Holiday Brand Scam Targets Social Networking Accounts

A widespread scam leveraging a well-known airline brand was recently detected on a major social networking site. The scam was designed to gain access and control of large personal networks and to harvest personal information for potential future scams, such as spear phishing attacks. This non-traditional scam, timed for the holiday season, is distributed via posts to friends’ walls. The post claims to offer free holiday airplane tickets from a leading airline:

Free Holiday Travel From [BRAND]
[BRAND] is giving away tickets for the holidays
Only from [BRAND] Airlines

When the link is clicked, a landing page appears which prompts unsuspecting individuals to connect to a social networking application supposedly from the airline. Of course, this spoofed social networking application, like legitimate ones, requests permission to access victims’ social network accounts and to manage their email, wall posts, events, and pages. In other words, the fake application asks permission to compromise users’ accounts.

Three aspects of this recent scam are noteworthy:

  • Distribution via social network wall posts
  • Harvesting of personal details shared on a social network
  • Potential precursor to personalized phishing attacks

Cybercriminals are targeting social networks and other sources rich in shared personal information in order to personalize follow-on phishing attacks. These information harvesting attacks may falsely associate with brands, but they are technically not phishing attacks nor are they standalone scams. Rather, they are designed primarily to collect personal details for use in later spear phishing attacks.

The social networking site in question disabled the app after the MarkMonitor Security Operations Center brought it to their attention but users should be aware of these types of attacks and protect themselves by exercising common sense caution. Brand owners should educate their customers and build processes to make it easy for their customers to report these types of suspicious online activity.