{"id":1475,"date":"2019-04-06T19:33:39","date_gmt":"2019-04-06T19:33:39","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=1475"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Fake-Airline-\"Travel-Itinerary\";-Emails-Lead-To-Locky-Ransomware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=1475","title":{"rendered":"Fake Airline &#8220;Travel Itinerary&#8221;; Emails Lead To Locky Ransomware"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nEmails purporting to be from various well-known airlines claim that you can view the \u00a0travel itinerary for a supposed flight booking you made by opening an attached .zip file.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe emails are not from real airlines and the attachments do not contain a \u00a0travel itinerary. Instead, the attachments contain a malicious file that, if opened, can download and install Locky ransomware.<\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: Travel Itinerary<\/strong>Dear [Name derived from email address removed]<\/p>\n<p>Thank you for flying with us! We attached the Travel Itinerary for Your booking number #9EEA4B3.See the paid amount and flight information.<\/p>\n<p>Best regards,<br \/>\n[Name Removed]<br \/>\nQantas Airways<\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to emails that are currently hitting inboxes around the world, you can view a travel itinerary for an airline booking you made by opening an attached .zip file. The emails, which are signed by supposed staff of various high profile airlines, include a booking number and advise \u00a0that you can see the amount you paid and your flight information in the attached file.<\/p>\n<p>However, the emails are not from the listed airlines and the attachments do not contain any sort of \u00a0travel itinerary.<\/p>\n<p>Opening the attached .zip file reveals another file hidden inside. Clicking this file can <a title=\"Travel Itinerary from random airlines delivers Locky\" href=\"https:\/\/myonlinesecurity.co.uk\/travel-itinerary-from-random-airlines-delivers-locky\/\">download and install Locky ransomware<\/a> on Windows computers. Once installed, Locky can encrypt all of the files on your computer and then demand that you pay a fee to online criminals to get the decryption key.<\/p>\n<p>Details, such as the name of the airline, the name of the supposed booking agent, and the bogus booking number, can vary in different incarnations of these emails.<\/p>\n<p>The criminals responsible for this malware campaign bank on the fact that at least a few people will be panicked into opening the attached file in the mistaken belief that they have been charged for flight tickets that they never purchased.<\/p>\n<p>In fact, criminals have used <a title=\"Qantas 'E-Ticket Itinerary Receipt' Malware Email\" href=\"http:\/\/www.hoax-slayer.com\/qantas-flight-itinerary.shtml\">bogus travel or flight \u00a0itinerary emails<\/a> in a <a title=\"Expedia Travel Itinerary Malware Email\" href=\"http:\/\/www.hoax-slayer.com\/expedia-travel-itinerary-malware.shtml\">number of malware attacks<\/a> in recent years.<\/p>\n<p>If you receive one of these emails, do not open any attachments or click any links that it contains.<\/p>\n<p>&nbsp;<\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"717\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-telstra-bill-emails-again-being-used-to-distribute-malware\/malware-binary-code-glass-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" data-orig-size=\"800,546\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"malware-binary-code-glass-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-300x205.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" class=\"aligncenter size-full wp-image-717\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" alt=\"Malware on Binary Code Graphic\" width=\"800\" height=\"546\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-300x205.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-768x524.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-293x200.jpg 293w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p class=\"date\">Last updated: October 4, 2016<br \/>\nFirst published: October 4, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"Travel Itinerary from random airlines delivers Locky\" href=\"https:\/\/myonlinesecurity.co.uk\/travel-itinerary-from-random-airlines-delivers-locky\/\">Travel Itinerary from random airlines delivers Locky<\/a><br \/>\n<a title=\"Qantas 'E-Ticket Itinerary Receipt' Malware Email\" href=\"http:\/\/www.hoax-slayer.com\/qantas-flight-itinerary.shtml\">Qantas &#8216;E-Ticket Itinerary Receipt&#8217; Malware Email<\/a><br \/>\n<a title=\"Expedia Travel Itinerary Malware Email\" href=\"http:\/\/www.hoax-slayer.com\/expedia-travel-itinerary-malware.shtml\">Expedia Travel Itinerary Malware Email<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/fake-airline-travel-itinerary-emails-lead-to-locky-ransomware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/fake-airline-travel-itinerary-emails-lead-to-locky-ransomware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Emails purporting to be from various well-known airlines claim that you can view the \u00a0travel itinerary for a supposed flight booking you made by opening an attached .zip file. Brief Analysis: The emails are not from real airlines and the attachments do not contain a \u00a0travel itinerary. Instead, the attachments contain a malicious file [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1475","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1475"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1475"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1475\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}