Recent American Airlines Breach Highlights The Impact of Phishing Scams

On September 16th, American Airlines filed a data breach notification letter which highlighted the fact that the airline giant encountered a breach which was discovered in July of this year. The breach consistent of malicious actors gaining access to private information for both employees and customers of American Airlines. This breach, like many others, was initiated by a phishing scam -- thirty-six percent of all breaches are a direct result of such attacks.

The airline company conducted an internal investigation which found that the perpetrators of the phishing scam likely accessed sensitive data including names, email addresses, passport numbers, dates of birth, drivers license numbers, mailing addresses, phone numbers, and for those individuals who disclosed this information to American Airlines for one reason or another, medical information as well. This is all information which falls under personally identifiable information, or PII, and is one of the major things hackers are after when they target victims in such an attack. The company claims that a "very small number of customers" were affected by this attack and that there was not any evidence to suggest that the hackers misused the stolen information. Sometimes, malicious actors will take the data they have stolen and put it on the dark web for sale, which is one way that such information could have been misused.

The airline said that, in response to the attack, they have been working with a cybersecurity company to investigate the breach to avoid another one in the future. They are also working to secure the employee email accounts which were compromised in the phishing attack. This highlights something that cybersecurity professionals always harp on - employees can be the strongest defense for a company or the weakest link in terms of cybersecurity. The difference between the two is simple: education.

Employees who are educated on how to detect and avoid a phishing scam are knowledgeable and can act as the first line of defense when it comes to such an attack. Employees who are unaware of how to identify a phishing scam and are unsure who to ask when they suspect something could be such an attack are often frustrated, confused, and fall for the scam, resulting in worse attacks such as data breaches and ransomware attacks.

There are four major identifiers for email phishing scams, which is the most commonly seen type of phishing attack out there. First, there is the sender's email address; oftentimes, malicious actors will create an email address that looks very similar to the legitimate sender they are trying to mimic, for example, a phisher trying to steal information may use the email address customer-suppport@microsoft.edu. Notice that the email address is close enough that if the recipient just glanced at the address that it would be easy to mistake it for the real thing. Additionally, there is a typo on in the name as well as the incorrect website domain (microsoft.edu as opposed to microsoft.com).

Secondly, it is common to see poor grammar and spelling errors throughout a phishing email - the scammers are hoping that they can dupe enough people who are just in a rush when reading the email for the scam to be effective for their purposes. In addition to these signs in the body of the email, there is also often a malicious link that the sender is requesting you click in order to receive some good thing or in order to prevent some bad thing (these malicious actors often work off of the emotion of the recipient). Lastly, Many email phishing attacks will call for quick action (either replying, clicking the aforementioned malicious link, etc.) or else, causing panic for many and making them act out of fear. Do not fall for this, and instead, try to find another way to contact whoever is trying to contact you to determine if it is legitimate.

Image by storyset for Freepik.