Year-end celebrations are close and many people are looking to book their plane tickets to visit relatives and friends. As expected, cybercriminals are looking to exploit users over the festive period – social engineering techniques are frequent over the holidays, as demonstrated by a scam that is promising people free flight tickets.
What is the scam about?
We have previously warned WeLiveSecurity readers about a multi-brand scam spreading via WhatsApp (one that promises bogus discounts to their victims).
Now, a new form of fraud is once again going viral on WhatsApp, this time making reference to the Emirates airline company. It offers people the possibility of receiving a couple of free flight tickets.
It is worth noting that although the link enclosed to the brief description in the message seems to redirect the user to the airline’s official website, the real link in the message text reveals the true scam, which redirects users to a website that does not bear any relation to the company.
This is the message that spreads via WhatsApp:
Although the domain of the page is different from the ones observed before, the design format is virtually the same as the one seen on the multi-brand fraud. As with its predecessors, the scam delivers a fake and brief survey to the user, notifying them afterwards that they have won two free tickets.
To obtain them, the victim has to share the link with 10 contacts on WhatsApp.
The code estimates the times the user presses the share key. Once the link has been “shared” the number of times requested, the user is told that there is only one step left to get their tickets, and is then redirected to a new domain.
This new webpage asks the user to subscribe with their phone number to a premium message number, whose costs shall appear on the telephone bill by the end of the month.
Note, that in the survey stage, a disclaimer at the bottom actually says there might be “third party offers” involving recurring costs. Needless to say, you should always pay attention and read the terms carefully before engaging in online contests.
Once the user has completed all the steps, the campaign returns to the initial domain where a discouraging message appears informing that you have not won anything.
Currently, this scam is available in Spanish, English, German, and Portuguese. The original domain seemed to customize the text to show different countries depending on the link ending. Nowadays, the malicious webpage is being served from a different domain, and the country showed is identified through the IP’s geolocation.
During the holiday season, cybercriminals strengthen fraud campaigns hoping to catch absent-minded users who usually click before thinking (about the consequences of their actions).
The first form of protection against these scams is common sense. In the case of promotions that seem too good to be true, it is probably best not to believe in the hype.
Do not pay attention to offers received via email, messages in social networks or SMS containing unreasonable discounts; or at least, make sure you check whether the offer is valid by contacting the company by phone, manually accessing their website or by heading directly to the contact page of the official website.
Remember, these scams usually spread among the contacts available in the contact list; therefore, be careful even with alerts received from reliable contacts.
If you have been a victim of a scam, uninstall any application you have downloaded to your device, and contact your mobile phone company to check whether you have been added to a premium SMS service.
If you know anybody who has been a victim of this type of scam, let them know about the possible actions they can take to resolve this situation. Install a mobile security solution to block the traffic towards fraudulent pages and remember that the best way to prevent is education.
by Denise Giusto Bilic, ESET We Live Security