Air Canada’s Aeroplan Is Being Used In An Email Based Phishing #Scam
Some new scams have hit my inbox as of late. And this Aeroplan one is interesting. For those of you who don’t know what Aeroplan is, this is an airline rewards program that is run by Air Canada and its partner airlines. I have an Aeroplan account so I do get marketing emails from them. But one look at this, I knew that this wasn’t one of them:
So the first thing was the fact that the word Aeroplan was highlighted several times. That is odd and when I compared it to other Aeroplan emails, this wasn’t present. So that put me on alert. The other thing that put me on alert is the typical scam hook of if you don’t do something, bad things will happen to you. In this case, if I don’t click the link to upgrade your Aeroplan account, your account will be limited. Whatever that means. Then there was the words “Kindly use the link below to upgrade your account.” Air Canada nor Aeroplan would ever use language like that. Finally, the email was allegedly sent from my personal email account. Meaning that the threat actor spoofed my email.
I wanted to go down the rabbit hole to see what the threat actor was up to. So before clicking on the link, I hovered my mouse cursor over it and saw this:
That looks like a link that has been shortened by Twitter’s link shortener. And that’s done to cover up the fact that if you click on it, which you should not do if you get this email, it will be taking you to someplace other than the Aeroplan website. But since I investigate these scams, I clicked it and this is what I got:
Now I have to give the threat actor credit here. Just like the email, this website is a very good replication of the actual Aeroplan website. Most people I think would be fooled by this. But if you look at the address bar, you’ll see that you’re not at the Aeroplan website as it’s not Aeroplan.com.
And at first glance, this fake website is going after your login details so that presumably the threat actors can log into your account and drain it of your Aeroplan points in the form of gift cards or something like that. And what’s interesting is that the website might be trying to validate that you’ve entered a valid Aeroplan number because when I tried to enter a bogus number, I got this:
This was also the case when I tried to enter a bogus email address. Clearly this threat actor has some skills as they really want to get your login details. And what’s even more interesting is that the links to create a new account or reset your password go to the real Air Canada website. I guess that they’re hoping that those who don’t remember their passwords will reset them, then come back to enter them in what’s clearly a phishing site. What concerns me is that the fact that the threat actor has spoofed my email address to try and scam me. That implies that this might be a targeted attack. I wonder if this is related to the fact that Air Canada got pwned in 2018. Then pwned again in 2023. And the threat actor or actors behind either of those attacks are using the information gained in either of those events to launch further attacks against Aeroplan members. Seeing as I’ve been an Aeroplan member for years, that seems plausible. Thus I would be interested to know if you’re an Aeroplan member and you get an email like this. If so, feel free to leave a comment below.
This entry was posted on March 13, 2024 at 9:28 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Air Canada’s Aeroplan Is Being Used In An Email Based Phishing #Scam
Some new scams have hit my inbox as of late. And this Aeroplan one is interesting. For those of you who don’t know what Aeroplan is, this is an airline rewards program that is run by Air Canada and its partner airlines. I have an Aeroplan account so I do get marketing emails from them. But one look at this, I knew that this wasn’t one of them:
So the first thing was the fact that the word Aeroplan was highlighted several times. That is odd and when I compared it to other Aeroplan emails, this wasn’t present. So that put me on alert. The other thing that put me on alert is the typical scam hook of if you don’t do something, bad things will happen to you. In this case, if I don’t click the link to upgrade your Aeroplan account, your account will be limited. Whatever that means. Then there was the words “Kindly use the link below to upgrade your account.” Air Canada nor Aeroplan would ever use language like that. Finally, the email was allegedly sent from my personal email account. Meaning that the threat actor spoofed my email.
I wanted to go down the rabbit hole to see what the threat actor was up to. So before clicking on the link, I hovered my mouse cursor over it and saw this:
That looks like a link that has been shortened by Twitter’s link shortener. And that’s done to cover up the fact that if you click on it, which you should not do if you get this email, it will be taking you to someplace other than the Aeroplan website. But since I investigate these scams, I clicked it and this is what I got:
Now I have to give the threat actor credit here. Just like the email, this website is a very good replication of the actual Aeroplan website. Most people I think would be fooled by this. But if you look at the address bar, you’ll see that you’re not at the Aeroplan website as it’s not Aeroplan.com.
And at first glance, this fake website is going after your login details so that presumably the threat actors can log into your account and drain it of your Aeroplan points in the form of gift cards or something like that. And what’s interesting is that the website might be trying to validate that you’ve entered a valid Aeroplan number because when I tried to enter a bogus number, I got this:
This was also the case when I tried to enter a bogus email address. Clearly this threat actor has some skills as they really want to get your login details. And what’s even more interesting is that the links to create a new account or reset your password go to the real Air Canada website. I guess that they’re hoping that those who don’t remember their passwords will reset them, then come back to enter them in what’s clearly a phishing site. What concerns me is that the fact that the threat actor has spoofed my email address to try and scam me. That implies that this might be a targeted attack. I wonder if this is related to the fact that Air Canada got pwned in 2018. Then pwned again in 2023. And the threat actor or actors behind either of those attacks are using the information gained in either of those events to launch further attacks against Aeroplan members. Seeing as I’ve been an Aeroplan member for years, that seems plausible. Thus I would be interested to know if you’re an Aeroplan member and you get an email like this. If so, feel free to leave a comment below.
Share this:
Like this:
Related
This entry was posted on March 13, 2024 at 9:28 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.