You open your email program and there's a message from American Airlines with the heading "download your ticket." That's weird, you think, I didn't buy an airline ticket.
But you open the email and there, indeed, is an official-looking link to download a ticket. It must be some mistake, you think, but the idea of a free airline ticket is simply too hard to resist -- so you click.
If you do, you will be disappointed to learn you haven't downloaded a free airline ticket but a computer virus instead.
The emails, of course, are not from American Airlines but from spammers distributing malware. Once the malware is loaded on your computer the hacker can steal personal information and financial data.
The airline ticket ruse is just the latest incarnation of an old scam. Because most airline tickets are now distributed electronically scammers are counting on victims to click first and think later.
Warning from American
"Do not click on any links, open any attachments, call phone numbers listed or follow any instructions in these fraudulent emails including opening any type of attachments," American Airlines warns on its website. "Instead, delete all emails and attachments. American Airlines will never send executable files as attachments, nor ask our customers for this type of personal information in email communications."
Details, including subject lines, order numbers and flight information in the subject line or body of the malware emails may vary. And not all work exactly the same way.
Different types of emails
Some emails may contain the malware in an attachment. Others may direct victims to a Website where the malware is installed.
Even the name of the airline may not be the same. There have been reports that some consumers received the bogus ticket emails purporting to be from Delta Airlines.
The scammers, of course, are counting on human nature working in their favor; that people drawn to the idea of getting an airline ticket they didn't pay for will cause them to act in a reckless manner.
To avoid these scams always refrain from even opening obvious spam emails and be very suspicious of those asking for sensitive information or directing you to click on links.