FlyerTalk Forums - View Single Post - Phishing has now discovered FF miles.....
Thread: Phishing has now discovered FF miles.....
View Single Post
Old Jul 22, 2011 | 3:47 am
  #1  
KenF
 
Join Date: Sep 2001
Location: Wirral, UK
Programs: BA-Gld, BD Lifetime Gld, LH Pleb, *Wd GPG, HH-Dmd, Amex: can take their Cent card and <CENSORED>
Posts: 756
Unhappy Phishing has now discovered FF miles.....
From this article "Phishers target frequent flyer schemes in Brazil" (excepts extracted, read the article for the full horror ):

"Phishing fraudsters have latched on to a new target, with attacks designed to gain compromised access to frequent flyer accounts.

.....

Brazilian phishers running the scam have registered multiple domains that resemble those of airline firms. Some of the attacks rely on a first wave of Trojan infections that makes sure that surfers using compromised machines are redirected to bogus domains, net security firm Kaspersky Lab warns.

Local victims are beginning to come forward, complaining that their accounts have been plundered in order to issue tickets to unknown parties. One victim claims to have lost air miles valued at $7,600, a figure that seems rather high.

.....

Phishing scams are most commonly targeted against PayPal, online banking accounts, or (less frequently) e-commerce website accounts. Attacks against air miles programmes are a much more recent innovation, with one of the first attacks of its kind appearing last month, targeted against the loyalty programme of a German airline. The scam used a variant of the SpyEye banking Trojan.
....."

Amusing that the article thinks $7,600 is an un-realistic figure for the value of someones FF account, they obviously don't real FT!

I'd imagine that computers in airline lounges would be a prime target for this kind of hack, as they are relatively easy to infect, and very likely to have people logging on to check their FF accounts (or, indeed itineraries bookings etc. since it's generally the same account you need to do both!).

Standard advice in these situations is to intentionally get your password WRONG if you have any concerns. Possibly even use an intentionally wrong FF number. Any website that will log you in with known wrong credentials has to be bogus, as only the real website actually knows what your credentials are to say they are wrong. I fear many of us would be well advised to get into the habit of doing this when using PCs that we don't trust inherently.....

As they used to say on Hill St. Blues:

"Hey, lets be careful out there!"

Ken.

Willard the Bear - Anyone who tries to steal my (Ouch! Sorry, Ken's) miles will have a face full of fur if I catch them!!!
KenF is offline  
Reply