Attackers promise users free Emirates tickets
Until the holidays at the end of the year, there is not much time left and users plan ahead to book plane tickets to visit relatives, friends or just for leisure. As expected, cybercriminals are stepping up their activities at this time, hoping to deceive as many users as possible. They use social engineering methods and promise users free flight tickets.
In our last post, we warned users about a phishing e-mail in WhatsApp, which uses the theme of coupon codes. This time, the attackers also chose WhatsApp and posting messages on behalf of Emirates. They offer users to get some free tickets.
')
It should be noted that the link indicated by the attackers in the message is actually phishing and has no relation to the airline. At the same time, the user has the feeling that she points to the company's legitimate website. Below is an example of a phishing email that is being spread by attackers.
Although the indicated domain of the webpage is different from what we found earlier, the message design is almost the same as we observed earlier in fraud with several brands. As in the case of the predecessors of this fraud case, this phishing message delivers a fake and brief overview to the user with notification of the winnings of two free tickets.
To obtain tickets, the victim is asked to send a link of ten to his WhatsApp contacts.
In this case, the application code counts the number of times that the user clicks the “share” button. After the user has shared a phishing link with ten of his contacts, he is informed that he has only one step left to receive tickets and redirect him to another domain.
This new web page asks the user for a phone number to subscribe to a paid SMS. It is indicated that the costs of the service will be indicated in the telephone bill at the end of the month.
Note that at the stage of interviewing the victim, the attackers indicate a reservation (disclaimer) stating that the user may be offered “third party offers”, with these offers imply recurring costs. Needless to say, you should always pay attention to this and carefully read the conditions before participating in an online competition.
After the user completes all the steps, it is returned to the original domain, on the web page of which it is reported that there is no win.
To date, the fraudulent scheme is available in languages ​​such as Spanish, English, German, Portuguese. Attackers can substitute text in the appropriate language for the user's region. To date, the malicious webpage is already served from another domain, and the country and language is detected through IP geolocation.
Conclusion
During the holidays, the attackers increase their malicious activity in the hope of gaining material gain from novice or scattered users, who begin to think after they have followed the link.
One of the main forms of protection against this kind of fraud is common sense. It should be wary of offers or promotions that are too good to be true.
Do not pay attention to offers of discounts, which were received via e-mail, messages in social networks or SMS and look implausible. If you want to participate in a particular promotion, contact this company by phone and check the validity of this offer. In this case, the phone number should be taken from the official web page of the company.
Do not forget that such messages may come from one of your contacts, so be vigilant even in this case. This situation may occur in the case when your contact fell for the intruders.
In the event that you have already fallen victim to such fraud, delete any application you have installed and contact your mobile operator to check the presence of any paid mailings on your number.
As a preventive measure, you should use antivirus software on your device.
In our last post, we warned users about a phishing e-mail in WhatsApp, which uses the theme of coupon codes. This time, the attackers also chose WhatsApp and posting messages on behalf of Emirates. They offer users to get some free tickets.
')
It should be noted that the link indicated by the attackers in the message is actually phishing and has no relation to the airline. At the same time, the user has the feeling that she points to the company's legitimate website. Below is an example of a phishing email that is being spread by attackers.
Although the indicated domain of the webpage is different from what we found earlier, the message design is almost the same as we observed earlier in fraud with several brands. As in the case of the predecessors of this fraud case, this phishing message delivers a fake and brief overview to the user with notification of the winnings of two free tickets.
To obtain tickets, the victim is asked to send a link of ten to his WhatsApp contacts.
In this case, the application code counts the number of times that the user clicks the “share” button. After the user has shared a phishing link with ten of his contacts, he is informed that he has only one step left to receive tickets and redirect him to another domain.
This new web page asks the user for a phone number to subscribe to a paid SMS. It is indicated that the costs of the service will be indicated in the telephone bill at the end of the month.
Note that at the stage of interviewing the victim, the attackers indicate a reservation (disclaimer) stating that the user may be offered “third party offers”, with these offers imply recurring costs. Needless to say, you should always pay attention to this and carefully read the conditions before participating in an online competition.
After the user completes all the steps, it is returned to the original domain, on the web page of which it is reported that there is no win.
To date, the fraudulent scheme is available in languages ​​such as Spanish, English, German, Portuguese. Attackers can substitute text in the appropriate language for the user's region. To date, the malicious webpage is already served from another domain, and the country and language is detected through IP geolocation.
Conclusion
During the holidays, the attackers increase their malicious activity in the hope of gaining material gain from novice or scattered users, who begin to think after they have followed the link.
One of the main forms of protection against this kind of fraud is common sense. It should be wary of offers or promotions that are too good to be true.
Do not pay attention to offers of discounts, which were received via e-mail, messages in social networks or SMS and look implausible. If you want to participate in a particular promotion, contact this company by phone and check the validity of this offer. In this case, the phone number should be taken from the official web page of the company.
Do not forget that such messages may come from one of your contacts, so be vigilant even in this case. This situation may occur in the case when your contact fell for the intruders.
In the event that you have already fallen victim to such fraud, delete any application you have installed and contact your mobile operator to check the presence of any paid mailings on your number.
As a preventive measure, you should use antivirus software on your device.
Source: https://habr.com/ru/post/316338/
All Articles