SCAM: Travel scams via email try to make the recipient believe they have paid for something they did not, or that they booked a trip, or requested an upgrade. Sometimes a notice of a boarding pass is sent. A mouse-over of any link in these emails will reveal that they do not point to the website they claim to represent. [View the lower left corner of each graphic.]
WHAT TO LOOK FOR: Besides looking at the link revealed in the lower left corner of most of these scams by a mouse-over, notice that these emails lack any personal information that identifies the recipient.
CAUTION: We do not advise visiting the links revealed in these scam emails because it is possible that some of these websites might cause a computer infection.
1. Example #1: Dear U.S. Citizen
American Airlines Advantage Program-Attached Form
American Airlines Advantage Program – Download Attached Form
Downloading an attachment* is one of the most risky behaviors. The victim is likely installing malware onto his/her computer. We have heard from victims who happened to have a flight booked with the airline being represented in the scam, and therefore, clicked the link. If you are ever in doubt about the authenticity of the email or what is being requested, call the airline before clicking on anything.
[*Read: Dangerous Email Attachments and How to Avoid Them from MicroTechnology Soutions.]
2. Example #2: American Airlines – Preferred Seat Purchase
All links point to “kabeya.cc” “.cc” is the 2-letter country code for the Cocos Islands, a territory of Australia in the Indian Ocean. A WHOIS look-up of kabeya.cc shows that it is registered to a company in Japan.
3. Example #3: American Airlines Preferred Seat Purchase 
All links point to “sklep.bimetex.pl” “.pl” is the 2-letter country code for Poland. Bimetex.pl appears to be a legitimate manufacturer in Poland. The Bimetex web server was most likely hacked by the scammers.