Heimdal
article featured image

Contents:

If you like traveling, you can easily fall prey to airline scams by simply looking for free airline tickets. Does it sound alarmist? Yes, but it’s also true. Airline scams are some of the most popular travel scams.

Whether it’s Facebook, Whatsapp or your phone, cyber criminals are always looking for ways of stealing your data, your money or both.

And they’re very creative about it.

Find out how most airline scams function, what they want to obtain from you, and how you can detect them before you compromise your data or your money.

In the cyber criminal world, free airline tickets have an alarming market share.

So let’s be honest and to the point:

There is no such thing as free airline tickets.

Unless you’re a frequent work traveler and receive bonus miles, if someone offers you free airline tickets it means you’re looking at the latest of airline scams.

Let’s hear it again, folks!

Free airline tickets from any company, on any platform, are a scam.

No guide on how to avoid airline scams should start with anything other than free airline tickets. This is what cyber criminals promise at every turn, in every social media app and even by calling you.

This airline scam spreads via social networks and, implicitly, your friends

Generally, this is a sweepstakes scam that says the airline company is having an anniversary and giving away free airline tickets. This is designed to trick you into completing numerous surveys, then sharing them with your friends. Your promised prize? In this airline scam it’s either free airline tickets or rewards like substantial discounts.

Your actual prize? Oh, there are many and none of them are good.

In the most fortunate scenario, the fake free airline tickets giveaway was designed for a like-farming scam, where the cyber criminals’ goal is to gather a large number of Facebook page likes.

However, this can get worse much faster. Cyber criminals now have access to valuable data: your name, address, favorite activities and maybe even a password. If you are like most internet users and have the same password across multiple accounts (something you should never do!), you are now vulnerable to social engineering. You are also exposing your other online accounts to a great deal of risks.

A lot of popular free airline tickets scams fall under the term “likejacking”. The cybercriminal slash scammer gets a payment from other cybercriminals for selling your completed survey. Those cyber criminals will gain access to your data and Facebook friends list. From there, they can do a host of nefarious activities, like spreading malware.

likejack example - ad for like jacking

Source: Actual likejacking program used by cyber criminals

Facebook lifejacking attacks are really common in airline scams. Malicious scripts gain access over a Facebook profile and spreads to that user’s friends as well, can be used for phishing attacks, virus injections and more.
likejacking ad for free airline tickets scam and other airline scams
Source: Actual ad for likejacking program

Here’s how you can avoid all types of free airline tickets scams

If companies like American Airlines, Ryanair, British Air, Wizz Air or Qantas Airline (its name is actually Qantas Airways, so pay attention to small details like this!) is on social media asking you to like, share, retweet or subscribe, it’s an airline scam. There are no free airline tickets to be gained – look more closely at the page’s name.

Airline scam versus legitimate Facebook page (notice the check mark on the page name)

If it doesn’t have the blue check mark of legitimacy (FB and Twitter authenticate profiles this way), it’s not the official page for that legitimate airline company.

free airline tickets spam common airlines spam

Airline scam on Twitter versus legitimate Twitter handle (notice the check mark on the page name)

twitter free airline tickets scam

Representatives from airlines like EasyJet or Ryanair have already issued warnings on this topic, but airline scams like these are many and their diversity is staggering.

Let’s see how they look:

Source: Snopes.com

If it’s a sweepstake to win free airline tickets and it wants you to fill a survey, it’s MOST DEFINITELY a scam. And it’s also phishing, a way for cybercriminals to get your data and sell it or use it to spread malware.

One of the most common airline scams is a survey promoting “Ryanair anniversary free tickets”. However, this survey is not hosted on Facebook or the official Ryanair websites. It’s on a website filled to the brim with cybersecurity risks which can affect both your data and your money.

If it’s on Whatsapp and promises free airline tickets, especially for the Emirates Airlines, it’s definitely a scam. Like the Ryanair anniversary scam, it promises 2 tickets if you fill out a survey.

Never fill out surveys for promotions unless you 100% percent trust the source – it has a secure https:// URL, you recognize the domain and so on. Why? Here is how this free airline tickets Whatsapp scam works.

free tickets emirates common airlines scam

Source

free tickets from emirates common airlines scam

Source

If you fill out the survey, it then asks you to spread the scam with 10 other friends in order to unlock the tickets.

Once you share it, the survey redirects you on a new page which asks you to subscribe with your phone number to another giveaway. This one is actually a premium message number. Trust us, that will show up on your phone bill at the end of the month! So you will definitely lose personal data and money, to top it all off.

emirates free tickets a common free airline tickets scam

Source

At the end of the scam, you will be redirected to another page which dramatically informs you that “You won nothing”.

But cyber criminals sure did. They gained access to your data via phishing, exposed you and your friends to malware and even signed you up for a pricy service that will drive up your phone bill at the end of the month.

How about buying fake tickets? You avoided airline scams like free airline tickets sweepstakes, but you’re not safe just yet!

