No, you have not won two free airline tickets

// 23 juillet 2018

Not long ago, Facebook was hit with a wave of posts that falsely claimed to be giving away a suspiciously large number of free flight tickets in honor of Lufthansa airline anniversary.

As one of the conditions of the promotional offer, participants had to fill a survey, like and share the website that pretended to give away prizes.

 » As usual, people saw the promise of something free and lost their minds, so Facebook was flooded with those posts. Of course, in reality there were no free tickets to claim, and Lufthansa had absolutely nothing to do with it. Let’s see what really happened. »

The link in the post seemed to led to a facebook page of the airline compagny and appeared to be offering free tickets for its 93th anniversary.

At first glance, the link seemed plausibly legitimate: after all, they contained the airline name. At second glance, some doubts could have crept in; but who has the time for a second glance when free tickets are on the line — free tickets that someone else might claim first?

The website had a simple survey with three questions: had you ever used the airline, what you liked best about the airline, and were you satisfied with the quality of service. After a user answered the questions, they were told they were now close to getting a free ticket. All that was left to do was share the link to the website on a social network, thank the airline, and click the “Like” button.

However, clicking the “Like” button led to a variety of undesirable results. For example, the user could end up on a website demanding their mobile phone number. If users failed to notice they had moved to a completely different website, entered their number, and clicked the “Confirm” button, they actually subscribed to a paid service with a daily subscription fee. Moreover, if they accessed the website from a mobile phone, confirmation would not necessarily have been required to subscribe, which means they might not have noticed anything strange. After that, the user finally learned they had not won the ticket.

The schemes varied in different countries. For example, a user might be redirected not to a mobile service subscription page but to Web pages with advertisements; mere attempts to boost traffic. A user might also find suggestions to download applications (not related to Lufthansa in any way). Or the links could lead to other scam websites. In no case were tickets actually offered.

Despite the obviousness of the scheme, it turned out to be very effective: Tens of thousands of people published similar posts with links in their news feeds. And they swallowed the bait either by subscribing to paid content or by downloading apps. What were these users really installing? Among other things, malicious browser extensions with permissions to read all data from the browser — including logins, passwords, and credit card numbers.

So, users turned out in droves to shove paid subscription scams or malware at their friends on social networks, all in the hopes of getting a free plane ticket. Nobody won in the end, and the number of scammed and infected people has increased by quite a bit. This commotion is ongoing, and we are likely to see new scams promising something else free.

How can you avoid falling victim — and dragging your friends down with you?

Always remember that at least 99% of free lunches are nonexistent. There are exceptions, of course, where reasonable prizes are offered in reasonable quantities. But if you are offered a luxury car out of the blue, or you are told that there are thousands of airline tickets up for grabs, you have no reason to believe that. The only way to win is not to participate.

Pay particularly close attention to the URLs of any websites where you are asked to enter personal data (Here, the »l » of Lufthansa is not a « l »). Is it really the website where you intended to enter your credit card number, or is it a phishing site? To learn more about how to recognize phishing and protect yourself against it :

Check out SonicWALL’s Phishing and Spam IQ Quiz. It is an online test where you can check your ability of recognizing phishing emails and at the same time learn how to identify them :

The quiz will present you with 10 questions containing email screenshots. You would need to decide if the email is legit or phishing. When the quiz is complete, you get to see your score and also check the reason why is your answer correct or wrong.


Don’t forget also to install reliable security solutions on all your devices. Good protection will prevent the installation of malicious browser extensions on your computer and will warn you when you are going to navigate to a phishing Web page.