Kaspersky Lab experts report the emergence of a new fraud pattern through which users are tricked to reveal their personal data. The method involves the use of false websites to generate so-called free gift cards, ceded after completing a form in which personal data is entered. The information gathered is "sold" to partner sites to which the victims are eventually redirected.
The free offer of something valuable is always attractive in marketing, and offenders take advantage of this. Sites that give users the option to generate free gift cards for well-known companies – like iTunes, Google Play, Amazon, or Steam, are not new. For example, legitimate applications such as Tokenfire and Swagbucks purchase card manufacturers from the manufacturers, and then provide customers with rewards for certain activities. Criminals have identified the popularity of such sites and decided to deceive users using a simple algorithm.
When found on a fake site, the user is asked to select the gift card on who wants him to get the code. After that, the fraudulent mechanism is put into motion. In order to get the generated code, the user has to prove that he is not a robot. He is then asked to enter the suggested link and fill in various information, their number and type depending on the partner network to which they were redirected. For example, you may be asked to fill out a form, leave your phone number or e-mail address, subscribe to a paid SMS service, install adware, and so on.
In order not to fall into the traps of cyber criminals and lose personal data, Kaspersky Lab researchers recommend that users follow a few simple rules:
- Keep in mind that too good offers must always be viewed with skepticism.
- Check the HTTPS connection and domain name when you open a page. This is even more important when opening brosers containing sensitive data – such as online banking sites, online stores, e-mail, social media, etc.
- Do not divulge any sensitive data like this be authentication or card.
- Do not send any possible suspicious links to friends
- Check with the company if it really gives gift cards and if your site is not a good one, is his official partner. For this purpose, please contact support from the company's website.
- Use an effective security solution with anti-phishing technologies based on the detection of spam and phishing attacks
" The success of these new fraud tactics is based on the fact that criminals exploit users' willingness to receive something free ," says Lyubov Nikolenko, web content analyst, Kaspersky Lab. " But at best, they will waste time doing something useless, and in the worst case they will lose money without receiving anything in return. So if you want a free gift card, try to get it from legitimate and trusted sites . "
The result is predictable: either the victims are content to give infinite information either , finally, useless code. Criminal earnings vary from a few cents per click on a link to several tens of dollars to complete a form or subscribe to paid services. So. Criminals make profits from nothing, being paid as a result of user actions on partner sites that also benefit from access to personal data