One of the most common types of email fraud is called “phishing”. Phishing is the practice of sending phony email messages that are disguised as legitimate and often include company logos that look real. A typical phishing email will include a false claim about a customer’s account and either a link or button that takes them to a “spoof” website that mimics a reputable company’s actual website, in hopes that they will disclose personal information such as a credit card number or account information. Some phishing emails may also have attachments which may contain potential email viruses. Traditional phishing happens exclusively via the Internet with emails and attachments, but offline phishing involves sending direct faxes and/or postal mailings to consumers or businesses as well.
New Phishing Alert - September 10, 2015
We are aware of a new email phishing attempt in circulation containing fake itineraries and ticket #s. The email claims to be sent from American Airlines and the email address displayed within the message is: firstname.lastname@example.org.
This is a not an official correspondence from American Airlines. If you received this email, please do not click on any links within the message and delete it immediately.
Protect yourself from phishing
Examples of Phishing Emails, Faxes, Contracts and Postal Mailings
Email - Miles Reward Payment - May 11, 2015
Email - E-Ticket ready for Order - May 11, 2014
Email - E-ticket and flight details - Nov 28, 2014
Email - Your Order #392920211 - Apr 9, 2014
Email - eTicket Iteninerary - Jun 13, 2013
Email - Your Order#4259094 - Apr 9, 2013
Email - Your order XXXXX has been completed - Dec 15, 2012
Email - Your order has been completed - Jul 19, 2012
Email - Preferred seat purchase receipt - Jul 2, 2012
Email - it's time to check-in online - Apr 16, 2012
Email - Your Flight Order - Nov 17, 2011
Email - Order has been completed - Nov 3, 2011
Email - AAdvantage Program Offer - 2010
Email - AAdvantage Program Membership - Apr 7, 2009
Email - Your Online Flight Ticket - Oct. 14, 2008
Fax - Airline Travel Program - Nov 12, 2011
Example of Phishing Email with our partner carrier British Airways
Latest Example Email
What To Do If You Receive a Phishing Email, Fax, Contract or Postal Mailing
American Airlines will never ask you to perform security-related changes to your account in this fashion or send emails to collect user names, passwords, email addresses or other personal information. If you receive an email claiming to be from American Airlines, that asks for account information, it should be considered fraudulent and an attempt to obtain personal information that may be used to commit fraud.
If you receive this type of email, do not click on any links, open any attachments, call any phone numbers listed or follow any instructions in the email. Instead, forward a copy of the email, including the header to email@example.com so that we can investigate further.
If you receive a phishing fax or postal mailing, please scan the examples and forward via email to firstname.lastname@example.org. You may also want to file a complaint with the U.S. Postal Inspection Service.
Additional Characteristics of a Phishing Email
- Asks for Personal Information: Many phishing emails request personal information such as credit card or account information, passwords, etc. Legitimate emails will never ask you to perform security-related changes to your account or send emails to collect user names, passwords, email addresses or other personal information through email or over the phone.
- Official-Looking Sender’s Email Address: The “From” line may include an email address that appears legitimate.
- Generic Email Greeting: Many phishing emails begin with something generic like “Dear User” or “Dear Customer”.
- False Claims: Many phishing emails make false claims about the status of your account and ask you to update or validate your account by clicking on an embedded link in the email. Some may also include a false sense of urgency and state that your account may be in jeopardy if it is not updated immediately.
- Fake Links: Many phishing emails include links that look valid but that send you to a spoof site. Never click on these links as the URL (Web page address) shown may appear to be legitimate (www.aa.com) but may actually display a different URL when you hover over the link with your mouse.
- Attachments: Never click on attachments as they may cause you to download spyware or a virus.
- Typos and Poor Grammar: Many phishing emails contain typos and poor grammar in the content.