Kaspersky Lab researchers have found a new wave of fraudulent posts on social networks involving free airline tickets, here’s how to defend yourself
There’s an unwritten rule in life that applies even more so on the Internet: if something is given away there’s definitely a scam. Confirming this trend is the new wave of fake free airline tickets discovered by Kaspersky Lab researchers that have hit Facebook and other sites in recent times.
The fraudulent posts acted almost always in the same way: using the name of some airlines they sponsored free tickets that could be received by users by answering simple questions and entering some personal data. Most of the fraudulent posts exploited the name of some famous airlines, such as Aeroflot and Emirates Airlines, and staged a fake anniversary for the company. Event that justified the release of the free tickets. Most people also fell into the trap because the images attached to the posts took up official brands and photos of the companies, and nothing hinted at a scam.
Air TicketÂ
Once you clicked on the post, however, the first clue to the possible scam. Instead of being directed to the airline’s official website, a portal with a similar but incorrect name was displayed. Each webpage then contained a survey with three questions, “Have you ever traveled with the airline?”, “What do you like most about the airline?” and “Are you satisfied with the quality of service?”. Once you answered these three questions you were redirected to a page where to confirm your answers the user was asked to enter an email address or phone number. The email was used to fuel a spam campaign while confirming with your phone number you were subscribed directly to paid services.
The purpose of the scam
The scam not only subscribed users to paid services designed for smartphones but also served to generate traffic to malicious sites containing advertisements or fake applications. The system changed depending on the country. For example, a user could be directed not to a subscription page for a mobile service but to web pages with advertisements. Another user might find suggestions to download applications (which were in no way airline-related). Or the links could lead to other fake sites. In any case, absolutely no tickets were given away. According to Kaspersky, at least tens of thousands of users have been affected by this simple scam. Most of the applications sponsored in this way are very dangerous, some of them get permission to read all browser data (including logins, passwords and credit card numbers) without asking for permission.
How to defend yourself
There are some small tricks to defend yourself against these scam attempts. First of all, let’s remember that in 99% of the cases everything that is free on the Net has an ulterior motive. Secondly, always pay attention to the URLs of the web pages where you are asked to enter your personal data. Before filling in any field with our information let’s make sure that we are on the official website of the company. Most phishing activities take advantage of this user inattention. Finally, let’s avoid sharing these kinds of fraudulent posts. Almost all scams go viral on social by exploiting impactful headlines or great deals.