Skip to main content

Bad "landing": hackers target airlines


Top global airline companies have been compromised by fraudsters for the second time during the last six months.

This time, criminals used the tried and tested "gift" scheme for promotion on Facebook: "Lufthansa is giving away 2 tickets!" These posts are actively shared by colleagues, friends and acquaintances – and under the influence of the freebie strategy and their friends, a person goes on a website with an airline company's logo. Fraudsters deliberately create addresses using names of famous brands in order to put people off their guard. This technique is called spoofing.




To get the free air tickets, a user is prompted to answer a few simple questions: "Have you ever traveled with our company?", "Do you really want to get 2 free tickets?", and "Confirm that you are an adult". After that, the message "Lufthansa is giving away 2 tickets!" and a photo of two boarding passes with the airline's logo are displayed. To get them, a user needs to like the webpage and share the post among their friends in their account. That is how you may unknowingly involve your friends in the fraudulent scheme.






Of course, there are no free air tickets. The best of the 'worst' case scenarios is that a user is redirected to an advertising page and fraudsters receive money for increased traffic. Now, this viral campaign has started in Europe – the first posts have been shared by Facebook users abroad. On September 26, Lufthansa notified users about the fake campaign on its official Facebook page and urged passengers to resist provocations and think about their security!








Lufthansa is not the only company that has faced such troubles. Specialists of the Group-IB CERT (Computer Emergency Response Team) revealed that at least 86 domains had been registered in the name of a certain Rachita M. since August 31 and that those domains used international airline companies' names: Air Canada, Swissair, British Airways, Air-France, Austrian Airlines, and others. Fraudsters made photos of the companies' official board passes for each fake campaign, and the questionnaire was prepared in the airlines' national languages.

A similar large-scale fake campaign was tracked this June. Specialists of Group-IB's Investigation Division found out that fraudsters used airlines' brands to increase traffic on the websites of clients of an American company providing website and mobile app promotion and monetization services. In some cases, users were asked to provide their personal information: name, email, phone, date of birth, and address, or were signed up for paid services.

This time, the ultimate goal of the campaign is unclear – users are not forwarded anywhere. Some of the detected phishing websites with questions do not open – it may be the case that fraudsters are just preparing for a large-scale campaign.

The danger here is that this scheme can be used by hackers for cyberattacks. Special people – traffers – redirect users from popular websites to malicious ones where money stealing Trojans are downloaded. Your computer may be connected to a botnet to conduct DDoS attacks or used to mine bitcoins.

Comments

Post a Comment

Popular posts from this blog

‘Infraud’ Cybercrime Forum is Busted, 13 hackers arrested & 36 charged

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of ‘ Infraud ,” a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for “In Fraud We Trust,” and collectively the forum referred to itself as the “Ministry of Fraudulently [sic] Affairs.” As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software. “Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice,” said John P. Cronan , acting assistant attorne
2 comments
Read more

Czech Republic announced it had extradited the Russian hacker Yevgeni Nikulin (29) to the United States

Yevgeni Nikulin (29) was requested by the US for alleged cyber attacks on social networks and by the Russian authorities that charged him with frauds. According to US authorities, the man targeted LinkedIn and Formspring and hacked into the file hosting service Dropbox. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. The case in the middle of an arm wrestling between Moscow and Washington, the US Government are accusing Russia to have interfered with 2016 Presidential election  through hacking . Source: US Defense Watch.com In May, a Czech court ruled that Nikulin can be extradited to either Russia or the United States, leaving the final decision to the Justice Minister Robert Pelikan. “It is true there have been two meetings this year where the president asked me not to extradite a Russian citizen to the United States but to Russia,” the website of the weekly newspaper Respekt quoted Pelikan as sayin
2 comments
Read more

NanoCore developper busted and senteced for 33 months

  A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison. Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore , to hackers for $25. Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.   This case is a rare example of the US Department of Justice (DOJ) charging someone not for actively using malware to hack victims' computers, but for developing and selling it to other cybercriminals. Huddleston admitted to the court that he created his software knowing it would be used
1 comment
Read more