SAFETY TIPS

Dear passengers,

Turkish Airlines takes all kinds of legal and technical measures to protect your personal data and ensure that you can use our official website safely and securely.

However, as use of the Internet and technology have developed, the methods and tools used for fraud scams have increased. This document is intended to provide information on how to avoid internet scams.

First, Turkish Airlines will never request your personal information via e-mail, text message or other online means. If you receive a suspicious email or message, please report it to the Turkish Airlines Customer Services Center via our toll-free number: 0850 333 08 49.

Examples of suspicious activity can include fraudulent e-mails, as well as online messaging applications such as WhatsApp (phishing) or telephone calls (vishing). Sometimes these communications may direct you to a page that resembles our official website. The purpose of these fraudulent communications is to gain access to your bank account information or other personal information such as your credit card numbers and passwords.

For instance, a scammer may claim that you have been awarded a trip, a vacation or Miles from Turkish Airlines. You will then be asked to provide a credit card number and/or other personal information to collect this award.

As noted, Turkish Airlines will never ask for your financial or personal data in this way, nor does Turkish Airlines notify winners of awards via telephone promotions or online messaging applications such as WhatsApp.

Here are some of the most common scams and some basic steps that you can take to protect yourself and your financial and personal information.

What is Phishing?

Phishing is a method of obtaining sensitive personal or financial information from targeted individuals. Phishing sites impersonate legitimate sites in order to get you to provide your data. Phishing e-mails will appear to be from a trusted organization and will ask you to take immediate action by clicking a link or opening a file.

Suspicious emails, messages and links



Phishing e-mails appear to be legitimate at first glance, but before clicking on any links or opening any files, check the domain extension of the sender’s e-mail address. Even if Turkish Airlines brands and terms are used correctly in the content of fake emails, the sender’s information may contain domain names with incorrect or unusual extensions. Some common examples include misspelled domain names such as "example@turkishairines.com", "example@thy.com.network.me" or "example@tyh.com". When receiving an e-mail, make sure the sender’s address is correct.

These scam emails often include:

  • A company logo that looks genuine
  • A false claim about your account
  • A link or SMS that takes you to a counterfeit website that closely resembles the website of a legitimate organization or company. If you receive an e-mail from Turkish Airlines that you believe may be fraudulent, do not respond and do not click on any links or attachments in the e-mail.

According to the relevant legislation, Turkish Airlines does not send any marketing communications unless you have signed up and/or consented to receive such communications. If you have not consented to receive such materials and you are not expecting an e-mail from Turkish Airlines, such as transaction information for a ticket/reservation, the e-mail you receive is fake.

Search engine and contact center scams



Scammers will often manipulate the top results that appear on Google and other search engines. A common search term such as "THY ticket" may bring up a link to a page other than turkishairlines.com. This link is an opportunity to obtain sensitive information from visitors and thus commit fraud.

Scammers can deploy various techniques to convince a potential victim that they are communicating with a Turkish Airlines customer representative or a reputable travel agent. If the deception is successful, the criminal could obtain a customer's personal data, which can then be used to book flights, obtain refunds, or even transfer Miles from your Miles&Smiles account, as well as other nefarious activities.

Stealing passwords on an internet browser

Internet browsers can save information such as username-password matches and credit card numbers; this information is used to ease the process of accessing websites that require a user name and password. Known as ‘autofill’ in most internet browsers, this feature saves passwords on the internet browser and ensures that relevant information (username-password, credit card information) is automatically entered into the form box when necessary.

If a scammer accesses your personal device, one of the first places they go to find sensitive data is the internet browser.

To minimize risk, you can pay attention to the following points:

  • When you enter information in a website, do not approve the saving of the information for reuse.
  • Turn off the autofill feature in your internet browser.
  • If you have previously saved information, delete it.
  • Do not add extensions to your Internet browser if you cannot verify their reliability and trustworthiness.
  • Make sure that you have the most updated version of your internet browser.
  • Make sure the security products on your personal device are working and up-to-date.

Types of messages sent by Turkish Airlines

Marketing messages

If your consent has been obtained, Turkish Airlines will send marketing e-mails with notifications regarding new destinations and services, promotions and campaigns, and Miles&Smiles information, as well as special offers. You will never be asked to provide personal information in response to these emails. Such marketing e-mails are sent from the extensions specified in the channel via which you previously consented to receive relevant notifications.

Transaction messages

These are messages sent to you regarding a service received through Turkish Airlines. These messages are sent by THY A.O. and are related to your flight information or feedback. They are sent to the e-mail address that you provided during your transactions and include information related to your ticket activities, your feedback, flight status and check-in reminders.

While our Incorporation takes legal action to identify and follow up on fraudulent incidents, Turkish Airlines is not responsible for damages that you may incur due to frauds or scams. The only way to protect yourself from these and similar fraudulent activity is to be careful as a user.

