Originally Posted by
cjermain
I'm actually hesitant to report this. In my mind, there are two explanations.
#1 : a UA employee randomly tried to help me out, in sort of a head-scratching way.
#2 : someone is running a really sophisticated phishing scam where they can respond to united.com email (this wold likely have to be someone inside UA, or who has hacked UA---or my machine is compromised... even harder to accept given I was using webmail). If it's
#1 , I don't want to get that person in trouble.
I'm sorry, but I'm going to have to disagree with your logic here.
If it's
#2 , then you absolutely want UA security involved.
If it's
#1 , then, either:
a) The employee is doing it unauthorized. If that's the case, that should raise all sorts of red flags on what else this employee may be doing representing UA but not following their rules.
b) The employee is authorized to do this, but the way they are doing it raises suspicion flags. In that case, UA should change its practices to enable communication like this to happen with more clarity as to the legitimacy of the process. For example, changing the message to say something like "please call United reservations at [publicly available UA number], or view your reservation online to provide payment" rather than "e-mail me directly or call my office in Mexico and give me your credit card number."
So, yes, you should contact them, if for no other reason than to encourage companies to make their official communication policies not sound similar to phishing scammers.