Web users are being warned to watch out for a new type of phishing email scam doing the rounds, this time, impersonating an airline flights purchase confirmation email.
Victims clicking through on the links within the phoney email could potentially be lured in by a fake cryptocurrency investment scam. This could result in huge amounts of money being lost, should they supply their financial details to the scammers.
As scam emails go, this one has it all. It steals the brand design of a legitimate business – Qatar Airways, in the example we came across, plus the Daily Mirror news site; it seizes on excitement and misunderstanding about cryptocurrency investment; it uses falsified celebrity endorsements; it pretends to have dozens of happy investors and, finally, it runs the very real risk of costing victims a fortune.
Phishing scam emails, of course, are nothing new. While inbox filtering and fraud detection keeps on improving, new scam email variants may slip through the net. We explain how this email scam works, plus what to do (and not to do) if you come across it.
How the Airline Email Scam Works
The scam impersonates an airline ticket confirmation email – in this case, from Qatar Airways.
Should you receive such an email, it's easy to momentarily panic – after all, an international flight is a potentially costly purchase. The scammers are hoping that users will fall for this ruse, and mistakenly click to find out more, without pausing to think things through.
It's surprisingly easy for a scammer to imitate a brand in this fashion. Typical phishing scammers can easily change their email account name to mimic that of a real business. Plus, brand logos and colors can be copied in moments.
A few key details give away that this scam email isn't the real thing:
- The email isn't addressed with a customer name – little surprise, as it has been sent to multiple recipients
- There are no details given about the flights that have supposedly been booked, such as destination, date or cost
- Every link in the email – including the “reference number” takes you to a site that has nothing to do with Qatar Airways
The latter point is crucial when dealing with scam emails. Always check where the links send you. You can do this (safely) by hovering over the link, without clicking it, on a desktop. Alternatively, hold down on the link on a smartphone (rather than doing a short tap) to preview the destination address.
So, where do all those sketchy links take you?
What Happens if You Click the Email Scam Link?
Clicking any of the links in the scam email, above, will lead you to a further website, where you're encouraged to deposit money to take part in a cryptocurrency investment scheme.
The initial site is dressed up to look like the UK's Daily Mirror newspaper site, though, in truth, it has nothing to do with the real Mirror brand. Readers are told of huge fortunes that can be made after making an initial investment of their own money. Needless to say, this is a scam through and through – it's a huge risk to supply your financial details like this.
The website may have the Mirror's branding, but it's not related at all. Once again, the scammers have leveraged a real-world brand identity in order to build trust and trick victims.
This isn't how Richard Branson made his fortune, but the UK billionaire's image is used to add credibility to a scheme that could potentially steal a fortune from victims.
Though the comments at the bottom of the page have the look and feel of Facebook user comments, they aren't – clicking the profile names leads back to the same page.
What to Do if You Receive a Scam Email
Scam emails may be the bane of inboxes and junk folders worldwide. But, a few simple steps of best practice can keep you safe:
Delete it – it doesn't get much easier than this. Delete the email and relax, while remembering that you haven't been personally targeted. these emails are sent out in their thousands, so your account isn't likely to be at any particular risk.
Report it – if you're feeling like a good digital citizen, you can use the Report / Mark as Phishing function in your inbox. Gmail and Outlook.com, in particular, help to make this easy. This flags the sender to your email account provider, and helps to protect other users.
Don't panic – take it slow when you see a scam email. The sense of urgency is a scammer's best friend, as it compels victims to act without thinking. Even if you click through to a link within the email, don't panic – it's unlikely this alone will put your computer at risk. Run an antivirus scan to be sure.
Never give your details – don't supply personal or financial information after following a link on an unsolicited email. If you do, the key is to act fast – begin by warning your bank of what you've done, so they can take steps to freeze your account or block transfers to new recipients. Change your email password, or the login details you use for any account that may have been impersonated.
Read more from Tech.co about staying safe online
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews.