I discovered an interesting link scam in my inbox this morning, with the subject line “New Chicago O’Hare International Airport website”. The message informed me that Chicago O’Hare Airport has a new website at ohare-airport.org, and asked me to update my link to the airport. The link points to a pretty credible looking site, with arrivals and departures information, ground transportation, and even a privacy policy (!) The only clue that something’s wrong is the very vague copyright information (“© Airport Administration Services”) and the lack of a phone number or mailing address on the contact page.
I run a community airport website named OurAirports, so it’s not unusual for me to get e-mail from smaller airports and flying clubs with updates, but big airports have never bothered with me.
As one would expect, O’Hare Airport’s existing web site makes no mention of a new, updated site. In this scam the scammer is not phishing for personal information or trying to scam money, but instead, is trying to get pagerank over the official O’Hare site by tricking thousands of sites into providing links.
What are they looking for? Given that the e-mail traces back to a site called huntparking.com, I’ll guess that they want to use the web traffic either to sell ads for airport parking or to sell their own parking.
The e-mail and whois info are below. Nicely done, by the way — the fake site is much better designed than O’Hare’s real site, and even the markup snippet in the e-mail is XHTML-compatible. Perhaps O’Hare Airport should consider hiring the designer instead of bringing charges.
The message
Message-ID: From: "Chicago O'Hare Airport" To: [removed] Subject: New Chicago O'Hare International Airport website MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Windows Mail 6.0.6001.18000 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - host.huntparking.com X-AntiAbuse: Original Domain - ourairports.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ohare-airport.org To whom it may concern: We are proud to announce the launch of the new Chicago O'Hare = International Airport website www.ohare-airport.org. It provides = comprehensive real time flight information on arrivals, departures and = delays, terminals and maps, parking, transportation, directions, food = and shopping, hotels, etc. If you find our website to be of value to you and your readers, we would = appreciate it if you could add a link to us at your URL = http://www.ourairports.com/airports/KORD/ where, in our opinion, it = would be the most relevant.=20 Alternatively, you can utilize the customized link code provided below = (just cut and paste): Chicago O'Hare = airport If you have any questions, please, do not hesitate to contact us. Thank = you for your time and consideration. Kind regards, Natalia Klimovich Website Administrator www.ohare-airport.org
Whois Information for ohare-airport.org
Domain ID:D155295366-LROR Domain Name:OHARE-AIRPORT.ORG Created On:07-Feb-2009 08:45:01 UTC Last Updated On:09-Apr-2009 03:54:26 UTC Expiration Date:07-Feb-2010 08:45:01 UTC Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR) Status:CLIENT DELETE PROHIBITED Status:CLIENT RENEW PROHIBITED Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITED Registrant ID:GODA-059235088 Registrant Name:Alexei Pavlovitch Registrant Street1:240 E Illinois Registrant Street2:apt 1202 Registrant Street3: Registrant City:Chicago Registrant State/Province:Illinois Registrant Postal Code:60611 Registrant Country:US Registrant Phone:+1.3125936015 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:alex.pavlovitch@gmail.com Admin ID:GODA-259235088 Admin Name:Alexei Pavlovitch Admin Street1:240 E Illinois Admin Street2:apt 1202 Admin Street3: Admin City:Chicago Admin State/Province:Illinois Admin Postal Code:60611 Admin Country:US Admin Phone:+1.3125936015 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:alex.pavlovitch@gmail.com Tech ID:GODA-159235088 Tech Name:Alexei Pavlovitch Tech Street1:240 E Illinois Tech Street2:apt 1202 Tech Street3: Tech City:Chicago Tech State/Province:Illinois Tech Postal Code:60611 Tech Country:US Tech Phone:+1.3125936015 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:alex.pavlovitch@gmail.com Name Server:NS07.DOMAINCONTROL.COM Name Server:NS08.DOMAINCONTROL.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server:
Quoderat 
detroit-airport dot org is the same thing.
I didn’t see that they were asking to “update the link”. Just said that they launched a “new website”, which is not the same as the official site. I think you read too much into it.
Brandon: not just “a new web site”, but “the new Chicago O’Hare International Airport website.” It’s possible that there’s enough weasel room there to survive a court action, but there’s no question that the intent of the e-mail is to deceive.
interesting, I’m confised.
michigan-airport dot com net org are the same thing
Hiberya: the real site for the Detroit Airport is metroairport.com.
Google ohare , you will run across other o-hare airport websites that are “unofficial”, like this one: http://www.chicago-ord.com/, which the city of Chicago site also doesn’t mention (why would they,if they want people to go to their site?)
Also, if you look at the bottom of the main page, you will see the following message “This website is a privately owned independent guide to Chicago O’Hare International Airport designed to provide accurate and comprehensive information for the travelers. We are in no way associated with or authorized by the Chicago Airport System and neither that entity nor any of its affiliates have licensed or endorsed us.”
Moreover, i know the people that put the site together, it’s not a phishing site.
Thanks, Alla. There are two points to consider:
1. That disclaimer wasn’t there when I made the original posting.
2. Review the e-mail that I quote in the posting. Whether the site designer was phishing or not, the author of the e-mail definitely was.