.
An out of date IE you mean.

With a 2 year old Opera you'd probably be just fine ...
__________________
o tempora o miles et mores
weero is offline   Reply With Quote
Old Mar 5, 11, 8:09 am   #10
 
Join Date: Jun 2005
Location: MUC
Programs: LH SEN, SAS EBG
Posts: 102
Quote:
Originally Posted by weero View Post
It is very tempting indeed.

So you reckon that the exploit could have been dangerous even when not using Outlook?
According to this article here, it was Neosploit trying to exploit a 0day in Adobe Acrobat (as always...)
zara is offline   Reply With Quote
Old Mar 5, 11, 10:33 am   #11
 
Join Date: Aug 2006
Location: LPI
Programs: SK *B (?)
Posts: 362
Quote:
Originally Posted by zara View Post
According to this article here, it was Neosploit trying to exploit a 0day in Adobe Acrobat (as always...)
Yeah, that's the other big contender.
lnixon is offline   Reply With Quote
 
 
Reply

Bookmarks


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 5:23 am.