While free plane tickets seem too good to be true, they are still frequently being used by malicious individuals to deceive the public. A new free plane ticket giveaway on Facebook has recently duped consumers by giving counterfeit boarding passes.
British low-cost airline easyJet has become the new bait of fraudsters who are holding a bogus giveaway via Facebook. A fake easyJet page that looks like the official account of the airline has been advertised on Facebook calling random people to take a survey for a chance to win two complimentary tickets.
The fake Facebook ad read: "easyJet is gifting 2 free tickets to everyone!" With it is a photo of a boarding pass. The "hurry up" statement lures people to click on the link which will redirect them to a fake web page.
The survey intends to get respondents' personal information. To claim the free tickets, respondents will then be asked to share the survey to their friends.
On 21 August, easyJet has issued a warning via its official Facebook account to be aware of the new competition being held by a fake account. It was re-posted on 25 August.
This type of scam is called typo squatting wherein fraudulent websites use an almost similar web address to the original one. According to DomainTools director for product management Tim Helming, the information obtained could be traded or used for further phishing attacks.
"These stolen credentials can be resold or traded on underground forums and sites", says Helming.
However, Helming notes that this particular occurrence could pose further threat and damage. "These scams can be further weaponised to drop ransomware or other more advanced styles of malware if the attackers so choose", adds Helming.
The culprit behind the scam remains to be undisclosed for now, but Heming notes that the subject person is also behind the 113 bogus websites that are typo squatting brands of Pizza Hut and British Airways, among many others.
One of the tell-tale signs to detect a typo squatting website has domains usually crafted in this format: .com-[text]. These websites are almost always rippled with misspelled words. Before clicking a suspicious website, hover the mouse over the URL to know if the site is type squatting another site.