Delta Air Lines Delta is giving away free boxes with first-class air travel tickets and $10,000 in cash to those who follow online links. See Example(s)
Scammers and malware purveyors are always looking for ways to entice online users into following web links that will lead those victims into the traps set for them, and offers of free airline tickets are prime bait in that pursuit of prey. Airline tickets are something nearly everyone uses and have considerable value, but their non-material nature and the fact that they’re not tremendously expensive (compared to, say, a new car) makes it seem plausible to the public that they’re something a business might actually be giving away for free as part of an advertising promotion.
The primary type of free ticket fraud is the “sweepstakes scam,” which intended to lure victims into completing numerous surveys, disclosing a good deal of personal information, and then agreeing to sign up for costly, difficult-to-cancel “Reward Offers” hidden in the fine print. The scammers spread links via e-mail and Facebook that purport to offer free first class travel on Delta Air Lines an $10,000 spending money to those who follow those links:
These web pages (which are not operated or sponsored by Delta Air Lines) typically ask the unwary to click what appear to be Facebook “share” buttons and post comments to the scammer’s site (which is really a ruse to dupe users into spreading the scam by sharing it with all of their Facebook friends). Those who follow such instructions are then led into a set of pages prompting them to input a fair amount of personal information (including name, age, address, and phone numbers), complete a lengthy series of surveys, and finally sign up (and commit to paying) for multiple “Reward Offers” (e.g., subscriptions, credit report monitoring services, prepaid credit cards).
Similar phony free ticket lures have been used to spread malware. In those versions of the scam, those who attempt to reach the URL provided for the purpose of claiming the free tickets are instead victimized by a Facebook “lifejacking” attack, a malicious script that takes over a user’s Facebook profile without their knowledge and propagates itself to their friends’ accounts as well.