Lufthansa Warns Frequent Flyers about Phishing Scams

Lufthansa, Europe’s largest airline, warns its frequent flyers about phishing emails with built-in links to a website where they are asked to enter access details for their email inbox, online bank account, Miles & More member account and more.

“The requested data is often backed up with the implementation of supposed security measures regarding an existing contractual relationship with a company,” Lufthansa warns. “In fact, however, the messages serve to enable the sender to later read and misuse the data provided. The content or attachment of the phishing email often also includes links or files which look similar to a well-known brand image.”

Data and personal details are at risk when users enter access data on unknown sites. The carrier says the sender of the phishing email likely operates the unknown website and can read the data users enter to then use it on Miles & More program websites or other sites.

Lufthansa urges users to delete phishing emails without opening them and never click on any link or open any attachment. The company recommends flyers change passwords to member accounts, as their computers might be infected with viruses and Trojans.

Miles & More never sends emails that ask travelers to enter their user-ID, PIN or details to access an email inbox. Victims should contact Lufthansa so their member accounts can be suspended if necessary.

Europe’s leading frequent flyer program, Miles & More, has more than 20 million members worldwide, about a third of them from Germany. On average, 5,000 new members sign up for the program per day.

How to avoid scams

• Be extremely skeptical of phone calls or emails with fake vouchers or cheap airplane tickets. Scammers usually redirect users to fraudulent booking websites.
• Update your antivirus and other important software before traveling. This helps protect you from fake message pops-up, for instance.
• Be extra-careful when you make online banking transactions or ticket reservations. Use only secure websites if you have to type in confidential data such as passwords or bank accounts.