Phishing targets Qantas frequent flyers
A new phishing campaign targeting Qantas frequent flyer users looks to be underway. We’ve extracted several emails over the past two days aimed at stealing the login credentials of Qantas frequent flyers and Qantas Club members.
We have reproduced one of the emails in Figure A. It is a fairly standard type of phishing email, composed mostly of plain text. The specific targets for this type of email are people who are travelling and may be either using their mobile device to read emails or using a hotel Wi-Fi and checking emails on their tablet.
The email informs the user that the “System recorded a failed attempt with your user ID from another location” and therefore the users need to login to update their account information. The subject line of the email is “New Update from Qantas”, whilst the email sender is listed as “frequent_fyler.com.au”.
An eye catching opening line, “PLEASE UPDATE YOUR QANTAS ACCOUNT INFORMATION” is used; again, this is probably designed specifically for tablets and mobile devices. Note the urgency implied in the email by the use of all caps. A link is helpfully provided in the email; it looks authentic, given that it supplies an actual Qantas URL.
There are several signs that this email is a fake. The email salutation is “Dear Client”, whereas Qantas will always use a personalised salutation. The wording and general grammar of the email is average at best. The big indicator however is mousing over the link. Whilst the URL says Qantas, mousing over it reveals it to link back to a suspected phishing site.
This email is probably aimed at people who are flying home from holidays, or currently on holidays. If you do receive this email, delete it. Don’t click on the link.