Attackers promise users free Emirates airline tickets

    There is not much time left before the holidays at the end of the year and users plan to book plane tickets in advance to visit relatives, friends, or just to relax. As expected, cybercriminals are stepping up their activities at such a time, hoping to deceive as many users as possible. They use social engineering techniques and promise users free flights.



    In our last post, we warned users of a WhatsApp phishing mailing list that uses the theme of discount coupons. This time, the attackers also chose WhatsApp and a mailing list on behalf of Emirates. They offer users to get some free tickets.

    It is worth noting that the link indicated by the attackers in the message is actually a phishing one and has no relation to the airline. At the same time, the user has the feeling that she points to a legitimate website of the company. Below is an example of a phishing message that is distributed by cybercriminals.



    Although the specified domain of the web page is different from those that we discovered earlier, the message design is almost the same as we observed earlier in fraud with several brands. As with the predecessors of this fraud case, this phishing message gives the user a fake and brief overview with a notification of the winnings of two free tickets.

    To receive tickets, the victim is invited to send a link to ten of their WhatsApp contacts.




    In this case, the application code counts the number of times the user clicks the “share” button. After a user shares a phishing link with ten of his contacts, he is informed that there is one step left before receiving tickets and they are redirected to another domain.



    This new web page asks the user for a phone number to subscribe to a paid SMS newsletter. It is indicated that the cost of the service will be indicated in the telephone bill at the end of the month.



    Please note that at the stage of interviewing the victim, the attackers indicate a reservation (disclaimer) stating that the user may be offered “third party offers”, with these offers involving periodic expenses. There is no need to say that you should always pay attention to it and read carefully the conditions before participating in the online competition.

    After the user has completed all the steps, he is returned to the original domain, on the web page of which is reported no win.



    Currently, a fraudulent scheme is available in languages ​​such as Spanish, English, German, Portuguese. Attackers can substitute text in the appropriate language for the user's region. Today, a malicious web page is already served from a different domain, and the country and language are detected through IP geolocation.



    Conclusion

    During the holidays, attackers increase their malicious activity in the hope of gaining material benefits from novice or absent-minded users who begin to think after they click on the link.

    One of the main forms of protection against this kind of fraud is common sense. One should be wary of offers or promotions that are too good to be true.

    Do not pay attention to discount offers that were received via e-mail, messages on social networks or SMS and look implausible. If you want to participate in a particular promotion, contact this company by phone and check the validity of this offer. In this case, the phone number should be taken from the official website of the company.

    Do not forget that such messages may come from one of your contacts, so be careful even in this case. Such a situation may arise if your contact is caught by attackers.

    In the event that you have already become a victim of such fraud, remove any application installed at the same time and contact your mobile operator to check for the presence of any paid newsletters on your number.

    As a preventative measure, you should use antivirus software on your device.

    Also popular now: