Sham Giveaways: The Duck Test

Successful cybercrime is rarely inventive or revolutionary and the security sector is well aware that although new threats arise on a daily basis, the majority of breaches and...

Successful cybercrime is rarely inventive or revolutionary and the security sector is well aware that although new threats arise on a daily basis, the majority of breaches and infiltrations use the same method; scams that offer free giveaways.

These scams offer hugely generous products, services, discounts and cash for very little in return and this is where the ‘Duck Test’ is crucial. Apply a healthy amount of scepticism, and remember that, if it looks like a duck, swims like a duck and quacks like a duck….then it’s probably a duck.

In the modern landscape where cases of cyber fraud and confidence tricksters are well documented in the mass media, it seems unthinkable that individuals will still fall for online scams. However, they are still a common means for criminals to dupe unsuspecting internet users into hitting their partner sites.

Every month brings a flurry of new scam bait that is repackaged to drive users to malicious sites that can infect devices or capture shared personal information and log-in credentials. As we approach the summer, a seasonal (and obvious) target are the airline operators.

Flights in the summer holidays can be extremely expensive and the idea of getting two for the price of one seems like an opportunity too good to miss. Delivered over social media platforms including WhatsApp, these advertisements offer a whole host of prizes including gift cards, clothes, electricals and even cash. The cyber criminals can offer pretty much whatever they like, after all they won’t be actually be parting with any of it.

Links in these advertisements redirect users to a short survey, often designed as though they have been produced by the marketing board of a popular airline. The lengths that the designers of these surveys have gone to in order to gain trust include fraudulent use of brand names like British Airways and the Russian airline, Aeroflot.

Once the survey has been completed, the user is asked to share the link with friends in order to ‘register’ the entry. Once the link has been sent, the user is then redirected to a site where more polls, surveys and competitions are offered, each offering something valuable.

The inevitable end to this story is not a happy one and instead of receiving a free gift, users will more likely fall victim to a phishing attempt or even have malware installed on the device they are using to access the site.

So prevalent is this kind of tactic that both British Airways and Aeroflot have issued statements on their website to warm customers.

It’s not hard to see why these scams are so successful. Not only do they gather pace by users knowingly sharing them but the giveaways they are offering are hard to refuse.

So, what can you do to ensure that you don’t fall for these kind of sham giveaways?

  • If you are unsure about any offers made online, particularly where you suspect a third-party to be involved, then check directly with the company itself. Call their help line and ask if they are aware of the promotion.
  • Never share unsolicited links with your contacts.
  • Use a robust security solution that has anti-phishing protection. This will prevent any attempts made by an app to redirect you to a fake site.

Cyber criminals are all too aware of how effective the simplest methods are to undermine security and though the packaging of these scams can change, the old ‘Duck Test’ should help.

In this article

Join the Conversation