You may have received an e-mail from Delta Airlines today confirming an itinerary you never booked. The company is reporting a phishing incident, leaving customer service lines clogged.
VentureBeat’s Matt Marshall received one of these faked itineraries, and he was told by Delta customer service representatives that around half of the company’s customer services calls have been associated with these phishing emails. Delta has confirmed that these emails did not originate from the airline and that customer’s personal information is not compromised.
Delta cautions recipients not to open any links or attachments and not to respond with any personal information. The company recommends that you change your SkyMiles account PIN number just in case.
Delta said this on its website: “Be assured that Delta did not send these emails, and our customers’ credit cards have not been charged by Delta as a result of the emails. These emails did not originate from Delta, nor do we believe that any personal information that you provided us was used to generate these emails. We will continue to post updates on this page as additional information becomes available.”
We contacted the U.S. Computer Emergency Readiness Team, who said they have not yet seen a larger hack on Delta and have no comment otherwise.
It’s a pretty sloppy email spoof. The itinerary doesn’t have much Delta branding on it, and the “sender” isn’t even faked. Ours was sent to firstname.lastname@example.org from email@example.com. To its credit, the phishing email does have a traditional itinerary look and a number of legitimate links back to Delta. Hidden among these links, however, are some that lead to “ChurchMyStyle.com.”
Here’s what the itinerary looks like: