COVID-19 And the Easyjet Hack – A Perfect Phishing Storm

By Shachar Daniel, Safe-T’s CEO

As if the airline industry didn’t have enough to worry about at the moment, on May 19, EasyJet, the UK’s biggest budget airline announced it had been breached. Exposed in the attack were the email addresses and travel information for 9 million customers. A small group of customers also had their credit card details, including the CVV, exposed in the attack which lasted from October 2019-March 2020.

Although EasyJet first learned about the attack in January, they only began informing those customers whose credit card information was exposed in April. The airline said they did not disclose the attack earlier due to the complexity involved in piecing together which systems and which individuals had been affected. According to the UK’s Information Commissioner’s Office, “This was a highly sophisticated attacker. It took time to understand the scope of the attack and to identify who had been impacted.”

Bad Timing – COVID-19 and Airline Scams

The EasyJet hack just happens to come at a spectacularly rotten time, as airlines around the world, EasyJet included, are dealing with severe losses due to COVID-19. According to Dr Jason Nurse of the Kent Interdisciplinary Research Center, “It is clearly a difficult time for the travel industry considering the impact of COVID-19 on operations. A cyber-attack is the last thing an airline would want to deal with now.”

To make matters even more complicated, authorities have warned customers to be on the lookout for phishing emails offering refunds on flights, now that their personal details may be up for grabs on the dark web. According to privacy expert Ray Walsh, “Anybody who has ever purchased an EasyJet flight is advised to be extremely wary when opening emails from now on…Phishing emails that leverage data stolen during the attack could be used as an attack vector at any point in the future.”

In fact, a recent statement from EasyJet compelled customers to think critically when opening EasyJet emails, saying “We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays.”

But EasyJet was not the only airline to have phishing campaigns associated with it over the course of the pandemic. As the impact of COVID-19 began to take hold in late March and airlines started canceling flights, Emirates Airlines warned customers about circulating fake flight refund emails and email security provider Mimecast alerted authorities to a major uptick in flight-related email scams involving a variety of airlines. Other security firms noted a rise in voice-based flight cancellation scams, wherein scammers, posing as airline agents, called random people to discuss purported flight cancellations, and in the process, tried extracting personal information.

And now, as airlines across the world attempt to cut their losses, they are offering heavy discounts on flights, for whenever regular flights do resume. As inboxes fill up with enticing promotions offering deals on future flights, customers should remember that while many of these emails are legitimate, a significant portion is phishing emails, cashing in on the confusion created in COVID-19.

How to Spot a Travel-Based Phishing Email

Meanwhile, it’s important to note that since travel information was included in the stolen EasyJet data set, phishing emails sent to those customers may be highly targeted and include real elements, like dates and destinations, making the emails seem legitimate. If your data was exposed in the EasyJet hack, there are some relatively simple ways to protect yourself from falling prey to the ensuing phishing threats. What’s more, these tips can be just as easily applied to any trending COVID-19 airline email scams out there today. So when you get flight promotions or cancellation notices, be sure to:

  • Look at the sender’s email address – does it match the name of the airline or is it slightly off? For example, if it says,, or, you can rest assured it’s a scam.
  • Avoid any email requesting personal information, such as credit card information, dates of birth, or social security numbers.
  • Delete messages that include links or attachments, which are often filled with malware payloads.
  • Think twice when it comes to promotions requiring the reader to take action NOW! Scammers try to get their targets to act impulsively before critical thinking can get in the way. If there’s no time to make a thought-out decision, that’s a bad sign.

COVID-19 is waning and the world is starting to open up again. This is great news for consumers as well as the airline industry—but as always, remember that scammers love to capitalize on fluctuating circumstances—so proceed with caution before booking any deals.

About the Author

Shachar Daniel AuthorShachar Daniel is the CEO at Safe-T and one of its co-founders. In his role, he is responsible for the overall vision, company strategy, day-to-day operations, and for growing Safe-T’s business and presence around the world. Shachar brings to Safe-T more than 14 years of experience in various managerial and business roles. Prior to founding Safe-T, he was a program manager at Prime-sense, head of operations for project managers at Logic and project manager at Elbit Systems. He is an experienced manager with a passion and a high commitment to project delivery. Shachar holds an Executive MBA from The Hebrew University, an MBA from The College of Management Academic Studies in Israel, and a B.Sc. in Industrial Engineering from The Holon Institute Technology.

July 18, 2020

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...