Researchers at Kaspersky Lab have uncovered a new scheme whereby cyber criminals trick users into giving up their data by luring them with 'free' gift cards.
By creating fake Web sites for the free generation of gift cards, fraudsters are able to effectively sell users' data to third-party partner sites, to which the victims are redirected.
According to the security giant, cyber criminals are constantly on the lookout for new ways to earn cash apart from malware, and because few people can resist something for free, they are latching on to this.
Setting the trap
Web sites that offer customers the option of freely generating gift cards for well-known organisations such as iTunes, Google Play, Amazon or Steam have been around for a while, and cyber criminals are using this to their advantage by tricking users with a simple algorithm.
Once on the fake site, the user is asked to select the gift card he or she wants in order to receive the code. Once done, the trap has been set: in order to receive the generated code, the user needs to prove that he or she is not a robot.
This is done by following the link provided and completing various tasks, the type and number of which are determined by the partner network to which the individual is redi-rected. This would include filling in a form containing a number and email address, in-stalling adware, subscribing to a paid SMS service and suchlike.
The user either grows tired of performing endless tasks, or they are finally provided with a code, which isn't legitimate.
The criminals monetise this scam in several ways. They might get a few cents for every click on the link, or a few dollars for filling in a form or subscribing to the paid service. Either way, they are getting something for very little effort, and the third-party partners benefit by getting access to personal data, which can be used for private purposes.
No free lunch
Lyubov Nikolenko, Web content analyst at Kaspersky Lab, says these schemes are suc-cessful because they appeal to the desire to get something for free. "However, at best, users will spend hours of personal time doing worthless tasks, and, at worst, they will lose money without receiving anything in return."
To avoid falling foul of this new scheme, Kaspersky Lab suggests a few simple steps. "Remember that there is no free lunch, and always treat offers that seem too good to be true with scepticism."
Next, check the HTTPS connection and domain name when opening a Web page. This is particularly important when using Web sites that contain sensitive data, such as finan-cial logins or personal information. Also, never share any such data with a third party - official organisations will never ask this of their users.
The company says it is also a good idea to check with the organisation in question if it is legitimately giving out gift cards, and whether the particular site is an official partner.
Share