Heimdal Security researchers spotted fraudsters sending phishing emails under the guise of blank Delta Airlines' ticket confirmations.
The victims receive an email purportedly from Delta stating that the user's ticket order has been confirmed using their credit card, however the email does not contain any further details about the flight. However, it does contain links to check the “status” of the flight, according to an 20 April blog post.
Upon clicking the links, users are redirected to several compromised sites containing malicious word documents infected with Hancitor malware that specialises in acting as a bridge for further malware downloads, the post said.
Researchers said the phony emails can be spotted by their illegitimate email address, which should end with “@delta.com” not “@deltaa”, the lack of information about the flight itself, which airline confirmations usually include, and the overall difference in the visual format of the email.