Ok, if you followed our tips or already managed to avoid the dozens of airline scams running rampant in social media, you should be safe.

You’re not safe, not just yet.

More and more websites pop up every day, offering irresistibly reduced rates or bonuses like extra luggage if you buy your airline tickets there. Legitimate airlines report that every week they encounter customers holding fake tickets. Those poor “wannabe” customers are then stuck in the airport.  They have to buy a legitimate ticket, losing money in the process. How does this happen?

Buying tickets off Craigslist and the like

A well known-scenario is buying airplane tickets off Craigslist or smaller, lesser-known booking sites. We understand the appeal of a discount, but before reaching for your credit card, please do this:

Use a reputable booking site or, if you must use another one, make sure you read its online reviews!

After buying your ticket, be very careful on what links you click when you receive your transaction confirmation or follow-up offers.

Email follow-ups about airline tickets

Delta Airlines already warned customers not to believe all email received. If, for example, you didn’t buy a ticket, if you receive an email like that, carefully investigate its source. Then go to the official website, not by clicking a link, but by writing it in a new browser tab. Then change your password, just to make sure your account is safe.

Most of the links contained within emails will send you to websites loaded with malware. Hackers, thieves, and other cyber criminals are always looking for ways to steal your data, from your email information to your app info, VPN details or, of course, your banking info.

delta phishing email common airlines scam

Source

Never open links in suspicious emails and always double-check them!

Most of the times, fake emails sent through airlines scams have spelling or punctuation errors, spelling mistakes in the URL (deltaa instead of delta) or graphics that look a little bit worse than what you’re used to. However, phishing emails and other scams can look perfectly legitimate so, whenever you’re in doubt, remember to do not click links or attachments. Go straight to the legitimate website and do a safety check on your account.

My phone is safe, right? You avoided most online airline scams, be careful offline as well

As we said before, in cyber criminals’ tactics, technology is only half of the story. The other is social engineering. When it comes to airline scams, cyber criminals target the easiest prey using free airline tickets sweepstakes and the somewhat informed consumers via email. All of them, even the informed consumers, can, however, fall prey to social engineering.

Remember you can forget some details – social engineering in action

One of the biggest ramifications of social engineering is information bias. It means it’s easy to get caught up in complex details in order to strengthen your online safety. It’s also easier to forget about the offline component, especially when dealing with regular, old-fashioned talking on the phone.

If your personal data (phone number) was compromised, you find yourself in the following situation:

After purchasing airline tickets, spammers and cyber criminals will call to confirm the purchase and perhaps even ask for more funds.

Vishing, the counterpart to online phishing

A technique called “vishing”, this is the offline counterpart to “phishing”, a term you’re already familiar with. With vishing, cyber criminals already have your name, address, phone number and other details. Using this info, they can convince you to make further purchases by calling and impersonating an airline representative (for example).

Our advice is this: do not make bank transactions if someone makes this request of you over the phone.

Airlines will rarely if ever call you with information or request further payment via phone. If they do, insist on exchanging emails in order to establish a conversation and payment history.

It’s best if you use our guide from above, buy airline tickets securely online and conduct all further transactions there.

This way, you can make sure you are communicating officially with an airline. On the off chance that this channel is also compromised, you at least have proper documentation in order to protect your funds or issue chargebacks.

Recap and useful tools: here’s how to avoid all major airline scams

So how do you avoid airline scams? Cyber criminals are ingenious and ever-surprising but, with these tools, you can protect yourself from all major airline scams.

  1. Don’t believe in sweepstakes, free airline tickets and other promotions spreading in social media.
  2. Learn how to verify links (you can find an awesome list of free cybersecurity tools here)
  3. Report the email in question. Reporting emails as phishing or scams works wonders, especially on a platform like Gmail or Outlook Web.
  4. See how you can prevent phishing with this easy guide and also learn how to spot spoofing (techniques used by cyber criminals to hide their intentions)
  5. Use this scam tracker offered by the Better Business Bureau to avoid airline scams and other malicious attacks
  6. Help your family and friends to avoid them as well. Not everyone is aware of cybersecurity measures. By sharing information, you can ensure others do not fall prey to cyber criminals. Here are 5 tips to protect your parents from cyber attacks.

If you’ve ever witnessed or suffered through an airline scam or fake free airline tickets sweepstakes, we’d love to hear your thoughts on the matter in the comments. What was the nature of the incident and how did you recover? We might even include it in our article to help other readers be safe!

Spend time with your family, not updating their apps!
Heimdal™ Free - Software Updater
Let Heimdal™ FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal™ FREE
Author Profile

Ana Dascalescu

Cyber Security Enthusiast

The Atlantic wrote about cyberflâneur and I think that's the best way to describe myself. Or maybe a digital jack-of-all-trades with a long background in blogging, video production and streaming. I spend my waking hours snooping through online communities of all types, from Reddit to security forums, from gaming blogs to banal social media platforms like Instagram. Sometimes I even contribute to those communities.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE