Not long ago, Facebook was hit with a wave of posts that falsely claimed to be giving away a suspiciously large number of free flight tickets in honor of airline anniversaries. As one of the conditions of the promotional offer, participants had to like and share the websites that pretended to give away prizes.
As usual, people saw the promise of something free and lost their minds, so Facebook was flooded with those posts. Of course, in reality there were no free tickets to claim, and the airlines had absolutely nothing to do with it. Let’s see what really happened.
As our analysts found out, the links in the posts led to websites like deltagiveaway[.]com, emiratesnow[.]us, aeroflot-com[.]us, and other similar websites, depending on which airline appeared to be offering free tickets. Different posts mentioned different airlines, and everyone seemed to be celebrating an anniversary at the same time — a rather large coincidence.
At first glance, the links seemed plausibly legitimate: after all, they contained an airline name. At second glance, some doubts could have crept in; but who has the time for a second glance when free tickets are on the line — free tickets that someone else might claim first?
Each of the websites had a simple survey with three questions: had you ever used the airline, what you liked best about the airline, and were you satisfied with the quality of service. After a user answered the questions, they were told they were now close to getting a free ticket. All that was left to do was share the link to the website on a social network, thank the airline, and click the “Like” button.
https://cdn.securelist.ru/files/2017/06/two_tickets_ru_3.png
However, clicking the “Like” button led to a variety of undesirable results. For example, the user could end up on a website demanding their mobile phone number. If users failed to notice they had moved to a completely different website, entered their number, and clicked the “Confirm” button, they actually subscribed to a paid service with a daily subscription fee. Moreover, if they accessed the website from a mobile phone, confirmation would not necessarily have been required to subscribe, which means they might not have noticed anything strange. After that, the user finally learned they had not won the ticket.
The schemes varied in different countries. For example, a user might be redirected not to a mobile service subscription page but to Web pages with advertisements; mere attempts to boost traffic. A user might also find suggestions to download applications (not related to the airlines in any way). Or the links could lead to other scam websites. In no case were tickets actually offered.
Despite the obviousness of the scheme, it turned out to be very effective: Tens of thousands of people published similar posts with links in their news feeds. And they swallowed the bait either by subscribing to paid content or by downloading apps. What were these users really installing? Among other things, malicious browser extensions with permissions to read all data from the browser — including logins, passwords, and credit card numbers.
So, users turned out in droves to shove paid subscription scams or malware at their friends on social networks, all in the hopes of getting a free plane ticket. Nobody won in the end, and the number of scammed and infected people has increased by quite a bit. This commotion is ongoing, and we are likely to see new scams promising something else free. How can you avoid falling victim — and dragging your friends down with you?
- Always remember that at least 99% of free lunches are nonexistent. There are exceptions, of course, where reasonable prizes are offered in reasonable quantities. But if you are offered a luxury car out of the blue, or you are told that there are thousands of airline tickets up for grabs, you have no reason to believe that. The only way to win is not to participate.
- Pay particularly close attention to the URLs of any websites where you are asked to enter personal data. Is it really the website where you intended to enter your credit card number, or is it a phishing site? To learn more about how to recognize phishing and protect yourself against it, please read this blogpost.
- Do not repost or share indiscriminately. Keep the golden rules of responsible social networking in mind — your friends will thank you.
- Install reliable security solutions on all your devices. Good protection will prevent the installation of malicious browser extensions on your computer and will warn you when you are going to navigate to a phishing Web page.