27672024626
AVG Signal Blog Security Scams Check Out These Real-Life Airline Scams
Check_Out_These_Real-Life_Airline_Scams_Hero

Written by Gonzalo Torres
Published on July 31, 2018

If you’ve ever clicked ‘like’ on and shared one of those promotions giving away “free tickets” in exchange for retweets, you may have come dangerously close to being grounded with no boarding pass and a lighter wallet.

This article contains:

    Check out these scammy real-life near-misses and learn how to spot them from 35,000ft away.

    #1 - “Your seat assignment has been changed!”

    Airline surveys take a turn for the bad when they start asking you for your email passwordYeah. You’re now sitting in MISERY CLASS.

    Imagine you get an email claiming to be from Australian airline Qantas, notifying you of a seat change you haven’t made for a $796 fee. So you say “OK, that seating fee is demented, and when did I even book a flight with Qantas!?”.

    So you, like many people who got that exact same email did, click on the attached PDF “itinerary” to figure out what’s going on. Did you book this flight and just forget? Did you then pay to reshuffle an entire football team around the plane?

    But wait - there’s a twist. The email isn’t from Qantas at all, and the PDF isn’t a PDF. It’s a file extension called pdf.zip, and now you’ve clicked it and who knows what horrors you’ve unleashed.

    The smart Signal reader solution: Up-to-date antivirus

    When people started receiving these emails, it’s no wonder that more than a few opened what they thought was the receipt in PDF format: the emails looked so real! They contained the Qantas logo and they even linked to the proper airline website.

    You may have thought it was weird that the email was addressed to just “Dear” (unless your name is Dear. Not so weird then). Or the .zip extension may have set off your alarm bells.

    But if you are having an off day and aren’t paying too much attention, an up-to-date antivirus is ready for this exact sort of thing. It identifies, isolates and removes malware the moment you open a bad file or extension, so all you have to worry about is making sure you have yours installed.

    #2 - “Take our survey and get $95”

    Here’s another doozy from Down Under. An email sent around on behalf of Qantas (what is it about Qantas?) linked people to a survey where they were offered to participate in exchange for $95, and then were asked for lots of personal information (hmmm, no), their credit card details (big no) and their email address and password (absolutely huge no).

    Airline surveys take a turn for the bad when they start asking you for your email password

    Once again, the design of the the survey followed the Qantas brand guidelines -the right font, the kangaroo logo — so it’s hardly surprising that some people would drop their guard down and fall for what turned out to be a phishing scam.

    The smart Signal reader solution: knowing what you’re doing

    In cases like this one, the thing that’s going to keep you safe is a combination of common sense and education on the way phishing scams work. Unless you’re buying something online, don’t submit your credit card details in a form. There is no reason whatsoever to submit your email password to anyone, anywhere. And even though it would be lovely to make nearly 100 bucks for answering a short survey online, legitimate airlines just don’t do that kind of insanely expensive mass research.

    Kinda wish they did, though.

    #3 - “Oh, look! You got mail”

    Let’s file this one under ‘analog phishing scam’ since it involves real letters — the kind that come in an envelope. People started receiving letters in their mailbox containing paper vouchers for two free round-trip tickets on American Airlines and US Airways, valued around the $1300 mark. We’ve tried to contact you several times,t he letters said. This is your last chance!

    The letters contained a phone number to call in order to redeem the vouchers for a small booking fee. You see where this is going, right?

    The smart Signal reader solution: the return of knowing what you’re doing

    Of course, American Airlines and US Airways had nothing to do with the mailers. The ‘small booking fee’ was an excuse for sucking your credit card dry over the phone. But how could you have known?

    You could have known the whole thing stank of phish the moment you received a paper voucher in the mail with no return address. And you would have known better than to give out your credit card details over the phone. The Better Business Bureau recommends throwing such letters containing flight coupons or free vouchers in the trash, where they belong. At the very least, call the airline in question to verify the claim for yourself - on their real call center number, not the one given to you in the letter.

    Their answer will always be… “Sorry, not from us”.

    #4 - “Like! Share! Retweet!”

    Arguably, the airline scam you are most likely to encounter is the fake airline ticket giveaway social media page. There must be thousands of examples out there, and you may have even clicked and shared one or two, you know, just in case.

    Take the American Airline or Qantas Airline (I know, right!?) free-tickets-for-shares Facebook pages. Both of them promise the chance to win free return Business Class tickets and around $5000 in spending money if you hit the like and share buttons. Worth a try, no? Best case scenario, you win a trip to Bora Bora. Worst case scenario, you invested twelve seconds of your life and two clicking motions.

    Scam facebook pages that farm likes are not harmless: by patronizing them, you may be putting others in harm's way

    But these pages are not harmless. They are textbook cases of what online scam experts call “like farming”: get hundreds of thousands of ‘likes’, followers, comments and user engagement to appear legitimate and trustworthy, and then launch fraudulent phishing scams like the surveys we talked about in #2 above.

    So, while your digital security may not be in immediate danger by just pressing the ‘like’ button, you are putting yourself and others in danger in the medium- to long-term.

    The smart Signal reader solution: look for the blue check mark

    Of course, you may have noticed that neither ‘American Airline’ nor ‘Qantas Airline’ are actual airlines (their real world counterparts both go by Airlines’, plural). This is one way these “like farms” circumvent legal action while they collect all your retweets. So checking that the page or profile you are following contains the correct airline name is a great place to start.

    But by far your best bet is to look for the verification mark in the company profile. Facebook authenticates verified profiles with a blue check mark, as do Twitter and Instagram.

    To put it bluntly, if it doesn’t have a blue check mark next to its name, consider it fake. Report it and move on.

    #5 - “This website isn’t sketchy at all”

    Last, but not least, the full-on fake ass airline website that takes your money flat out. Again, the lure of free tickets shared on social media makes people click on a link that takes them to something that very closely resembles the real airline’s website. But it’s not.

    Airlines often issue public warnings when they know their good name is being used in a scam

    One particular example of this involved Europe’s largest airline, Ryanair. Free tickets were offered, links to a website were shared around social media… and the airline itself had nothing to do with any of it.Airlines often issue public warnings when they know their good name is being used in a scam

    Yeah, looks legit...

    The smart Signal reader solution: check the URL

    Just look at this URL: www.ryanair.com-freechance.com. That’s where people were sent to claim their supposed free tickets. Sure, you have Ryanair .com in there somewhere, but all the rest? It spells scam.

    Reputable airlines tend to keep their URLs short and simple, for obvious marketing reasons. Dot-com addresses are by far the norm, so check for even subtle URL changes - things like addresses ending in .org, .biz or .net should give you pause. Hyphens in the URL can also be an indicator that something’s not right.

    Our airline scam checklist

    • Install an up-to-date antivirus to handle dodgy email attachments

    • Do not give out your credit card details or email passwords in airline surveys

    • Always call the airline to double-check if you want to take part in a promotion

    • Look for the blue check mark that verifies an airline’s social media account

    • Check the URL for signs of trouble

    Protect your Android against threats with AVG AntiVirus

    Free install

    Protect your iPhone against threats with AVG Mobile Security

    Free install
    Scams
    Security
    Gonzalo Torres
    31-07-2018