Email from UA in Mexico City is legit, right?
#17
Join Date: Sep 2015
Location: BUF
Programs: SkyTean, Star Alliance, HHonors
Posts: 155
I got an email from a United.com email address, purportedly from the Mexico City office. The gentleman sending the email saw a reservation I have to travel to MEX, but haven't paid for. He said he could ticket it for $50 less per person than the price on the reservation (3 people). He knew my confirmation number and the price. All I have to do is call him and give him my CC info.
It seems legit. And $150 savings is not nothing. I wrote back to him (at the united.com email address) and he responded right away.
BUT... I just hate calling someone in Mexico I don't know and giving him by CC info. Thoughts?
It seems legit. And $150 savings is not nothing. I wrote back to him (at the united.com email address) and he responded right away.
BUT... I just hate calling someone in Mexico I don't know and giving him by CC info. Thoughts?
It's pretty easy to spoof e-mails, but also pretty easy to rule it out, if you can read the e-mail headers.
#18
Join Date: Sep 2015
Location: BUF
Programs: SkyTean, Star Alliance, HHonors
Posts: 155
You may want to forward a copy of the email to [email protected] with a short explanation. There was a recent incident of a M+ account being compromised here MP locked my account due to "Fraud", Help {caused by UA error, access restored} and prudence suggest it may be wise to change your passwords (or consider a password manager like LastPass / 1Pass / etc.)
To OP - if you do forward your message over, be sure to include your full e-mail headers. Google "<your mail client> display full headers" or something like that and you should find instructions on getting them. In Gmail at least it's the three dots to the right of the subject when you have a message open, then 'Show Original' from that menu. I don't remember any others offhand.
#19
Original Poster
Join Date: Aug 2009
Location: Houston, TX
Programs: Continental OnePass Platinum
Posts: 416
Check the address you sent the message to in your sent messages folder. As was said above, there's a From: header that's used for display and a Reply-To: that's used when replying (at least that's how most mail clients work).
It's pretty easy to spoof e-mails, but also pretty easy to rule it out, if you can read the e-mail headers.
It's pretty easy to spoof e-mails, but also pretty easy to rule it out, if you can read the e-mail headers.
Random Person
Intl’ CTO Sales Representative
United Paseo de la Reforma 250, Planta Baja Ciudad de Mexico, Mexico 06600
Tel +52 (55) XXXX-XXXX Cel +52 (55) XXXX-XXXX [email protected]
You may not believe it from this thread, but I'm reasonably computer savvy. I sent a new email (not a reply) to [email protected]---and got a response. Being able to do that (respond to a united.com email) would make this more sophisticated than 99% of the phishing attacks out there. Doesn't rule it out, of course, but I'm not important enough for the Russian government to try to get my CC info.
#21
Original Poster
Join Date: Aug 2009
Location: Houston, TX
Programs: Continental OnePass Platinum
Posts: 416
To OP - if you do forward your message over, be sure to include your full e-mail headers. Google "<your mail client> display full headers" or something like that and you should find instructions on getting them. In Gmail at least it's the three dots to the right of the subject when you have a message open, then 'Show Original' from that menu. I don't remember any others offhand.
#22
Join Date: Jul 2012
Posts: 1,115
Based on the information provided here, which is limited, I call LEGIT on this one, but I reserve the right to re-qualify to SCAM if OP provides a more complete picture. That being said, I'd still not give my CC over the phone, but that's just my personal policy of never doing that, and is unrelated to this specific case.
Maybe the published fare has actually gone $50 cheaper, who knows?
Last edited by mozilla; Oct 16, 2018 at 2:41 pm
#23
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,157
So they actually use a @UNITED.com address, and you sent a reply to that @UNITED.com address and they replied from that address? Reminds me of this recent thread, where it turned out to be legitimate.
Did you catch it? Did you notice that the "I" (eye) in that was actually an "l" (lower case ell)?
I'm not saying it's not legitimate, but...
#25
Join Date: Jul 2012
Posts: 1,115
Could it be chalked up to cultural differences? This was also the case in the Air India story I linked above.
#26
FlyerTalk Evangelist
Join Date: Feb 2003
Location: Denver, CO, USA
Programs: Sometimes known as [ARG:6 UNDEFINED]
Posts: 26,700
If you do go for this, I'd go get a gift card credit card, load it with the $$ you think you'll need, and then reveal that number to the scamm-- er, United rep.
#27
Join Date: Jun 2002
Location: SFO/JFK/MGA
Programs: UA 1P MM, AA-PP, AS, DL, HH G, SPG Gold, TA nada
Posts: 2,043
I feel like you should tweet @UNITED to confirm whether they have a ticketing operation in the DF.
The email had the following footer:
Random Person
Intl’ CTO Sales Representative
United Paseo de la Reforma 250, Planta Baja Ciudad de Mexico, Mexico 06600
Tel +52 (55) XXXX-XXXX Cel +52 (55) XXXX-XXXX [email protected]
You may not believe it from this thread, but I'm reasonably computer savvy. I sent a new email (not a reply) to [email protected]---and got a response. Being able to do that (respond to a united.com email) would make this more sophisticated than 99% of the phishing attacks out there. Doesn't rule it out, of course, but I'm not important enough for the Russian government to try to get my CC info.
Random Person
Intl’ CTO Sales Representative
United Paseo de la Reforma 250, Planta Baja Ciudad de Mexico, Mexico 06600
Tel +52 (55) XXXX-XXXX Cel +52 (55) XXXX-XXXX [email protected]
You may not believe it from this thread, but I'm reasonably computer savvy. I sent a new email (not a reply) to [email protected]---and got a response. Being able to do that (respond to a united.com email) would make this more sophisticated than 99% of the phishing attacks out there. Doesn't rule it out, of course, but I'm not important enough for the Russian government to try to get my CC info.
#28
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,157
How do you have a reservation that you didn't pay for? FareLock, booked via a travel agents, or what?
The more I think about it, I can see that this could absolutely be legitimate. Many companies have systems that detect abandoned "shopping carts" on websites and then try and get you back. If you walked all the way through the booking process on the website and then canceled out (leaving the reservation but without then ticket) then having someone follow up to try and get you back - especially if the fare has dropped in the interim - would potentially make sense.
The more I think about it, I can see that this could absolutely be legitimate. Many companies have systems that detect abandoned "shopping carts" on websites and then try and get you back. If you walked all the way through the booking process on the website and then canceled out (leaving the reservation but without then ticket) then having someone follow up to try and get you back - especially if the fare has dropped in the interim - would potentially make sense.
#30
Original Poster
Join Date: Aug 2009
Location: Houston, TX
Programs: Continental OnePass Platinum
Posts: 416
How do you have a reservation that you didn't pay for? FareLock, booked via a travel agents, or what?
The more I think about it, I can see that this could absolutely be legitimate. Many companies have systems that detect abandoned "shopping carts" on websites and then try and get you back. If you walked all the way through the booking process on the website and then canceled out (leaving the reservation but without then ticket) then having someone follow up to try and get you back - especially if the fare has dropped in the interim - would potentially make sense.
The more I think about it, I can see that this could absolutely be legitimate. Many companies have systems that detect abandoned "shopping carts" on websites and then try and get you back. If you walked all the way through the booking process on the website and then canceled out (leaving the reservation but without then ticket) then having someone follow up to try and get you back - especially if the fare has dropped in the interim - would potentially make sense.