People can’t resist the lure of free stuff. Cyber criminals know this and are always looking for ways to make a quick effortless buck. Put these two together and you have the perfect scenario for a free-stuff scam. The only problem is, the victim comes up empty.
Cyber criminals set up a phony website where victims can select the gift cards of their choice—absolutely free—just for providing some seemingly benign information. That information is often collected when the victim visits a third-party site.
Once on the site, the victim answers questions and is put through various plausible actions to prove they're not robots. Each step of the way, the victim clicks through and provides information to eventually collect a code they can enter for their worthless gift card. Or they simply give up along the way, after, of course, they've answered a few questions.
For very little effort, the scammers get paid. They sell their victims' information to third parties, and are paid for each click the victim makes chasing the free gift card. Here are rules any organization might share with their employees:
- Remember there is no such thing as a free lunch. If the product is free, YOU are the product.
- Always check the HTTPS connection and domain name when visiting a webpage, especially if you are entering sensitive personal information.
- Never share your sensitive data.
- Do your friends a favor and do not share questionable links.
- Check if the offer for free stuff is legit by contacting the company making the offer.
In the end, the scammer has made a few bucks and the victim wasted a few hours they'll never get back. And, sorry, there is no gift card.
This sort of scam is fodder for the sort of interactive, realistic training an organization with a culture of security can use to raise its employees' awareness of the social engineering threat.
Vanguard has the story: https://www.vanguardngr.com/2018/07/beware-of-freebies-on-internet-kaspersky-lab-warns/