Monday, 10 July 2017

British Airways Mystery Tour



BA plane
A family of frequent flyers with British Airways registered with www.britishairways.com for a service that enables family members to pool their air miles via a British Airways Executive Club Household Account. 

Each person who registered received an email from BA, giving a confirmation link to add the new account. Each person is required to use the link to  connect to a specific page on the BA website to complete their registration. Linking from the first few emails worked as expected.

Then something odd happened with the last one...

The link in one email led to an obvious phishing website which was running a video and sales pitch. The family member quickly deleted the tab from their browser. They returned to the email and tried the link again, to be presented with a different sales pitch. Again, they closed the tab and, this time, also the browser.

Starting afresh, they tried a third time and up popped a warning “Your computer is infected. Do not turn off your browser or your data may be lost…" etc. The user shutdown the computer, disconnected their external backup, and called for support (an associate who works with The BPc).

The computer appeared no worse for wear and the B.A. emails appeared to be genuine, correctly formed and with similar code to the other emails that all worked as expected. However, on closer inspection, the link on the 'problem' email was slightly different - the dot was missing after the www giving a link at wwwbritishairways.com rather than britishairways.com

from the air & waiting to fish
leaving the skies for a spot of fishing
And there was the problem: wwwbritishairways.com is a phishing website owned by a squatter!

Copy/Pasting the link from the email into a browser, manually, and inserting the dot in the correct place between the www and britishairways, enabled the link to work as expected, going to the appropriate website page to complete registration.

For some reason, in this one email from British Airways, the link was formed incorrectly.


The phishing website is an opportunistic one like hundreds of others, waiting for an unsuspecting surfer to mistype a web address. Luckily, in this case, there was no harm done. You can TechCrunch for more good & bad examples.

Although you might expect the odd mis-type to take you on an unexpected journey when using the internet, you don’t expect a major corporation like British Airways to direct you to a highly suspect website!

BA has been informed, so hopefully this particular gate will be closed today. We'll keep you posted if/when we hear something :)

No comments:

Post a Comment