The subject line was [Your Online Flight Ticket N 24097] and the contents of the message was as follows:
The first thing I did was to check our credit card to make sure that we were not the victims of identity theft, fortunately we are not. I then checked the file attachment and it showed 'E-ticket.zip.exe'. I checked out via Google about this and found out that there is a scam for the last year with variants on the subject for other airlines. Fortunately we don't use windows so we are fairly safe from the payload. I forwared a note to United Airlines and to quote their reply:Good day,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:
Your login: **Removed**
Your password: **removed**
Your credit card has been charged for $947.90.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Just a heads up for everyone when you receive something like this not to open the attached file if you are not sure that you are the correct recipient. I would assume that the people behind this are hoping that people are curious enough to open the package and then take over their machines. I also like the fact that United Airlines replied so quickly that the email was not legit and forwarded a copy to their fraud department.Mr. Traynor, please know that the e-mail you have received is not legitimate as it is not sent by United Airlines. I would request you to not to open any attachment and provide any personal information. Rest assured that I have forwarded your concern to our Fraud Investigation Department for their review and investigation.
We truly value your business and always look forward to serving you again
Update - 2008/12/15
CERT has a security notice about this, you can learn more about this scam by clicking on airline ticket email scam.