Frequently Asked Questions

How can I tell if an e-mail, message or call is not from Turkish Airlines? Learn more

Turkish Airlines will never demand the following from customers/members:

  • Turkish Airlines e-mails may contain links. However, Turkish Airlines will never ask a customer to provide personal information, credit card information, a Miles&Smiles account number or a password in order to enter the website.
  • Turkish Airlines does not send links requesting sensitive information such as bank account numbers or credit/debit card information.
  • Turkish Airlines will never ask you to reveal your Miles&Smiles account password or confidential Q&A via an email or online messaging application.

What should I do if I receive an email that I think is fake? Learn more

If you receive a suspicious email that thanks you for a purchase you didn't make, invites you to click links for fake pages, or asks you to update your personal information for any reason:

  • Do not reply to the e-mail. Do not click the displayed link, or open any attachments contained in the e-mail.
  • Please contact us if you have replied to the email, provided personal information, or were exposed to financial transactions related to your account.

How can I protect myself against phishing attempts? Learn more

  • Never reply to an e-mail requesting personal information, regardless of the sender.
  • Never open e-mail attachments if you do not know the sender.
  • Check your browser's status bar for a closed padlock to ensure that the website is secure. Also ensure that the website address is “HTTPS,” which is the secure version of “HTTP”. You should be able to view the site's digital certificates by double-clicking the small, closed padlock in your browser's status bar.
  • Ensure that your PC is adequately protected by necessary security software.
  • Install all security updates for your software.
  • Install antivirus software with automatic updates.
  • Install anti-spyware and anti-spam software.

How do I create a strong password? Learn more

To protect your email account from being hacked, you can use the following password protocols:

  • Do not use the same password for multiple websites.
  • Change your password regularly (for example, within 90 days).
  • Use strong passwords consisting of letters (lower and uppercase), numbers and special characters.
  • Do not use dictionary words, birthdays or common passwords such as 123abc, 123456.
  • Enable 2-FA if available.
  • Beware of phishing emails! Avoid clicking links or opening attachments from unknown senders or senders impersonating SIA.
  • When accessing public e-mail service via a public Wi-Fi, make sure it is accessed over a secure connection.
  • Check your email settings for any suspicious activity (e.g., automatic forwarding of messages to an unknown party, sending malware, phishing spam)
  • Beware of data breaches reported in the news, as your email provider may be affected.
  • If your email has been hacked, immediately scan your devices for malware before changing your password. Warn your contacts to ignore any suspicious messages or posts bearing your name, and not to open unknown attachments or click on links sent by you.

Miles&Smiles Account Security

  • Do not use easily guessable information such as your date of birth when setting your password.
  • Set a complex password that does not contain consecutive digits.
  • Change your password regularly and make sure that it is different from your other passwords.
  • Do not store your Miles&Smiles password and user information in notes on your mobile phone or in a physical environment. Do not share this information with other people.
  • For your safety, download mobile applications from official sites and application markets. Make sure that the applications do not request an unauthorized authorization.

What should I look out for in e-mail, phone calls and text messages? Learn more

  • Turkish Airlines will never contact you by phone or e-mail to request the details of your Miles&Smiles membership account or any personal information such as your user ID, password or PIN.
  • If you think you are being called on behalf of Turkish Airlines, do not answer the calls.
  • Do not click on links from suspicious emails. If you want to investigate the website, open your browser and type the URL manually.
  • Do not open any attachments in suspicious e-mails.
  • Do not follow instructions in suspicious e-mails.
  • Do not share any personal information.

What should I do if my account has been compromised? Learn more

If you believe that your Miles&Smiles account has been accessed without your permission, or if you receive suspicious messages that appear to be from Turkish Airlines, you can:

  • Change your password: If you think your Miles&Smiles account has been used without your permission in any way, change your password as soon as possible. Please ensure that you are on the genuine turkishairlines.com website or the Turkish Airlines mobile application. Be sure to change your account security questions (used to reset your password if you lose or forget it.) at the same time.
  • Check other accounts linked to Miles&Smiles or Turkish Airlines: Even if only one of your accounts is accessed, other accounts could be at risk. Log in to any e-mail, bank or credit card account that may be linked to your Miles&Smiles account and change these passwords as well. We recommend checking recent statements for suspicious activity and monitoring your statements and accounts for the next few weeks.
  • Contact us: If you learn that your Miles&Smiles account has been compromised in any way, or if you receive any suspicious messages from Turkish Airlines, we encourage you to contact us. This will help us do our best to keep your account secure in the future and allow us to work quickly to protect your other Turkish Airlines accounts in the event of a large-scale data disclosure or fraudulent attempt.

Call the Turkish Airlines Customer Services Center toll-free on 0850 333 08 49 or visit the link to contact the smart travel assistant via WhatsApp to obtain assistance.