AI Hyper-Personalised Phishing Impersonating United Airlines
Attackers use AI to craft highly personalised phishing emails referencing the victim's real MileagePlus number, elite status, and home hub airport, making fraudulent United account alerts indistinguishable from genuine communications.
Part of: AI Hyper-Personalised Phishing Scams
Last reviewed: 8 June 2026
United Airlines' MileagePlus programme is one of the most-subscribed airline loyalty schemes in the world, and the personally identifying data it contains — travel history, elite tier, passport details, and stored payment methods — makes a compromised MileagePlus account extremely valuable to identity thieves and fraudsters.
AI-assisted phishing transforms standard impersonation attacks into convincing personalised communications. Where a generic United phishing email would say 'Dear valued member', an AI-crafted message says 'Dear [First Name], your PremierQualifyingFlights status for [Home Airport] is at risk due to recent account activity' — and it might be right about the details.
Data brokers, travel forum profiles, and prior breaches of travel-adjacent services give attackers enough raw material for an AI tool to construct a message that feels genuinely specific to the recipient. That specificity disables the usual critical instinct that protects against generic phishing.
How this scam works on the United Airlines brand
Attackers purchase data-broker records that include MileagePlus account numbers (sometimes inferable from travel community posts), home hub airports inferred from social media check-ins, and elite tier indicators. An AI tool generates a phishing email that references these specifics within a plausible United account scenario — a security alert, a miles expiry notice, or a seat upgrade confirmation requiring payment.
The email links to a polished lookalike united.com page that captures MileagePlus login credentials. With those, the attacker accesses stored payment cards, upcoming flight bookings (useful for follow-on fraud or social engineering), and accumulated miles balances for rapid redemption.
A voice-call variant follows the email within hours. A synthetic voice referencing the same personalised details calls to confirm the account action, pushing the victim to read aloud a verification code that the attacker has triggered — completing the account takeover in a combined multi-channel attack.
Common red flags
- A United email references your MileagePlus tier or home airport accurately but links to a domain that is not united.com
- The message claims your elite status or miles will expire unless you verify your account through a provided link immediately
- A phone call follows the email, referencing the same specific personalised details and asking for a verification code
- Hover inspection of the sender address reveals a non-United domain hiding behind a United display name
- The email asks you to re-enter your MileagePlus login or payment card details rather than directing you to sign in at united.com
- The claimed account issue does not appear when you log in directly to your MileagePlus account at united.com
How to protect yourself
- Navigate to united.com directly to check any account alerts — never through email links, no matter how personalised they appear
- Enable two-factor authentication on your MileagePlus account under the Security section of your profile
- Review your MileagePlus balance, upcoming bookings, and saved payment methods regularly at united.com
- Consider reducing your travel data footprint on public social media to limit the personalisation data available to attackers
- Use a dedicated email address for your MileagePlus account to isolate it from data breaches on other services
- Report any suspicious communication to United's security team through the contact options at united.com/help
How to report it
- Forward phishing emails impersonating United Airlines to [email protected]
- Report to the FTC at reportfraud.ftc.gov
- File a report with the FBI at ic3.gov
- If MileagePlus miles were redeemed fraudulently, contact United MileagePlus customer service immediately at 1-800-421-4655
Frequently asked questions
How can an attacker know my MileagePlus tier?
MileagePlus numbers and tier information occasionally appear in travel community posts, airline forum discussions, and data aggregated by data brokers from multiple sources. Public social media check-ins at airports can also reveal frequent travel patterns.
Does United Airlines ever send personalised account security emails?
United does send account activity notifications, but genuine alerts direct you to sign in at united.com — they do not ask you to re-enter credentials or card details through an email link. When in doubt, always log in directly.
What happens if my MileagePlus account is taken over?
An attacker can redeem miles for flights or upgrades, access stored payment card details, and view upcoming booking itineraries. Contact United MileagePlus customer service immediately. Miles redemptions may be reversible if reported quickly.