American Airlines Spam Delivers Malware

Barracuda Labs researchers recently came across impressively convincing fake ticket confirmation e-mails from American Airlines, which link to a subdomain of www.aa.com.reservation.

“The intent of the URL is to draw your eye towards the part that says www.aa.com, even though that domain has nothing to do with the link,” note Barracuda’s Luis Chapetti and Dave Michmerhuizen. “The actual attacks are delivered from a long subdomain that starts with www.aaa.com.reservation….., which also attempts to disguise that they come from a malicious domain registered only days earlier.”

The body of the e-mail reads, “Thank you for making your travel arrangements on AA.com! Your requested itinerary is now ON HOLD. Details below. To ensure that your reservation is not canceled you must complete the purchase of this reservation by clicking the ‘Purchase’ button on this email, or by using the ‘View/Change Reservations’ section on www.aa.com.”

All links in the e-mail actually lead to sites hosting the Blackhole exploit kit, which looks for ways to exploit the victim’s browser.

To stay safe, Chapetti and Michmerhuizen advise, don’t click on links in unsolicited e-mails, no matter how convincing they may seem — always visit the relevant Web site directly, rather than clicking on a link in an e-mail.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles