Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Disney World Phishing Scam targets users on Facebook

Fraudsters are ramping up for the summer season by launching a new wave of phishing scams targeting holiday makers.

Facebook users are the latest to be targeted with a scam that claims to come from Walt Disney World offering 5 free tickets per family to celebrate its 50th anniversary.

The post includes an image that appears to be one of the free tickets but as we’ve seen in similar scams, it’s nothing but a ruse to trick the user into believing it’s a legitimate giveaway.

Scam of the Week – Disney World Phishing Scam targets users on Facebook

Image: Fake Disney World Facebook Post

If users click on the post, they are redirected through to a website where they are asked to complete a short survey on Disney World before applying for their free tickets.

The website then appears to verify the survey before notifying the user that they’ve been selected as the winner of the free tickets. Of course, there are no free tickets and the scam is just a cunning way to harvest personal details, fill pages with spam or deliver malware.

In order for their scam to reach as wide an audience as possible, the user is then asked to like and share the page before they can receive their free tickets.

An increasing number of fake pages on Facebook are specifically designed to increase their popularity by tricking users into liking them. This is commonly known as ‘Like-Farming’.

The goal of the fraudsters is to increase the value of the Facebook page so it can be sold on the black market or used to distribute further scams. The more likes a page has, the more profitable it becomes.

But the scam doesn’t end there. Even after the user has completed the survey and liked and shared the page, they are instructed to verify their entry by clicking on a link. This opens a third-party website that promises more prizes if the user enters detailed personal information.

Users should be extra vigilant on social media and do their research before entering any competitions or giveaways for free tickets. It’s worthwhile going directly to a company’s website to check if they are running the same promotion. If there’s no mention if it on their site, chances are it’s a fake.

To avoid be duped by one of the many scams on social media, there are a number of precautionary measures you should take:

  • Never click on links or download attachments from unknown sources
  • Look for the blue tick – If you’re on the Facebook page of a legitimate company, it should have a blue tick which means it’s a verified account.
  • Find out when the page was created – Check to see when the page was created, what information’s on it and how far back the posts go. If it’s only recently been created, it’s more than likely fraudulent.
  • Check for terms and conditions – All competitions in the UK must have terms & conditions and these must be easily accessible to all entrants. If there are no T&C’s, suspicions should be raised.
  • Install Anti-Virus Software – The installation of anti-virus software will help detect threats on your device and block unauthorised users from gaining access. A good software programme will also prevent you from accessing sites that Facebook is trying to redirect you to.
  • Register for phishing updates from Facebook’s security page – The Facebook security page will keep you up to date with any news or updates regarding recent phishing attacks.

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, get in touch to find out how we can help.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations