Fake Airline Support Scams via Email
Phishing emails styled as airline booking confirmations, cancellation notices, or refund offers direct travellers to fraudulent portals that harvest account credentials and payment information.
Part of: Fake Airline Support
Last reviewed: 1 June 2026
Airline phishing emails are among the most consistently executed category of travel fraud, in part because travellers are conditioned to expect regular transactional emails from airlines — booking confirmations, check-in reminders, and itinerary changes. A well-crafted phishing email can blend seamlessly into this expected flow and be opened without suspicion.
The timing of these emails is often carefully matched to when a traveller is likely to be engaged with their booking — shortly after a known departure window or following a high-profile airline disruption event that prompts passengers to check their reservation status.
How this scam works on Email
An email arrives using accurate airline branding, the passenger's first name, and a plausible flight reference, stating that a payment has failed, a ticket needs reconfirmation, or a refund is available for a disrupted flight. A prominent 'Resolve now' or 'Claim refund' button links to a phishing page.
The phishing page replicates the airline's login interface or payment portal with high fidelity. Credentials or card details entered on the page are captured immediately, and the victim may be shown a fake confirmation message before being redirected to the genuine airline site.
Some phishing campaigns target frequent flyer accounts specifically, as these accounts contain stored payment methods and travel documents that can be exploited for further fraud after compromise.
Common red flags
- Sender email domain does not match the airline's official domain — look for single-character substitutions or extra words
- Email arrives at an unusual time and references a flight issue the passenger was not aware of
- Refund offer is for an amount larger than the original ticket price
- Call-to-action button URL in the email differs from the airline's official domain when hovered over
- Email requests a card or banking detail update that is not reflected in the airline's official app
- Email arrives alongside a wave of other travel-related phishing if a known airline disruption event has occurred
How to protect yourself
- Log in to the airline's official app or website directly to check your booking status rather than clicking email links
- Enable two-factor authentication on your airline loyalty account to protect against credential phishing
- Hover over links in airline emails to verify the destination URL matches the airline's official domain exactly
- Report airline phishing emails to the carrier's official fraud reporting address, which is listed on their website
- Use a dedicated email address for travel bookings to limit the number of accounts exposed if it is compromised
How to report it
- Forward the email to the airline's official phishing or fraud report email address
- Report to your national cyber-fraud reporting centre
- Contact your bank or card provider immediately if you entered payment details on the phishing page
Frequently asked questions
How can I tell if an airline email is genuine?
Check the sender's full email address character by character against the airline's known domain. Log in to your booking through the airline's official app to verify whether any described issue actually exists. Genuine airline communications will not require urgent same-day payment through a link in an email.