That Phish was *THIS* Big . . . No . . . Really . . . It Was

Now *that* was a great phishing expedition.

This afternoon I received an email that looked to be from US Airways, telling me it was time to check in for my flight. As it happens, I *am* flying somewhere tomorrow, and to a destination to which I have never flown before, so, thinking I must be flying some strange (for this SF’er, anyway) airline like USAir, I clicked on the link in the email.

Always nice to check in early . . .

Good ol’ Firefox, though, right then and there, said that I was being hijacked, so I backed off, closing the window that the link-click had opened and which was now displaying that unmistakable “Don’t go there” screen that FF puts up in these situations.

Thank you FF.

Silly me, though, I thought FF had misfired, so I opened another window and went directly to USAir and tried to plug the confirm code from the email into their flight check-in app. It wouldn’t work! Funny thing, though, is that the error message said, “This confirm needs to be six characters long” and, by gum, what I was typing in was six . . . count ’em, six . . . characters long. So now I am vewwwy confused.

So I went to my rezzies folder in my email client and it was only then that I realized that I was flying a different airline!

I’d been totally had.

So how many phishes does it take to find an email box of someone who is flying tomorrow? Someone who might also be flying on US Airways?  And what sad fate will befall those persons who actually click through to the link and put in the confirm code?

I am pretty sure I avoided that fate.

But I have to say that this was the best phish I’ve ever seen.

In the immortal words of the recently late Michael Clarke Duncan, when online, careful boss . . . careful.


316 words


Leave a Comment