Exposed organizers of raffle tickets on behalf of the airlines in social networks

Raffles free air tickets, information about which was distributed on social networks, were a scam. With the help of a fraudulent scheme, the attackers increased the flow of traffic to completely foreign sites. It turned out that these are the websites of the clients of a single American company that promotes and monetizes Internet and mobile applications, the Russian company Group-IB writes in its report .

For example, a few days ago posts appeared on Facebook with the “raffle” of tickets from Emirates and Aeroflot. To participate in the rally it was necessary to follow the link indicated by the scammers. As a result, the user got to the site of the "Emirates-free-2-ticket-com-abracadabra-dot-com". Such front sites used the names of popular airlines - Emirates, Lufthansa, El Al Israel Airlines, SPAR, Virgin America, Delta Air Lines, Air-France, Rolex, Aeroflot, as well as supermarket chains Spar, Safeway, Tesco, the manufacturer of Rolex watches. and manufacturer of handles Sharpie. This was done so that users could not suspect anything wrong.

This was followed by a user survey, allegedly about the seriousness of his intentions. After answering the questions a form appeared with several links to go to other pages. When clicking on links, various advertising pages were opened. After clicking on the link “Download content right now,” the subscription page for paid services opens.
')
The whole procedure was completed by displaying a message about the “winnings” of two air tickets. To get them, the “lucky man” had to like a post about a rally and share it with his friends.


Thus, you can unwittingly engage your friends in the fraudulent scheme. The scheme of this deception is called "spoofing."

After completing all the manipulations on the links, various advertising pages opened. In some cases, a mobile subscription page also appeared, with an imperceptible connection of which a certain amount began to be regularly deducted from the mobile number account.

Cybersecurity experts from Group-IB have recorded 95 dummy sites operating under the names of 19 well-known brands.

On Monday, June 5, the Russian air carrier denied its involvement in the free tickets draw:


The author of the fraudulent scheme was a 28-year-old resident of Islamabad. “In 2013, he planned to launch his advertising network, but failed. After that, he decided to conduct a campaign with a fake raffle of free tickets for generating traffic to advertising sites. The first sites were registered at the end of March, ”the Group-IB report says.

After some refinement, hackers can use this scheme. For this, it is enough for them to trick users into clicking on a link to a malicious program.

As told RBC representative of Group-IB, the main purpose of cyber fraudsters were foreign users: Facebook was used to promote, the majority of victims - international brands. Most of the sites that were linked to were not in Russian.