American Airlines confirms customer, employee data breach after phishing scam

An American Airlines jet at Dallas-Fort Worth International Airport. Travel experts say it's usually safer to book flights directly through the airlines than through a third-party vendor. (Max Faulkner/Fort Worth Star-Telegram/Tribune News Service vi

American Airlines has confirmed a data breach after falling victim to a phishing scam. 

"American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes," the company said in a statement to FOX Television Stations. 

The company further stated that a few customers’ and employees’ personal information were contained in the e-mail accounts but had not seen any evidence of the data being misused. 

A spokesperson said, "data security is of the utmost importance, and we offered customers and team members precautionary support."

RELATED: TikTok won't commit to blocking flow of Americans' data to China

"We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future," the company added. 

According to Cisco, phishing attacks "are the practice of sending fraudulent communications that appear to come from a reputable source."

Phishing scams can infect a computer and potentially allow hackers to invade banking and other accounts. However, they are highly preventable.

Some tips to avoid getting caught in a phishing scam:

— Be wary of any link or attachment. Unless it’s absolutely clear from the context of an email that the link or attachment is OK — for example, your attorney has sent you the sales contract you expected in a Microsoft word document, or a staffer writes, "here’s the link to the website we discussed at our meeting this morning" — assume that clicking could get you in trouble. Be particularly suspicious of emails about package shipments, invoices or that ask for personal information, logins and passwords. An unexpected email from the IRS is a scam; the agency does not initiate contact with a taxpayer via email, phone calls, texts or social media.

RELATED: Twitter whistleblower cites security flaws in testimony to Congress

— Check the email address. Even if the email comes from someone you know, double-check the address it’s from. Cybercriminals can take an email and make subtle changes — for example, replacing a "m" with an "r" and an "n" that you might not notice unless you look closely at it.

— Confirm with the sender that they sent you a legitimate email. If you get an unexpected email with a document or a link, check with the sender. But don’t click on "reply" or copy the email address — call or send a separate email, using an address you know is correct.

— Consider restricting staffers’ use of personal email browsers on work PCs. A staffer who clicks on a link or attachment in a personal email can infect the company machine or system. If staffers can’t read their own email, it can reduce a company’s vulnerability.

The Associated Press contributed to this report. This story was reported from Los Angeles.