Qantas warns of email scam aimed at holiday travelers
A Qantas email scam that contains malware shows that humans are still the "most vulnerable vector" for cyber criminals to target, according to a security analyst.
Qantas has issued a warning about the seat selection fee receipts scam emails. According to the airline, the emails can easily be spotted as fakes because they include inaccurate amounts paid for selection. They include an attachment which is understood to contain malware.
"Recipients of the email are being advised not to click the links or download the attached files. We also recommend that recipients run up-to-date security software on their PC and regular virus scans to help protect against security threats," a Qantas spokesperson said in a statement.
Scams rely on trusting recipients
The Qantas spokesperson added that its subsidiary Jetstar warned customers about scam emails featuring fake itineraries which came to the airline's attention during the first week of December.
IDC Australia senior market analyst Vern Hue said that email scams are still "very prevalent" as they are profitable for scammers preying on unsuspecting victims. (See also "In Pictures: How to Spot an E-Mail Scam.")
"I believe that the human is the most vulnerable vector that cyber criminals target," he said. "Although the security solutions available in the market can detect a large amount of malicious content, the truth is that some of them will manage to evade detection."
According to Hue, it is then up to the person who receives the email to make the right judgment on the authenticity of it and take the right security measures.
"From a business angle, proactive steps, such as engaging in external threat monitoring and cyber intelligence is a useful tool that proactively seeks out threats against organizations, and in this case, cyber fraud," Hue said.
However, he pointed out that the vast majority of cyber fraud threats target end-users and urged organizations to step up their investments in security awareness and education programs.
"This has to be treated not from a user policy perspective, but done in a very practical level to ensure the users know that their actions can make a difference," Hue said.
Aside from ensuring that antivirus, anti-malware and anti-spyware products are kept up-to-date, he said that end users should patch applications and the operating system they are running.
"Some other measures like using different security providers can help deter these attacks," Hue said. "The key here is to have a layered approach in safeguarding your IT environment."
Follow Hamish Barwick on Twitter: @HamishBarwick. Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia.