The email looks likes a genuine email from BA because the team behind the attack appear to have taken a real email from British Airways and simply attached a ZIP file containing the supposed ticket which contains malware.
An image is shown below of the email being received, complete with booking number and BA email address.
The email attachment is “BritishAirways-eticket.zip” and the attackers have forged the email headers to appear as though they originated at BA.firstname.lastname@example.org although the email does not come from BA’s servers. Email forgery is still far too easy as the SMTP protocol used to deliver emails across the Internet has hardly changed since it was created in the mid 1970’s
Protect your organization against cyber attacks by hiring the right people with Tiro Security, a leading provider of IT Security jobs in Los Angeles.