• by Jess Nelson , April 3, 2017

A phishing scam targeting frequent flyers is so realistic that it has an email open rate above 90%, according to new research by Barracuda Networks. 

Nine out of ten phishing emails are being opened, according to the cybersecurity company -- a huge security risk that exposes consumers to data theft, financial loss, and malware.

Email isn’t just a communications channel, but a storage management system that organizes shopping receipts, shipping notifications, and travel plans. Many mobile email applications even have advanced features to highlight upcoming travel plans, including flights and car rental services.

The cyber scam spotted by Barracuda Networks takes advantage of this with a three-pronged attack containing impersonation, malware, and phishing. Barracuda Networks asserts that the phishing attacks are frequently targeting industries with a high level of employee travel, as well as companies that deal with shipping or logistics.

The scam begins with a phishing email, where a hacker pretends to be an HR or finance employee. The subject line contains flight confirmation details, with the airline, destination, and price of flight.

The counterfeit email then either contains downloadable malware or a phishing link. The downloadable malware is contained in a PDF or Microsoft Word attachment claiming to be a flight confirmation or receipt. Once the attachment is opened, malware spreads through the affected organization, enabling hackers to view and steal sensitive data.

Barracuda Networks have also seen emails containing a phishing link directing targeted consumers to a fake Web site designed to steal personal information.

It’s important to note that phishing emails have evolved significantly since the Nigerian scams of yesteryear. Now, cybercriminals use advanced social-engineering techniques to trick consumers into believing counterfeit communication is valid and secure. Hackers use information available online, such as social media posts and past data hacks, to create personalized phishing emails for nefarious purposes.

Just as in email marketing, personalized emails are more likely to be opened.