A LoyaltyLobby reader forwarded me on Friday an email that he first thought to have received from Cathay Pacific but only later realized that most likely it was not.
Above is the email in English and below is the part in (likely) Cantonese:
Here’s the email from the reader:
Please warn your readers of the below phishing fraud.
Having just booked a flight on CX, I did not particularly wonder why I got the below email, so I started doing the
After a couple of harmless questions, there came the meat.
To pay me the HKD 1,000 they promised, they would need my full name, ID number, my credit card and expiry, and on top of all that, the CVV!
Alarm bells went off now and I cancelled the survey immediately.
They embedded it in a cloned CX site, so it looks pretty real, except that they did not 10% match the CX green.
Here’s the Travel Advisory that Cathay Pacific has issued:
Latest update: 20 Nov 2017 11:45 HKT (GMT+8)
We are aware of phishing emails that have been targeting Cathay Pacific customers, and misusing our company name. We believe that scammers are attempting to deceive people into providing sensitive information through their participation in fraudulent surveys and / or accessing fraudulent websites. One email claims to provide survey participants with a cash reward.
If you have received any such emails please do not click on any links contained within them or supply any personal information, including credit card details that could be used to identify you.
Anyone who has provided his or her personal information through these fraudulent websites should contact the Cyber Security and Technology Crime Bureau of the Hong Kong Police Force at +852 2860 5012.
The reader had to resend the email as a PDF attachment because Google (from whom be buy the email service for the LoyaltyLobby domain) had first refused to deliver it and rightfully so.
I have to say that I could have been tricked to complete the survey as well as it does look very real and the colors do match the ones that Cathay Pacific uses.
The red flag definitely would have been down the road when they were asking for the credit card info with the CVV.