When something looks too good to be true, it usually is. That's why easyJet has issued a warning about a free ticket internet scam fooling Facebook users into thinking they've won complimentary trips away.
Hackers are luring users into clicking on potentially harmful malware by posting on what looks like a genuine easyJet Facebook account with a competition celebrating the low-cost airline's 22<sup>nd anniversary. The fake advert claimed "easyJet is gifting 2 free tickets to everyone!" along with a picture of a boarding pass and the offer of two tickets per users if they took part in a survey.
Victims who click on the link were redirected to a fake page where it urged users to "hurry up" due to a limited number of tickets left. The survey asks for personal information and to also share the offer on Facebook in order to redeem the prize, thus gaining access to their profile.
This information could then be sold on or used for further phishing attacks.
"These stolen credentials can be resold or traded on underground forums and sites. Also, these scams can be further weaponised to drop ransomware or other more advanced styles of malware if the attackers so choose. The ease of further weaponising a simple campaign like this is concerning in and of itself," said Tim Helming, Director, Product Management at DomainTools.
The scammers were able to make the scheme look as genuine as possible by also including comments from fake customers who said they had won.
"I won the tickets...thank you easyJet," said one, while another claimed "it was busy at the easyJet counter today. It seems that so many people have won these tickets".
The false website was also set up with an address similar to that of the genuine easyJet site but not affiliated at all, further duping victims into thinking it was real.
This practise is known as typo squatting and here, the easyjetlover[.]us web address was used and repeats an identical scam that appeared on Facebook the week before claiming to be offering free RyanAir tickets, as well as an Aldi scam offering shoppers a free £65 coupon.
Helming reveals that on further investigation DomainTools found that the same person behind this campaign is connected to 113 other domains that are disguised as brands including British Airways, Ryanair and Pizza Hut.
EasyJet has acknowledged the scam, confirming it is fake and not a real giveaway and that "genuine competitions of this nature will only be hosted on easyJet's official Facebook page".
It warns customers to stay clear and encourages users to flag any malicious posts of this nature to the company.
The security experts at DomainTools advise users to stay safe by looking out for tell-tale signs such as typos on the website or coupon, as well as domains that have '.com-[text]'. A good way to ensure you're not being redirected somewhere you shouldn't is by hovering your mouse over the URL to see where the link will take you.