Phishing Aircanada site
May 7, 2016, 9:00 am
#1
Original Poster
Join Date: May 2001
Location: YVR
Programs: AC SEMM
Posts: 2,072
Phishing Aircanada site
First time I've received a phishing email pretending to be AC, but I received a very well designed email this morning for what appears to be a legitimate aeroplan booking.
The links DO NOT go to Aircanada and go to a foreign site www.cerrah.net. Both links will prompt you to enter your AE details revealing your login and passwords to the scammers.
The links DO NOT go to Aircanada and go to a foreign site www.cerrah.net. Both links will prompt you to enter your AE details revealing your login and passwords to the scammers.
May 7, 2016, 9:14 am
#2
Suspended
Join Date: Jun 2009
Location: YYZ
Programs: AC E50K (*G) WS Gold | SPG/Fairmont Plat Hilton/Hyatt Diamond Marriott Silver | National Exec Elite
Posts: 19,284
First time I've received a phishing email pretending to be AC, but I received a very well designed email this morning for what appears to be a legitimate aeroplan booking.
The links DO NOT go to Aircanada and go to a foreign site www.cerrah.net. Both links will prompt you to enter your AE details revealing your login and passwords to the scammers.
The links DO NOT go to Aircanada and go to a foreign site www.cerrah.net. Both links will prompt you to enter your AE details revealing your login and passwords to the scammers.
Other than the one thing that threw me off (the price), that was very very well crafted.
Did your junk mail pick this up or did it make its way to your inbox? If the latter, that's very very scary.
May 7, 2016, 9:23 am
#3
Original Poster
Join Date: May 2001
Location: YVR
Programs: AC SEMM
Posts: 2,072
Noticed on my iPhone - a little puzzled as I hadn't booked anything recently. Moused over the link and saw the redirected site. Also came into an email box that is not used for AE or AC, but using the iPhone it groups all emails together, so didn't initially realize it went to a different email.
No it did not reach the Junk folders.
Good time to send these - Saturday mornings, time for the recipient to log in and check the booking and likely no one at Air Canada to likely warn users or get a message to the hosting site to remove.
I'll look for a link to report this to AC.
No it did not reach the Junk folders.
Good time to send these - Saturday mornings, time for the recipient to log in and check the booking and likely no one at Air Canada to likely warn users or get a message to the hosting site to remove.
I'll look for a link to report this to AC.
May 7, 2016, 11:49 am
#5
Suspended
Join Date: Jun 2009
Location: YYZ
Programs: AC E50K (*G) WS Gold | SPG/Fairmont Plat Hilton/Hyatt Diamond Marriott Silver | National Exec Elite
Posts: 19,284
What was so poor about it? That's one of the reasons why I called it out. The grammatical use of "welcoming you on board" is in line with the phrases used by Air Canada. (ok fine, for most airlines too, but for a Nigerian 419 scam artist that's impressive)
May 7, 2016, 12:20 pm
#8
A FlyerTalk Posting Legend
Join Date: Sep 2012
Location: SFO
Programs: AC SE MM, BA Gold, SQ Silver, Bonvoy Tit LTG, Hyatt Glob, HH Diamond
Posts: 44,313
May 7, 2016, 1:13 pm
#9
Join Date: Oct 2013
Location: YOW
Programs: AC SE, FOTSG Platinum
Posts: 5,725
"Thanks for the purchase!"
Mostly, though, Air Canada would never just say "beverages" when they could say "a variety of fresh snacks and beverages" or take an opportunity to push Café sales.
Mostly, though, Air Canada would never just say "beverages" when they could say "a variety of fresh snacks and beverages" or take an opportunity to push Café sales.
May 10, 2016, 2:38 pm
#11
Join Date: Apr 2013
Location: YVR
Programs: Ice Cream Club, AC SE MM, Bonvoy Life Plat
Posts: 2,803
Are we helping them improve the phish with this thread? =P
If they were really crafty, they could just buy/refund a ticket and steal the entire email replacing the juicy bits with links to www.pwned.aircanada.something.ng
I generally don't follow links given in emails, rather copy/pasting the pieces I need into a browser which I navigate manually. Unfortunately, some emails have "links" under the locator and such, so sometimes instead of highlighting I end up clicking. UI annoyances for sure.
If they were really crafty, they could just buy/refund a ticket and steal the entire email replacing the juicy bits with links to www.pwned.aircanada.something.ng
I generally don't follow links given in emails, rather copy/pasting the pieces I need into a browser which I navigate manually. Unfortunately, some emails have "links" under the locator and such, so sometimes instead of highlighting I end up clicking. UI annoyances for sure.
May 10, 2016, 3:11 pm
#13
Join Date: Oct 2013
Location: YOW
Programs: AC SE, FOTSG Platinum
Posts: 5,725
Best guess? Something like "we're offering you the opportunity to upgrade to Business Class for only $50, buuuuut we'll definitely need your credit card number to process the upgrade..."