Security Alert: Beware of airline phishing scams

As you begin making summer travel plans, the Department of Homeland Security wants to make you aware of email-based phishing campaigns targeting airline consumers.

According to the U.S. Computer Emergency Readiness Team (US-CERT), systems infected through phishing campaigns can act as an entry point for attackers to gain access to sensitive business or personal information.

New day, new scam

Airlines regularly report attempts by unaffiliated parties to fraudulently gather customer information in a number of ways:

  • Fraudulent emails
  • Social media sites
  • Postcards
  • Gift Card promotional websites claiming to represent the airline
  • Letters or prize notifications promising free travel

Most reputable airlines do not market to their customers this way, but individuals or groups hoping to gather and use your personal data can be inventive in their approach – often adding messages to generate a sense of urgency to take action.

Some messages may claim that you have purchased an airline ticket, a credit card has been charged, an order has been completed, an invoice/receipt is attached to an email or a website may offer free flights for following or liking an account.

What should you do?

If you see or receive one of these messages:

  • Do not open attachments as they may contain potentially dangerous viruses or harm your computer
  • Delete it from your inbox and disregard the website promotional claims
  • Consider changing your airline account password immediately and monitoring your account for any misuse – be sure to use a “strong password,” containing:
    • 8-20 characters
    • 1 number and 1 letter
    • 1 uppercase and 1 lowercase letter
    • Do not use the same password across multiple websites that contain your personal information
More security tips

Click here to review security tips from the United States Computer Emergency Readiness Team (US-CERT) about how to avoid social engineering and phishing attacks.