Social Media Spam: Facebook's Free Plane Ticket Hoax
Earlier this week we wrote about a Facebook app called “Most Used Words” which posed a number of potential privacy risks to users. As email providers have successfully adapted to eliminate spam and social media is now a prevalent mode of communication, both legitimate marketers and spammers are increasingly using venues such as Facebook. A popular form of Facebook hoax has become prevalent again in the past few weeks: the free planet ticket hoax.
The free plane ticket hoax has been a staple of Facebook scams in the past few years with numerous users and airlines affected. As the holiday season approaches and people are likely to make travel arrangements, the scam has appeared once again. It works like this: someone sets up a fake Facebook page for an airline and then asks users to share a photo, Like the Facebook page and comment on the photo to win free plane tickets. When a user likes the page, they are then subscribed to posts from the page – once one of these fake Facebook pages has amassed enough users, they can then begin to target them with other spam-like promotions, phishing scams which attempt to steal their information, and links to external sites that may compromise their computers. The latest instances of the free planet ticket scam have used the promise of free tickets from British Airways and Emirates airlines as the bait.
The first indication that such offers aren’t legitimate is that they use an altered version of the real company’s name: British Airways becomes British Air, British Airway, or another variation of the original. Additionally, verified Facebook profiles have a blue checkmark next to the name. Such fake Facebook pages may insert a graphic of the blue checkmark to imitate the verification. If you hover your mouse arrow over the checkmark of a legitimate organization, a small window pops up stating, “Verified Page. Facebook confirmed this is an authentic Page for this public figure, media company or brand.”
Such hoaxes avoid detection by evolving over time, hijacking different airline names and targeting new sets of users. The ads always purport to offer different prizes, either free first class tickets, free tickets for a year, and other generous offers. In the past, they have utilized Delta, Virgin, and Jetstar Australia, and may adapt the airline name to the location of the users they target. While not malicious in themselves, these campaigns co-opt the name and reputation of a trustworthy entity and may use it to put users at risk at a later time. Additionally, the businesses involved are having their reputations tarnished as no prizes are ever delivered. As in life so on the internet: if it’s too good to be true, it probably is.