Scam of the Week – Singapore Airlines Phishing Scam Targets Users on WhatsApp

January 17, 2019 2:38 pm Geraldine Strawbridge

Singapore Airlines has urged customers to be vigilant after a phishing scam has circulated on WhatsApp claiming to give away free airline tickets.

WhatsApp users have received a message saying: “Singapore Airlines is giving away two free tickets to celebrate its 70th Anniversary.”

The scam then directs users to click on a link to receive their free airline tickets as can be seen from the image below.

Image: WhatsApp Phishing message (Source: The Straits Times)

As soon as the user clicks on the link, they are directed through to what appears to be an official looking Singapore Airlines website. They are then asked to complete an online survey in order to be in with a chance to win the free airline tickets.

The fake website is only accessible via mobile device browsers, and the fraudulent survey is nothing more than a ruse designed to trick customers into disclosing their personal and credit card information.

Image: Fake Web Page (Source: Singapore Airlines)

As soon as the survey is complete, users are asked to share the link with 20 WhatsApp contacts before they are allowed to claim their free airline tickets. This is just another way to spread the scam to ensure it reaches as wide an audience as possible.

Image: Error message to share with friends (Source: Singapore Airlines)

The airline is not running a promotion like the one used in the scam and the company released a statement after the message began to circulate widely on WhatsApp.

Singapore Airlines commented: “It has come to our attention that there is a website that claims to be from Singapore Airlines, offering free air tickets as prizes, before proceeding to request personal data.

“We have reported the site to be taken down and would like to advise customers to exercise discretion when revealing personal data to unverified sources. Customers should be cautious of social media posts and phishing websites that appear similar to our official website. When you receive the fraudulent messages, notify us immediately and delete the message.”

In recent years there has been a significant increase in the number of phishing scams being circulated on WhatsApp. Cybercriminals are exploiting weak points within the mobile platform to trick users into clicking on dodgy links.

Unlike in email, where a message can be flagged as suspicious, on WhatsApp, it’s not filtered at all. When a link is shared on WhatsApp, it can sometimes be expanded to display the snippet of the website, page title and company logo – all of which can be used to trick the user into thinking it’s a legitimate domain.

To protect yourself from falling victim to a phishing scam on WhatsApp, you should:

  • Never click on suspicious links within a message.
  • Look closely at the spelling of the web address and check for any minor inconsistencies that may indicate a phishing website.
  • Be wary of offers that seem too good to be true. Criminals will use these offers as bait to get you to click on a malicious link.
  • Only download apps from recognised and trusted app stores.
  • Only use safe browsers with security features installed, (ex: chrome mobile). This will offer added protection by eliminating malware and phishing sites.
  • Consider using anti-virus software on your mobile to reduce the chance of malicious activity.
  • Only book travel arrangements through reputable companies.
  • Make sure your travel company is a member of a recognised trade association like ABTA or has an ATOL logo and number.

Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch for further information on how we can help your business.