Malicious Email - British Airways E-ticket receipts
March 12, 2014
April 4, 2013
The fake British Airways e-ticket receipt e-mail message below is being sent to thousands of persons, in an attempt to trick them into opening a malicious attached file. The attachment is a HTML file that will redirect you to a malicious website that is setup to infect your computer with multiple malwares by taking advantage of the JAVA Zero-day exploit.
Please continue reading below.
Here is a copy of the malicious British Airways E-ticket receipt email message:
Booking reference: 9ML6966269
Thank you for booking with British Airways.
Ticket Type: e-ticket
This is your e-ticket receipt. Your ticket is held in our systems, you will not receive a paper ticket for your booking.
Your itinerary is attached (Internet Exlplorer/Mozilla Firefox file)
British Airways Customer Services
British Airways may monitor email traffic data and also the content of emails, where permitted by law, for the purposes of security and staff training and in order to prevent or detect unauthorised use of the British Airways email system.
British Airways Plc is a public limited company registered in England and Wales. Registered number: 55603199. Registered office: Waterside, PO Box 365, Harmondsworth, West Drayton, Middlesex, England, UB7 0GB.
How to contact us
Although we are unable to respond to individual replies to this email we have a comprehensive section that may help you if you have a question about your booking or travelling with British Airways.
If you require further assistance you may contact us
If you have received this email in error
This is a confidential email intended only for the British Airways Customer appearing as the addressee. If you are not the intended recipient please delete this email and inform the snder as soon as possible. Please note that any copying, distribution or other action taken or omitted to be taken in reliance upon it is prohibited and may be unlawful.
The name of the attachment is E-Receipt.htm (this name may change). If this file is open, it will redirect the victim's web browser to the malicious website address igionkialo.ru:8080/forum/links/column.php.
This website address contains the malicious BlackHole kit that will infect the victim's computer with malwares, if it is able to detect any forms of vulnerabilities on it.
If you receive this email, please delete it and ensure that you have the recommended version of JAVA installed on your computer. Click here to find out if the recommended version of JAVA is installed on your computer.
Please share with us what you know or ask a question about this article, by leaving a comment below. And, forward malicious email messages to us using the following email address: firstname.lastname@example.org .
Alert and help your family and friends by sharing this article with them: