Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

Email from UA in Mexico City is legit, right?

Email from UA in Mexico City is legit, right?

Reply

Old Oct 16, 18, 1:38 pm
  #16  
LBJ
FlyerTalk Evangelist
 
Join Date: Jul 2003
Programs: DL DM
Posts: 13,282
I would double check the email address you sent the response to. Many email readers only show the From: address and not the Reply-to: address (which, if present, is what is used when you send a reply).
lixiaojuventus and smc333 like this.
LBJ is offline  
Reply With Quote
Old Oct 16, 18, 1:50 pm
  #17  
 
Join Date: Sep 2015
Location: BUF
Programs: SkyTean, Star Alliance, HHonors
Posts: 140
Originally Posted by cjermain View Post
I got an email from a United.com email address, purportedly from the Mexico City office. The gentleman sending the email saw a reservation I have to travel to MEX, but haven't paid for. He said he could ticket it for $50 less per person than the price on the reservation (3 people). He knew my confirmation number and the price. All I have to do is call him and give him my CC info.

It seems legit. And $150 savings is not nothing. I wrote back to him (at the united.com email address) and he responded right away.

BUT... I just hate calling someone in Mexico I don't know and giving him by CC info. Thoughts?
Check the address you sent the message to in your sent messages folder. As was said above, there's a From: header that's used for display and a Reply-To: that's used when replying (at least that's how most mail clients work).

It's pretty easy to spoof e-mails, but also pretty easy to rule it out, if you can read the e-mail headers.
smc333 is offline  
Reply With Quote
Old Oct 16, 18, 1:55 pm
  #18  
 
Join Date: Sep 2015
Location: BUF
Programs: SkyTean, Star Alliance, HHonors
Posts: 140
Originally Posted by J.Edward View Post

You may want to forward a copy of the email to [email protected] with a short explanation. There was a recent incident of a M+ account being compromised here MP locked my account due to "Fraud", Help {caused by UA error, access restored} and prudence suggest it may be wise to change your passwords (or consider a password manager like LastPass / 1Pass / etc.)

To OP - if you do forward your message over, be sure to include your full e-mail headers. Google "<your mail client> display full headers" or something like that and you should find instructions on getting them. In Gmail at least it's the three dots to the right of the subject when you have a message open, then 'Show Original' from that menu. I don't remember any others offhand.
smc333 is offline  
Reply With Quote
Old Oct 16, 18, 2:05 pm
  #19  
Original Poster
 
Join Date: Aug 2009
Location: Houston, TX
Programs: Continental OnePass Platinum
Posts: 393
Originally Posted by smc333 View Post
Check the address you sent the message to in your sent messages folder. As was said above, there's a From: header that's used for display and a Reply-To: that's used when replying (at least that's how most mail clients work).

It's pretty easy to spoof e-mails, but also pretty easy to rule it out, if you can read the e-mail headers.
The email had the following footer:

Random Person
Intlí CTO Sales Representative

United Paseo de la Reforma 250, Planta Baja Ciudad de Mexico, Mexico 06600
Tel +52 (55) XXXX-XXXX Cel +52 (55) XXXX-XXXX [email protected]

You may not believe it from this thread, but I'm reasonably computer savvy. I sent a new email (not a reply) to [email protected]---and got a response. Being able to do that (respond to a united.com email) would make this more sophisticated than 99% of the phishing attacks out there. Doesn't rule it out, of course, but I'm not important enough for the Russian government to try to get my CC info.
cjermain is offline  
Reply With Quote
Old Oct 16, 18, 2:06 pm
  #20  
 
Join Date: May 2010
Location: AVP & PEK
Programs: UA 1K MM, Hertz PC
Posts: 1,853
UA has never contacted me and said I could pay LESS for an unpaid reservation. Why would they?

Scam.
narvik is offline  
Reply With Quote
Old Oct 16, 18, 2:10 pm
  #21  
Original Poster
 
Join Date: Aug 2009
Location: Houston, TX
Programs: Continental OnePass Platinum
Posts: 393
Originally Posted by smc333 View Post
To OP - if you do forward your message over, be sure to include your full e-mail headers. Google "<your mail client> display full headers" or something like that and you should find instructions on getting them. In Gmail at least it's the three dots to the right of the subject when you have a message open, then 'Show Original' from that menu. I don't remember any others offhand.
I'm actually hesitant to report this. In my mind, there are two explanations. #1 : a UA employee randomly tried to help me out, in sort of a head-scratching way. #2 : someone is running a really sophisticated phishing scam where they can respond to united.com email (this wold likely have to be someone inside UA, or who has hacked UA---or my machine is compromised... even harder to accept given I was using webmail). If it's #1 , I don't want to get that person in trouble.
cjermain is offline  
Reply With Quote
Old Oct 16, 18, 2:11 pm
  #22  
 
Join Date: Jul 2012
Posts: 619
Originally Posted by cjermain View Post
Doesn't rule it out, of course, but I'm not important enough for the Russian government to try to get my CC info.
I also don't rule it out (can we ever rule it out?) but I find this all a very elaborate "scam", especially with regards to the goal of obtaining no more than 1 (ONE) credit card number. There are much easier and less time-consuming ways to do so.

Based on the information provided here, which is limited, I call LEGIT on this one, but I reserve the right to re-qualify to SCAM if OP provides a more complete picture. That being said, I'd still not give my CC over the phone, but that's just my personal policy of never doing that, and is unrelated to this specific case.

Originally Posted by narvik View Post
UA has never contacted me and said I could pay LESS for an unpaid reservation. Why would they?

Scam.
This isn't a refund or anything. OP didn't pay anything yet. So at this point, UA can entice the OP to pay for an - I assume - nonrefundable ticket, or risk that OP sees a cheaper fare with a competitor, never pays and exceeds the TTL. This looks very similar to the "abandoned cart" emails with a discount code you'll get from some (legit) e-tailers.

Maybe the published fare has actually gone $50 cheaper, who knows?

Last edited by mozilla; Oct 16, 18 at 2:41 pm
mozilla is offline  
Reply With Quote
Old Oct 16, 18, 2:21 pm
  #23  
 
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, TK Elite, DL Gold, Hilton Diamond, Marriott Platinum, IHG Gold, Hertz PC, Avis First
Posts: 6,625
Originally Posted by mozilla View Post
So they actually use a @UNITED.com address, and you sent a reply to that @UNITED.com address and they replied from that address? Reminds me of this recent thread, where it turned out to be legitimate.
Sure, unless it's a UNlTED.COM email address, in which case it's absolutely a scam.

Did you catch it? Did you notice that the "I" (eye) in that was actually an "l" (lower case ell)?

I'm not saying it's not legitimate, but...
MSPeconomist likes this.
docbert is offline  
Reply With Quote
Old Oct 16, 18, 2:21 pm
  #24  
 
Join Date: May 2010
Location: AVP & PEK
Programs: UA 1K MM, Hertz PC
Posts: 1,853
Originally Posted by mozilla View Post

Maybe the published fare has actually gone $50 cheaper, who knows?

Don't beilieve UA would proactively call someone if that were the case.
narvik is offline  
Reply With Quote
Old Oct 16, 18, 2:22 pm
  #25  
 
Join Date: Jul 2012
Posts: 619
Originally Posted by docbert View Post
Did you catch it? Did you notice that the "I" (eye) in that was actually an "l" (lower case ell)?
Yep, caught it. I think this particular OP would have caught it too. But it's a good point, united.com should be typed manually and not copy/pasted.

Originally Posted by cjermain View Post
in sort of a head-scratching way
Could it be chalked up to cultural differences? This was also the case in the Air India story I linked above.
mozilla is offline  
Reply With Quote
Old Oct 16, 18, 2:27 pm
  #26  
FlyerTalk Evangelist
 
Join Date: Feb 2003
Location: Denver, CO, USA
Programs: Proud Charter Member of the OUM
Posts: 20,110
If you do go for this, I'd go get a gift card credit card, load it with the $$ you think you'll need, and then reveal that number to the scamm-- er, United rep.
DenverBrian is online now  
Reply With Quote
Old Oct 16, 18, 2:28 pm
  #27  
 
Join Date: Jun 2002
Location: SFO/JFK/MGA
Programs: UA 1P MM, AS MVPG75K, DL, HH G, SPG Gold, TA nada
Posts: 1,929
Originally Posted by 764toHI View Post
I feel like you should tweet @UNITED to confirm whether they have a ticketing operation in the DF.
CDMX hasn't been called DF in quite a while.

Originally Posted by cjermain View Post
The email had the following footer:

Random Person
Intlí CTO Sales Representative

United Paseo de la Reforma 250, Planta Baja Ciudad de Mexico, Mexico 06600
Tel +52 (55) XXXX-XXXX Cel +52 (55) XXXX-XXXX [email protected]

You may not believe it from this thread, but I'm reasonably computer savvy. I sent a new email (not a reply) to [email protected]---and got a response. Being able to do that (respond to a united.com email) would make this more sophisticated than 99% of the phishing attacks out there. Doesn't rule it out, of course, but I'm not important enough for the Russian government to try to get my CC info.
They do have an office on the Reforma, and that number does sound about right. I would be very suspicious.
zoegksf is offline  
Reply With Quote
Old Oct 16, 18, 2:29 pm
  #28  
 
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, TK Elite, DL Gold, Hilton Diamond, Marriott Platinum, IHG Gold, Hertz PC, Avis First
Posts: 6,625
How do you have a reservation that you didn't pay for? FareLock, booked via a travel agents, or what?

The more I think about it, I can see that this could absolutely be legitimate. Many companies have systems that detect abandoned "shopping carts" on websites and then try and get you back. If you walked all the way through the booking process on the website and then canceled out (leaving the reservation but without then ticket) then having someone follow up to try and get you back - especially if the fare has dropped in the interim - would potentially make sense.
docbert is offline  
Reply With Quote
Old Oct 16, 18, 2:47 pm
  #29  
 
Join Date: Feb 2003
Location: PHL
Programs: UA Plat, 2MM
Posts: 1,610
DO NOT GIVE YOUR CC TO ANYONE OVER THE PHONE IN MEXICO. You are going to have a TON of problems. It is NOT legit.
TonyBurr is offline  
Reply With Quote
Old Oct 16, 18, 2:51 pm
  #30  
Original Poster
 
Join Date: Aug 2009
Location: Houston, TX
Programs: Continental OnePass Platinum
Posts: 393
Originally Posted by docbert View Post
How do you have a reservation that you didn't pay for? FareLock, booked via a travel agents, or what?

The more I think about it, I can see that this could absolutely be legitimate. Many companies have systems that detect abandoned "shopping carts" on websites and then try and get you back. If you walked all the way through the booking process on the website and then canceled out (leaving the reservation but without then ticket) then having someone follow up to try and get you back - especially if the fare has dropped in the interim - would potentially make sense.
On UA.com, make the reservation, and then choose to pay at the airport or a ticket office. This typically gives you about 3-4 days to pay. Which again, maybe suggests that, as you say, I got on some list for having an outstanding reservation.
cjermain is offline  
Reply With Quote

Thread Tools
Search this Thread