Monday, March 2, 2009

Best-Case Scenario: Phishing

Something new in my email today: a "Confirmation of ticket purchase at www.delta.com" - with a zip attachment. No, I didn't open the attachment.

I did, however, immediately check with my credit card provider - and "I" haven't bought any airline tickets.

My guess is that I'm looking at an attempt at phishing. Or, maybe just an effort to get malware into my computer. And, that whoever's doing this is technically proficient and clueless about the English language.

The email message was a mix of clever deception, and odd errors.
  • "support [at] delta.com" was the sender's listed address.
    • delta.com is, in fact, a domain registered by Delta Airlines
  • "Booking number: DEVKAM"
    • Granted, there are around 240,000,000 possible combinations of 6 letters (if I did my math right)
      That's still a pretty small number for a unique booking ID
    • But, what do I know?
  • Odd vocabulary
    • "daily press" might be used as a rather la-dee-da term for "today's paper"
    • "You are guaranteed top-quality services and attention on the part of our benevolent personnel." Is not something written by a person familiar with American English.

My Guess: Someone's Spoofing the Delta.com Domain

Purchasing an airline ticket is so far out of my way of life, that even a perfectly-written message would have been suspect. I can see someone who travels frequently, or who really wants to, opening that attachment.

I don't thank that would be a good idea. At all.
Update (March 4, 2009)
Thanks, Patrick, for your comment. I'm taking the liberty of repeating the first part here:

"Note: the attachment is a self-extracting executable zip file. Don't forget that .zip is always potentially .exe..."

The Message from "Delta:"

Redacted a bit.

Subject:
A Confirmation of ticket purchase at www.delta.com
From: "Delta Air Lines"
Date: Mon, Mar 02, 2009 5:57 am
To: <[email address redacted]>
Thanks for the purchase!

Booking number: DEVKAM

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.
It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

On board you will be offered:
- beverages;
- food;
- daily press.
You are guaranteed top-quality services and attention on the part of our benevolent personnel.

We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport. It will help you to pass control and registration procedures faster.

See you on board!
Best regards,

Delta Air Lines

2 comments:

Patrick said...

Note: the attachment is a self-extracting executable zip file. Don't forget that .zip is always potentially .exe...

We received this same email at a corporate email address that is used on a public-facing website, and was no doubt scooped up by a bot somewhere...

Brian H. Gill said...

Patrick,

Ouch. An obvious point, about .zip files being potentially executable. (Actually, when I've used Zip format, they were - containing a 'decompressing' program as a convenience to recipients.)

Thank you for pointing that out. And, for sharing your experience.

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory