An Australian discount airline is having a public-relations nightmare, due to a malware-laced spam campaign as well as a prankster who created a very real-looking parody Facebook account and responded to customer questions with rude replies.
The scammers are sending fake Jetstar emails loaded with a Trojan horse, a form of malware that appears to be harmless software.
The crooks invoked Jetstar's name and logo and copied its email template, making victims believe the crooks were the airline. They even created a fake header to make the message appear as if it had been checked by Symantec's anti-virus software.
The emails come with an attachment pretending to be a PDF of the receiver's itinerary, mimicking an American spam campaign that targets Southwest Airlines customers.
In reality, the PDF contains the Bredolab Trojan, which silently takes over PCs and enslaves them into a zombie botnet.
As for the prankster and his phony Facebook account, it's not clear whether he's got any connection to the spammed malware. But, as Sophos' Naked Security blog reported, it is clear he's got plenty of attitude.
In response to a Jetstar customer who wrote a long critique of the airline's policy on baby strollers, the hoaxer wrote: "This is a 'comment box' not a 'write a long story' box. Please shorten it and send to someone who cares,"
One customer inquiring about deals on flights was told: " Don't be such a tight ass and pay the full price. It's cheap anyway."
On its real Facebook page, Jetstar quickly announced that the other Facebook page was an fake, and apologized for the Trojanized spam being sent out in its name, but the damage had already been done.
Online, in the age of social media and email, where companies and individuals play on a roughly even field, maintaining strict brand control and identity can be a challenge. As far as can be told, Jetstar's prankster hacked nothing and broke no laws.
The same is true when it comes to communicating with customers via email. In the traditional media of print, television and radio, an advertisement is very difficult, if not impossible, to reproduce. But online, communications can be parodied with ease.
What's more, criminals aren't just able to send bogus messages with little effort; they can remotely attack just as easily.