If you receive an email saying that you’ve won free airline tickets, don’t fall for it. It’s likely an elaborate scam.
A new email phishing scheme is causing people to click on a link that promises free airfare, according to security researchers.
The email looks just like it comes from Delta Air Lines or some other major carrier, but it’s a farce. The scam was recently chronicled by experts at cybersecurity site FarsightSecurity.com. “The suspected phishing websites purport to be those of commercial airline carriers offering free tickets, but, instead, appear to subject the user to a bait-and-switch scam,” the site says in a blog post.
Received an email to get free airline tickets? Phishing scam alert
What makes the scheme so insidious is that the suspected phishing sites look just like reputable airline websites. The scam employs what is known as IDN (Internationalized Domain Name) homographs, or website lookalikes that may fool the unsuspecting eye.
The fraudulent sites even include a Facebook “Like” section, which gives the appearance that scores of users have engaged with the brand on social media.
Here’s how the scam works, according to Farsight Security:
“The suspected phishing websites present the user with the promise of free airline tickets if they answer four innocuous questions (the responses don’t seem to matter). Once the user answers the questions, he is instructed to share the “offer” with 15 WhatsApp contacts before being redirected to another URL where presumably the user is prompted to enter credit card details.”
As you can see, the evil plot is designed for you to entrap your friends, family members and others in your app contact list.
If you run across this email phishing scam, the first thing you should do is delete the email, then empty it from the deleted items folder. That way, if you’re ever in your deleted items folder, you won’t accidentally click the link.
Free airline tickets phishing scam: 4 ways to protect yourself
When it comes to this particular phishing scam, here’s how to stay safe:
- Know which airlines are involved: So far, the criminals are using websites that mimic the following carriers: Delta, EasyJet and RyanAir.
- Read your email as plain text: If you have access to a PC, switch your email to plain text. There you can see real URLs of websites contained in the email.
- Don’t click on any links or respond: Clicking on anything inside the email could cause you to download malware or some other vicious program that could potentially ruin your device.
- Look for typos: One way to tell if you’ve gotten a legitimate communication is to search for grammatical errors in the text. Misspellings, grammar faux pas and nonsensical sentences are a big red flag.