Phishing scams are a form of social engineering attack, perpetrated by criminal-minded individuals who depend on human interaction to obtain information about an organization, or about data assets stored on computers. Most of these attacks come in the form of emails which seem very respectable and legitimate, and they often claim to be sourced from someone new to the company, or someone researching the company.
By obtaining information from victims, attackers can very often gain access to vital accounts and make use of that information for profit. Sometimes these attacks can also be posed as coming from external benevolent organizations like charities, seeking to assist individuals who have been victimized by natural disaster or health issues. No one is immune from these kinds of attacks, as hackers continue to probe for vulnerabilities among individuals in every aspect of life.
Aviation Phishing Scams
The aviation industry is not one that people typically think of in connection with phishing scams, but as the following discussion will point up, this particular industry is certainly not immune from the efforts of cyber attackers. Delta Airlines has been the subject of numerous such attempts in the past, all orchestrated by parties unknown for the purpose of extracting customer information from people, under the pretext of air travel benefits offered.
Some of these information-gathering attempts have included illegitimate emails, inquiries through the social media, postcards sent to individuals, and gift card promotional websites. In many of these attempts, the sender or originator claims to be an employee of Delta Airlines, and promises free travel or free prizes which can be claimed by following certain actions.
Delta Airlines has gone to great lengths to assure its employees and its customers that they have never marketed their services in this way, nor do the intend to. A typical scam involves sending a random user an email acknowledging the purchase of a Delta Airlines ticket, noting that a credit card has already been charged, and that the transaction is now complete. It goes on to say that a receipt is attached to this email, and should be opened by the recipient to retain for their records.
An alternate version of this same scam offers free airline tickets in exchange for opening an attachment, and liking or following the linked account. Of course, both of these phishing attempts will unleash malware which immediately infects the user's computer, and if the computer is attached to a network, the virus will gain access to that as well.
Actions To Take
Delta advises anyone who's been contacted in this manner to adopt the following best practices for data protection, and to safeguard personal information:
- Do not use the same password across multiple websites which contain personal information, especially if that information contains account numbers, credit card numbers, or any other data used in the process of making purchases
- Never click on links included in email messages or unofficial webpages
- Never open attachments of any type when the text of an email asks you for personal information – any such emails should be immediately deleted instead
immediately after receiving any kind of solicitation like this, change your SkyMiles account password. It would also be wise to monitor your SkyMiles account subsequently for any kind of activity not originated by you personally
- Passwords on delta.com should contain between 6 and 20 characters and cannot be the same as your SkyMiles number, email address, or username, nor can they contain any non-English characters.
General Avoidance Of Phishing Scams
Such phishing scams can be extremely damaging to a person or company who has been victimized, and can literally include the loss of some or all of your significant assets, or can have even worse results. In order to avoid being victimized by some of these very clever attempts, there are some other good habits to develop, apart from those specified by Delta Airlines to their customers.
- Use of any anti-phishing features which are provided by your web browser or your email provider.
- Your computer should be protected by antivirus software, firewalls, and even email filters which will automatically drop at least a percentage of these criminal attacks.
- Whenever you're not sure about the legitimacy of an email, either delete it right away, or take the time to verify its legitimacy by contacting the supposed sender.
- It's a good idea to pay close attention to the URL of the sender, because sometimes they mimic legitimate site addresses, but have slight variations which are giveaways to their criminal intent.
In general, it's a good idea to avoid sending any personal information over the Internet, unless you have first confirmed that the website you're on is a secure site. As a general practice, personal information should never be supplied in an email, and any email which asks for personal or financial data should be either ignored or deleted out of hand.
For the same reason, you should never click on a link supplied by such an email. Any email requesting information about the organization you work for should also be ignored, since legitimate senders almost never request such information over an insecure medium. Always be suspicious of any kind of unsolicited phone calls or email messages asking about employees you work with, or any other details about your workplace.
While these may sound like overkill precautions to take, anyone who has ever been victimized by a phishing attack can confirm that they are well worth the effort. A little extra care with your personal information, and a little more skepticism about unsolicited communications can thwart the criminal intentions of today's social engineering criminals.
When In Doubt - Contact An Expert
For advice on all matters related to network and computer security, contact a security professional, where cybersecurity is our only business. Whether your system has already been breached, or you wish to prevent such a breach, we can provide expert-level assistance! Download our FREE Special report and learn more how to protect yourself and data assets.