It didn’t take long for this new years I guess for people attempting to try and scam others with the old e-mail spoofing routines. I got this e-mail that is dressed up in such a way where it made it appear that I have purchased an airline ticket from American Airlines. Attached to it is a file called “Ticket.zip” which I would assume the person wants you to open it as it contains a computer trojan/virus. This was the message:
From – Mon Jan 02 13:47:11 2012
X-Account-Key: account6
X-UIDL: 1325516308.18592.pt01
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Return-Path:
Received: (fqmail 18591 invoked from network); 02 Jan 2012 14:58:28 -0000
Received: (qmail 5268 invoked from network); 2 Jan 2012 14:58:27 -0000
Received: from mail-out2.superb.net (mail-out2.superb.net [66.36.226.26])
by mx10.futurequest.net ([10.2.1.182])
with ESMTP via TCP; 02 Jan 2012 14:58:27 -0000
Received: from sh-b4.dca2.superb.net (sh-b4.dca2.superb.net [207.228.240.77])
by mail-out2.superb.net (Postfix) with SMTP id 144142BD
Received: (qmail 68076 invoked by uid 80); 2 Jan 2012 14:58:26 -0000
Date: 2 Jan 2012 14:58:26 -0000
Message-ID: <20120102145826.68075.qmail@sh-b4.dca2.superb.net>
Subject: Your Order#2713747
X-PHP-Script: www.personalinjurylawyerservices.ca/b899.php for 94.136.40.100
From: “American Airlines”
X-Mailer: lightbulbruffiansof6
Reply-To: “American Airlines”
Mime-Version: 1.0
Content-Type:multipart/mixed;boundary=”———-13255163064F01C612CE846″
X-CTCH-Spam: Unknown
X-CTCH-RefID: str=0001.0A020207.4F01C613.002C,ss=1,re=0.000,fgs=0————13255163064F01C612CE846
Content-Type:text/html;
Content-Transfer-Encoding: 8bitHello
FLIGHT NUMBER AA534
ELECTRONIC 836950816
DATE & TIME / JANUARY 31, 2012, 10:53 PM
ARRIVING / Tallahassee
TOTAL PRICE / 271.25 USD
Please find your ticket attached.
To use your ticket you should print it.
Thank you for using our airline company services.
American Airlines.
————13255163064F01C612CE846
Content-Type: application/octet-stream;name=”Ticket.zip”
Content-Transfer-Encoding:base64
Content-Disposition:attachment;filename=”Ticket.zip”
Be smart for the new years and just ignore the e-mail. Otherwise you will probably have one additional computer repair expense. I did find it kind of interesting that in the header of the e-mail under “X-PHP-Script” as you can see it lists a lawyer’s firm. Makes me wonder if they are simply oblivious to this or if someone within their organization had a security mishap.
There are probably going to be a lot more variations of this mail too though so while the information may not be exactly the same just don’t open the attachment. If you are really that paranoid on whether or not this is real then simply check your credit card first.
1 Comment