Several newly discovered scams on Facebook serve as not-so-friendly reminders to be careful when pressing on links. The latest round of phishing attacks attempts to trick customers into signing up for free airline tickets. Fraud and privacy protection app Fyde detected advertisements posted by bad actors posing as Allegiant and Alaskan Airlines.
“Congratulations! ! You have been selected to take part in our short survey to get 2 Free Allegiant Air Tickets! We only have [insert arbitrary number] Tickets remaining so hurry up!” one post claimed.
If an unknowing Facebook user presses on the ad hoping to score some free flights, they’d be directed to a website with a lengthy survey. The site would then exploit the sensitive information submitted to it, like credit card info and medical records, to make a profit. After completing the survey, users are asked to share the scam with 20 other people but don’t ever receive the promised tickets.
“This link is not a valid promotion,” Allegiant spokeswoman Krysta Levy told PolitiFact. “We are working with our legal team to take appropriate action.”
Fyde posted a video on YouTube showing how it works.
An identical scam tries to give away free Alaskan Airlines tickets. It similarly takes users through a survey of intrusive questions only to leave them hanging after they’ve handed over their precious data.
There are some unmissable red flags with these scams. First, the obvious: No airline is going to give you free tickets. Second, unless it comes from a trusted source, consider every post asking you to fill out a survey to be a scam. If you do end up filling out a survey, be careful about submitting payment details or other personal information. Finally, take a close look at the phrasing of the post and be wary of anything that seems overly enthusiastic.
Sinan Eren, CEO and co-founder of Fyde, told the Daily Dot that it’s difficult for businesses to take down scamming sites given their jurisdiction. “I would say the internet is rigged against them and the consumer,” he said. However, he explained Facebook’s practices are particularly worrying.
“If you turn on notifications, they [Facebook] start sending you SMS and email messages,” Eren said. “This is what scammers do, they have to reach you outside of the app to send you a fake message about your account info being stolen. When Facebook communicates with you using the same channels, attackers can leverage that.”
Fyde calls these fake advertisements “summer scams,” the second phase of an attacker’s cyclical calendar that starts with IRS tax scams in the new year and moves to Christmas shopping attacks in the later months. Eren explains flights have become the main target this time of year now that attackers are no longer going after Craigslist with the same frequency.
If you don’t want to be a victim of these attacks, we strongly recommend you download a good antivirus tool. When I tried visiting one of the links, AVG (featured in our best free antivirus tools for Windows and Mac ranking) prevented it from loading. Of course, the best way to protect yourself is by simply avoiding the ads altogether.
“Go through the front door, especially whenever you receive an ad from a financial institution,” Eren said. “Just do not follow that link. Go to the main real estate. If you have an account, log in and check to see if the same message is in your inbox. If it’s not a targeted one, you should see a similar promotion on the main site. If you don’t see it anywhere, you should be very cautious.”
For more information about Facebook scams, check out our guide on how to spot them.