Actually, I might have gotten phished, scammed, or trojaned – I really can’t tell. Anyway, I just returned from SANSFire 2008, and had the following email waiting for me in my inbox:
From: Emmett Dugan" US Airways <tengels@SOMENONUSAIRDOMAIN.net>
Subject: E-ticket #4118328071
Thank you for using our new service "Buy flight ticket Online" on our website.
Your account has been created:
Your login: ICHANGEDTHISADDRESS@paradigmcc.com
Your password: passWQR7
Your credit card has been charged for $487.39.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Now, what’s scary is that I flew US Air, but I didn’t give them this email address. I also didn’t pay $487.39. Also, they were nice enough to send an attachment, zipped. I saved it to a quarantined space, and looked inside. Sure enough, there’s an EXE there. I didn’t open it. Maybe I should send it do someone for analysis.
I’m fairly sure this was a random thing, but it goes to show how someone could very easily be sucked in to opening an attachment from a scammer if the timing is right. If you’re sending out millions of these things, eventually something’s going to hit.