A new scam is out there. “Scattered Spider” is behind it, according to the FBI, and they’re targeting airlines and airline passengers.

The FBI said the hackers, known as Scattered Spider, use “social engineering techniques” like impersonating employees or contractors to convince the target company’s IT help desks to grant them access to internal systems. “These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” the FBI said. “They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”

I first learned about it a few weeks ago. Friends reported they’d been scammed. After struggling to get airline tickets, they called the airline. On the phone for about forty-five minutes, they finally were able to purchase their tickets.

None of it sat right with them. They called the number back and got air, so they decided to go to our local airport in Medford and address it at the ticket counter. There, they were told, “You have seats but no tickets.” That confused the agent as much as my friends. Further research was pursued with phone calls at the airport, and then the agents leaned in to my friends across the counter and said, “I’m afraid it appears that you’ve been scammed.”

Since that first time, two other people were scammed in similiar ways. All thought they were dealing with the airlines; but they’d been redirected without their awareness. People pretending to be the airline helped them out. The end, except it wasn’t.

Credit card companies were contacted. As their credit card numbers were now out there in con artists’ hands, new cards were needed.

All of this may or may not have been the ‘Scattered Spider’ group. Could be copycats or just others acting in parallel. It’s a messy, ugly world. It doesn’t look like it’s getting any better.