{"id":2277,"date":"2010-02-16T13:21:56","date_gmt":"2010-02-16T20:21:56","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=2277"},"modified":"2018-01-30T12:34:31","modified_gmt":"2018-01-30T19:34:31","slug":"phishing-scampaign-targets-frequent-fliers","status":"publish","type":"post","link":"https://www.webroot.com/blog/2010\/02\/16\/phishing-scampaign-targets-frequent-fliers\/","title":{"rendered":"Phishing Campaign Targets Frequent Fliers"},"content":{"rendered":"

\"\"\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"\"<\/p>\n

\"\"<\/a>A variation of a phishing scam aimed at members of American Airlines’ AAdvantage<\/strong> program is circulating again. With links to a phishing Web site embedded in a spam message, the scampaign promises (in characteristically broken English) that all participants in a survey will receive, depending on the campaign, either $100, or “$50 & 25,000 miles” credited to their account.<\/p>\n

The spam messages are appearing not only in email inboxes<\/a>, but also as posts on what appear to be compromised blogs<\/a>. The messages usually include the following text, signed by “American Airlines Reward Department<\/strong>,” obvious errors and all:<\/p>\n

We are proud to inform you that today (current date) AmericanAirlines.com launch a new reward program. Please log in to your American Airlines account and take the 5 questions survey. For your effort you will be rewarded with …<\/p><\/blockquote>\n

It’s also amusing to note that the fraudsters have had to periodically raise the bar on what they’re offering. In the earliest iterations of this scheme, dating back to autumn 2008, they only offered $50…no miles included. Even in this tough economy, a fraudulent offer of merely $50 isn’t good enough to snare dupes anymore. Suckers<\/span> Customers can be so demanding!<\/p>\n

\"\"<\/a><\/p>\n

The spam messages tell recipients to click a link and enter a “Bonus Code” in order to participate in the survey. The Bonus Code, AA-1028917109<\/strong>, is hard-coded into the page.<\/p>\n

\"\"<\/a><\/p>\n

The site proceeds to ask victims to provide full details of their AAdvantage account, address, credit cards, drivers license, social security numbers, mother’s maiden name, and the rest of the stuff that would essentially permit the operators of the scam to freely abuse a victim’s financial accounts. Be sure to enter the proper salutation, Bro.<\/p>\n

\"\"<\/a><\/p>\n

Airlines haven’t exactly been swimming in cash lately, so I doubt they’re willing to pay $50 to $100 per head for a survey as rudimentary as the one the scammers are touting<\/a>. Looks like another instance of “if it seems too good to be true, it probably is.”<\/p>\n

\"wordpress<\/a><\/p>\n

Tip ‘o the hat to the folks at Flyertalk<\/a>! <\/em><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

A variation of a phishing scam aimed at members of American Airlines’ AAdvantage program is circulating again. With links to a phishing Web site embedded in a spam message, the scampaign promises (in characteristically broken English) that all participants in a survey will receive, depending on the campaign, either $100, or “$50 & 25,000 miles” […]<\/p>\n","protected":false},"author":65,"featured_media":17051,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4263,7355,7349,7353,3673,7351,7347,7345,3881,6675,3539,4441,7357,5573,4371,3675,6807,7241,4251,3471],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/2277"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=2277"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/2277\/revisions"}],"predecessor-version":[{"id":19141,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/2277\/revisions\/19141"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17051"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=2277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=2277"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=2277"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=2277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}