Budget airline impersonated by Facebook hoaxer and malware spammers

Filed Under: Facebook, Featured, Malware, Spam

Budget Australian airline Jetstar is suffering a double dose of cyberpain today.

First up was a hoaxer who managed to create a Facebook persona called "Jetstar Australia" and thus to post legitimate-looking comments onto Jetstar's official pages with sniggering disdain.

A customer who had written a lengthy complaint about Jetstar's policy on strollers (pushchairs) was advised:

This is a "comment box" not "write a long story" box. Please shorten it and send to someone who cares.

A lady unloading her frustration when trying to change her flight bookings online was rewarded with:

Thanks for leaving a comment. We have now cancelled your flights as requested.

And one who wondered if there were any good offers on cheap flights to Queensland's Gold Coast got smacked down with:

Dont be such a tight ass and pay the full price. Its cheap anyway.

The comments might seem amusing, but if you've ever been the victim of bogus online postings in your name - something that's hard to prevent and difficult to correct - you'll know how stressful (not to mention costly) it can be.

Jetstar has scrambled to distance itself from the bogus comments, and is advising people to double-check the Facebook profile of posts that look official:

Jetstar's second brush with having its name taken in vain in cyberspace happened this morning.

A malware spam campaign claiming to be a Jetstar flight itinerary started hitting Aussie mailboxes:

Infected emails contain an attachment with a name such as Jetstar Flight Itinerary-nnn.pdf.zip (nnn is a string of digits) that is, of course, no such thing.

The ZIP file contains an EXE file (Windows program) that is zombie malware. Sophos detects it as Troj/Bredo-AEG.

In a sort of double-whammy, Jetstar customers took to its beleaguered Facebook page to blame the company for the malware. One user vented that she was:

NOT IMPRESSED THAT JETSTAR HAS BEEN COMPRIMISED

That's definitely not fair criticism. (It's not terribly good spelling, either.)

There's nothing Jetstar - or any other brand, for that matter - can to do prevent a crook from constructing an imposter email that includes its company name, address, logo or look-and-feel.

Impersonating a company by email takes little more than cutting and pasting from a legitimate message.

In this spam campaign, for example, the marketing links in the email take you off to official pages such as the Jetstar Shop, and the "unsubscribe" link takes you to Jetstar's outsourced mailing list provider.

Inquisitive email users might have looked at the email headers, but even these are mocked up to make it look as though Jetstar sent the message and as if Symantec's "Star Scan" email filter had vetted it:

The real sender is shown in the topmost Received: header - a cable or DSL modem, most likely a home user's PC itself infected with zombie malware causing it to act as a spamming robot:

Rogue comments on social media sites and spams that hijack a brand are almost always outside the victimised company's control.

In this case, delete the email, and remember, don't believe everything you read on Facebook!

, , , , , ,

You might like

6 Responses to Budget airline impersonated by Facebook hoaxer and malware spammers

  1. Glen Towler · 695 days ago

    In New Zealand Jetstar are famous for there lack of customer service so maybe this fake facebook account will make them wake and start doing more to help there customers. I only fly Air NZ myself as reliable as a Swiss watch that airline

  2. NiallG · 694 days ago

    You know what would be really useful.... a mail system that would parse the headers... I know you can look at the "message source" but that means nothing to most people but.... if I get a letter in the post (paper mail) and am suspicious I can look at the stamp and postmark... likewise there is usually enough information in the headers to allow an analysis of the message's real source and tracking... at least giving a clue.... it would not be that hard to add, to web mail based systems, a context menu - "Analyse message tracking and content" which would parse the various sections of the headers and attachments and display details in a more meaningful (user friendly) manner... just a thought on the mail type scams.

  3. Laurence Marks · 694 days ago

    Duck, it's easy to learn how to read Received: headers. Why don't you do a column on it?

    • Paul Ducklin · 694 days ago

      Oooh. That's an idea. I'll put it on my list of "interesting stuff to do"...and, who knows, some time I might even do it :-)

  4. GeorgeB · 694 days ago

    Disagree about the statement "spams that hijack a brand are almost always outside the victimised company's control." ISP Telstra/Bigpond has been delivering spams impersonating itself for years with absolute disregard for their users. Most are nothing new & could easily be filtered out. Guess these spams add to their traffic & sales of their filtering service.

  5. Paul Ducklin · 694 days ago

    Well, I said "almost always" :-)

    The issue of whether ISPs should filter spams on anything other than an opt-in basis is a can of worms in its own right.

    If you opt in to Bigpond spam filtering, then you should IMO expect them to filter spams mentioning their or any other brand. (And I don't have a problem with ISPs asking a fee to do spam filtering. Of course, we sell anti-spam software, so I would say that. But that also means I know how much work it is to do well.)

    However, in the article - perhaps I wasn't clear - I really meant only to say that you can't stop someone sending an email with your name in it. (A bit obvious now I think about it, but there you are.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog