If you were among those who clicked on the “free” Alaska Airlines tickets coupon on Facebook or Twitter or that a friend forwarded on email, congratulations, you got scammed.
Did you really think that Alaska Airlines was giving away two airlines tickets “to anywhere we fly!”
Did you really feel compelled to prove there was one born every minute?
Just take a look at your Facebook page or Twitter feed for the bogus coupon that has been making its way around the Web.
Friends you thought were, well, you know, not that stupid fell for it. Maybe you did, too.
Most Read Stories
- Seattle-area rents drop significantly for first time this decade as new apartments sit empty
- Seahawks bringing back Ken Norton Jr. as defensive coordinator
- Washington state will require court order to release driver’s license info to immigration authorities
- Seahawks hire veteran Mike Solari as offensive-line coach to replace Tom Cable
- Overbilled and overstressed: 3 Seattle City Light customers vent
This was a well-executed swindle the airline says made its appearance Saturday.
Alaska spokeswoman Bobbie Egan says the airline continually monitors the various social channels. By Saturday evening, she says, Alaska knew it had a phishing eruption.
By early Sunday afternoon, Alaska’s Facebook page had passed 3,000 shares of this warning it posted:
“Please be aware there is a fake promotion making the rounds offering free airline tickets. Alaska Airlines is not affiliated with this in any way.”
The link to the scam went dead Sunday, but it’s likely still out there, somewhere.
Which, of course, leads to that Internet ritual for those who clicked too quick.
Time to run that anti-virus software, time to start changing passwords, time to make sure the debit or credit cards you use for online purchases don’t have too much money.
The fake coupon certainly looked realistic.
It used the Alaska Airlines logo. It has a photo of an Alaska jet flying over snowy peaks. It had a couple of passports pasted above the plane.
Then, below the coupon was this tie-in to recent news: “Alaska Airlines is giving away ticket to celebrate their merger with Virgin Airlines.”
If you did click on the coupon, a counter appeared. 259 tickets left, 258 tickets left. Better hurry!
You were told that if you shared this great coupon with three friends, you would qualify for tickets. All you had to do was forward a link via email or click on a Facebook, Twitter or a few other logos.
On Alaska’s Facebook page, a guy named Richard, of Anchorage, posted, “This damn thing is spreading like wildfire on my newsfeed.”
A woman said it was the reference to the Virgin America merger that added a touch of realism.
“Anyone with Photoshop anywhere can put one together,” says computer-security expert Bryan Seely, commenting on the professional look of the coupon.
Seely is a Seattle-based “white hat” hacker who runs SeelySecurity.com and in 2014 made news by showing how he could hack into calls to the Secret Service and the FBI.
“No one is going to waste their time by sending out bogus coupons for no reason,” says Seely. “It doesn’t add up. There has to be a malware virus component as a means of getting your money without permission or tricking you into something.”
He says that email systems such as Outlook or Gmail can detect unknown PDF links and so such emails don’t even go into your inbox.
But a PDF or link from someone you’ve previously corresponded with does get through.
By forwarding the coupon, “You’re defeating the mechanism of spam protection,” says Seely. “You’ve become part of the replication of the virus.”
And maybe you don’t notice anything has changed after clicking on the link.
“There’s no explosion, your computer doesn’t shut down, and you think everything is fine. But that malware is installed in the background,” says Seely.
It’s accessing something, he says. Maybe the credit-card information that’s saved on your browser, or it could be installing a “root kit” that makes your computer part of a zombie “botnet” that sends out spam or conducts denial-service attacks to attack websites.
There are things you can do.
On Facebook, click on the “Help center.” Go through the steps on what to do when your account is hacked, or phished, or has had malware installed.
Seely recommends changing your Facebook password every month or two, and he recommends that from a computer Facebook doesn’t recognize that there is a “two factor authentication,” meaning a password and a texted pin code.
And the free version of Malwarebytes Anti-Malware.
And, Seely recommends, don’t keep a lot of money in the debit or credit cards you use for online purchases.
“When you’re ready to buy that TV on Amazon, then transfer the money to that card,” he says.
Yes, a lot of effort just for clicking on that coupon.
As a guy named Chris posted on the Alaska Facebook page, “Damn. Knew it was too good to be true.”