Warning-malware spam scraped DL PNR's

Discussion in 'Delta Air Lines | SkyMiles' started by Gargoyle, Sep 8, 2014.  |  Print Topic

  1. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,015
    Likes Received:
    96,543
    Status Points:
    20,020
    I just recieved two malware spams from fradulent return addresses, both with attachments that they claim are e-tickets. The worrysome thing is they reference an actual date and destination of one of my existing flight reservations. They did get a lot wrong, (Zone 2, are you kidding me???, and it was actually an award ticket with different arrival time). I know PNR's are publicly accessible, someone is scraping them and finding the associated e-mail address (which shouldn't be publicly accessible).

     
  2. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,015
    Likes Received:
    96,543
    Status Points:
    20,020
    BTW, both spams came from hacked computers hosted on wideopenwest.com IP address 23.28.18.35
     
  3. Sammich

    Sammich Gold Member

    Messages:
    5,645
    Likes Received:
    22,439
    Status Points:
    11,025
    Do you have the email headers by any chance? with sensitive info filtered out, of course.
     
    WilliamQ and Gargoyle like this.
  4. anileze

    anileze Gold Member

    Messages:
    4,972
    Likes Received:
    12,805
    Status Points:
    10,675
    Someone got hold of cache ?
     
    Gargoyle likes this.
  5. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,015
    Likes Received:
    96,543
    Status Points:
    20,020
    Received: from tenderontheair.com (d28-23-35-18.dim.wideopenwest.com [23.28.18.35])
    by mail.gargoyleserver.com (8.14.4/8.13.1) with SMTP id s88IQl5e013074
    for <gargoyle@gargoyleserver.com>; Mon, 8 Sep 2014 14:26:47 -0400
    Message-ID: <000f01cfcb9272f9450a0601a8c0@Owner-PC>
    From: "Delta Air Lines" <confirmation@tenderontheair.com>
    To: <gargoyle@gargoyleserver.com>
    Subject: Your order # NR17-00835515 has been completed
    Date: Mon, 08 Sep 2014 14:26:47 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_000C_01CFCB70.EBE6C960"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: XimianEvolution1.4.6
    X-MimeOLE: Produced By XimianEvolution1.4.6
     
    Sammich likes this.
  6. alfagirl

    alfagirl Gold Member

    Messages:
    4,762
    Likes Received:
    3,107
    Status Points:
    2,270
    I got one the other day from 'Delta' (your boarding pass is attached...). I do not even have a DL account and/or any flights scheduled with them, how could they get anything about me from Delta? Unless they got into AA or UA as well......
     
  7. anileze

    anileze Gold Member

    Messages:
    4,972
    Likes Received:
    12,805
    Status Points:
    10,675
    I think either tenderontheair is compromised as being part of a botnet, or they got a site where gargoyle's contact information was in the database.
     
  8. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,015
    Likes Received:
    96,543
    Status Points:
    20,020
    clearly botnet, since two identical ones came from different domains on the same host. I've gotten spams about airplane tickets for years, but these were different because they matched a date and destination on a current PNR.
     
    anileze likes this.
  9. alfagirl

    alfagirl Gold Member

    Messages:
    4,762
    Likes Received:
    3,107
    Status Points:
    2,270
  10. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,015
    Likes Received:
    96,543
    Status Points:
    20,020
    I'm now getting 4 or 5 a day with random dates and destinations. However, none match an existing itinerary- that is what was so strange about those earlier two- date and destination matched a real booked flight.
     
  11. ACMM
    Original Member

    ACMM Gold Member

    Messages:
    25,796
    Likes Received:
    113,140
    Status Points:
    20,020
    You are indeed loved!

    (Posted from my milepoint enabled iPhone)
     
    Gargoyle and Sammich like this.
  12. MSPeconomist
    Original Member

    MSPeconomist Gold Member

    Messages:
    58,563
    Likes Received:
    98,528
    Status Points:
    20,020
    Shouldn't 70F be zone 3? That would be a looooooooooong airplane!
     
  13. USAF_Pride
    Original Member

    USAF_Pride Gold Member

    Messages:
    2,108
    Likes Received:
    4,015
    Status Points:
    2,545
    I got one the other day as well. I knew it was spam because it said zone 3 and seat 78E!!
     
    Last edited: Oct 2, 2014
  14. bigx0

    bigx0 Gold Member

    Messages:
    1,274
    Likes Received:
    2,287
    Status Points:
    1,270
    I got one purportedly from Delta. It had the carrier code listed as DE instead of DL!
     

Share This Page