--- title: "Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats | DMARC Report" description: "Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin." image: "https://dmarcreport.com/og/blog/delhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats.png" canonical: "https://dmarcreport.com/blog/delhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats/" --- Quick Answer Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdelhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Delhi%20Airport%20Cyberattack%2C%20Clickfix%20Phishing-Purerat%2C%20Linkedin%20Targeting-Threats&url=undefined%2Fblog%2Fdelhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdelhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdelhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats%2F&title=Delhi%20Airport%20Cyberattack%2C%20Clickfix%20Phishing-Purerat%2C%20Linkedin%20Targeting-Threats "Share on Reddit") [ ](mailto:?subject=Delhi%20Airport%20Cyberattack%2C%20Clickfix%20Phishing-Purerat%2C%20Linkedin%20Targeting-Threats&body=Check out this article: undefined%2Fblog%2Fdelhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats%2F "Share via Email") ![Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) **Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats** > Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely. \_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats Play EpisodePause Episode Mute/Unmute EpisodeRewind 10 Seconds1xFast Forward 30 seconds 00:00/2:25 RSS Feed Share \[ \]( Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats)\[ \]( Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats)\[ \]() Link Embed /\*! This file is auto-generated \*/ ” class=“input-embed input-embed-33695”/> Hello people! We are back again with our fresh dose of cyber news. From crippled flight systems to vulnerability in the \*\*hospitality sector to LinkedIn becoming the new playground for [threat actors](https://cybernews.com/ai-news/threat-actors-abuse-ai-tools-cyberattacks-google-intel-warns/), we will cover all the important cyber events that deserve your attention and time. So, if you are all set to dive deeper into the details, scroll down! Let’s beat those [malicious threat ](https://gbhackers.com/macos-malware-3/)actors with your awareness and cyber proactive efforts. Here you go! ## National security agencies start probing the recent Delhi airport cybersecurity attack! _Delhi airport was recently targeted by a GPS spoofing attack. It resulted in the disruption of both domestic and international flight operations_. This security incident has sparked concerns around India’s aviation safety systems . ![How to create dmarc record](https://media.mailhop.org/dmarcreport/images/2025/11/how-to-create-dmarc-record-7700.jpg) The NSA, or the [National Security Advisor](https://en.wikipedia.org/wiki/National%5FSecurity%5FAdvisor%5F%28United%5FStates%29), an official who advises the PM on security matters, is now involved in the investigation of the cyber incident. The impact of the cyberattack lasted for multiple hours. It impacted some of the popular domestic carriers in India, such as Akasa Air, IndiGo, and Air India, as well as their international counterparts, such as \*\*Lufthansa and British Airways. From delayed departures and no availability around real-time flight details to missed connections, it was pure chaos and confusion for passengers. Delhi airport emerged from the crisis within a day, but the attack exposed a major weakness in India’s aviation infrastructure - a poor [cybersecurity](https://dmarcreport.com/blog/major-cybersecurity-trends-that-will-reign-in-2024/) system. A thorough investigation is underway, and as per preliminary findings, threat actors managed to interfere with the \*\*automated systems that manage GPS tracking and air traffic coordination. ![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-record-generator-0093.jpg) ## ClickFix phishing attacks backed by PureRAT Malware targeted at hotel systems! A massive [phishing campaign](https://www.infosecurity-magazine.com/news/ai-generated-code-phishing/) is doing the rounds, as revealed by a group of cybersecurity researchers. In this campaign, threat actors target the hospitality sector by attacking unsuspecting hotel managers and compelling them to **share their credentials**. Basically, threat actors use a compromised email account to send malicious emails to reputable hotels. The cybercrooks use [spear phishing tactics](https://www.csoonline.com/article/3595076/russian-hackers-target-us-officials-in-a-new-spear-phishing-campaign.html) and impersonate Booking.com. _Next, they redirect the naive users to fake websites by using ClickFix tactics_. ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-check-7700.jpg) _The ultimate goal of the threat actors is to steal credentials so that they get access to different booking platforms like Expedia and Booking.com_. The same is then either sold out on different cybercrime forums or used to send malicious emails to hotel customers to carry out fraud activities. Researchers believe that the threat campaign has been active since April 2025\. In one of the latest waves, cybercriminals sent malicious emails to multiple hotels worldwide. They try to make recipients click on [malicious links](https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html) that redirect them to a ClickFix page. The victims will then have to take a reCAPTCHA challenge. ![Dmarc analyzer](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-analyzer-0093.jpg) Threat actors use WhatsApp or email to reach out to hotel customers with crucial hotel reservation details, which makes this campaign highly credible to the victims. They are asked to click the “confirmation” link to verify their [bank card details](https://www.infosecurity-magazine.com/news/cyber-attack-exposes-credit-card/) to \*\*prevent the bookings from being cancelled. To add to the sophistication of the attack, the [ClickFix pages](https://www.darkreading.com/cyberattacks-data-breaches/clickfix-targets-hotels-secondary-customer-attacks) are becoming increasingly hi-tech and can adapt to match the display instructions for the devices used by the victims. ## Threat actors are abusing LinkedIn to target victims! _Gone are the days when phishing used to happen within email inboxes. Now, threat actors can target unsuspecting users across different platforms like search engines, messaging apps, and social media_. Of late, LinkedIn is getting popular among threat actors as cybercrooks are targeting company executives with spear-phishing tactics. What’s more concerning is the fact that the majority of the [phishing attacks](https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/) that happen outside the email ecosystem go unreported . ![Dmarc record](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-record-0093.jpg) But why are perpetrators choosing LinkedIn again and again to target the victims? First of all, LinkedIn DMs are a great way to go undetected by **traditional security tools**. Users log onto LinkedIn on work laptops and phones. This allows cybercriminals to message victims without risk of interception. Secondly, LinkedIn phishing is much easier and more accessible than email-based phishing. All it takes is [creating fake accounts](https://fortune.com/2025/04/16/north-korea-it-worker-scheme-fake-linkedin-profiles-webex-fiverr/), adding connections, and creating fake posts and content. _LinkedIn also allows cybercrooks to find out high-value targets easily with extensive filters and search options_. Since LinkedIn is a professional networking platform, it is easier to trust the DMs even if they are from complete strangers. Lastly, LinkedIn phishing brings in massive rewards for the threat actors. They majorly target the biggies like Google and Microsoft\*\*. Getting access to such accounts opens the floodgates of data to these [cybercriminals](https://incyber.org/en/article/united-states-amounts-stolen-by-cybercriminals-up-33/). So, next time you get a personalised connection request on LinkedIn, and the DM asks you to click on a link to check the job description or work brief, \*\*double-check the authenticity of the sender’s profile carefully . Secure your emails with [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), [DKIM](https://dmarcreport.com/blog/dkim-explained-how-dkim-works-and-why-is-dkim-important-for-organizations/), and [DMARC](https://dmarcreport.com/) authentication. ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/) ![Vishal Lamba](https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg) [ Vishal Lamba ](/authors/vishal-lamba/) Content Specialist Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs. [LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats","description":"Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin.","url":"https://dmarcreport.com/blog/delhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats/","datePublished":"2025-11-13T12:04:21.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-11-13T12:04:21.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/delhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1027,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Delhi Airport Cyberattack, Clickfix Phishing-Purerat, Linkedin Targeting-Threats","item":"https://dmarcreport.com/blog/delhi-airport-cyberattack-clickfix-phishing-purerat-linkedin-targeting-threats/"}]} ```