Skip to Content

Travelers beware! Elaborate flight phishing scams spreading!

Spring is a great time to get away and take that trip you’ve been looking forward to. Many Americans plan their annual vacations for right around this time of year.

That makes it the perfect time for scammers to target the high volume of vacationers. There is an elaborate scheme making the rounds right now that you need to be worried about.

How scammers are targeting travelers

Cybercriminals are targeting air travelers with a new phishing attack. Scammers are sending fraudulent emails, pretending to be from airlines or travel sites, that are designed to infect your gadget with malware.

Victims are receiving emails with subject lines pertaining to flight confirmations. The body of the email shows which airline your flight has been booked with, the cost of the flight and your destination. There will also be an attachment that looks like either a PDF or Word document that’s supposedly your receipt.


The attachment actually contains malware that allows the scammer to monitor your online activities and steal your personal data.

Another version of this phishing scam will have a link to a fake airline website instead of a PDF or Word document. Once you’ve clicked the link, the fraudulent site will ask you to enter personal information to confirm your identity. If you do this the scammer will have your data.

One way to avoid falling victim to this attack is never click on links or attachments found in unsolicited emails. If you recently purchased an airline ticket you can go directly to the airline’s website and see your itinerary.

You also need to familiarize yourself with phishing scams and what to watch out for. Keep reading for some ideas.

How to defend against phishing scams:

  • Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
  • Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
  • Use unique passwords – Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
  • Use multi-level authentication – When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts. Click here to learn more about two-factor authentication.
  • Check your online accounts  The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
  • Have strong security software – Having strong protection on your family’s gadgets is very important. The best defense against digital threats is strong security software.

More stories you can’t miss:

Watch out! Tricky scam calls spreading this weekend!

5 things you’re doing that put your financial life at risk

Why you should ALWAYS delete your web cookies (and how to do it)

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the tech forums.

Join Now