Sophos Cloud Optix
Facebook users should beware the latest scam doing the rounds on the social network. A so-called opportunity to win free tickets with Southwest Airlines may look like a dream come true, but in fact is an opportunity for scammers to harvest your information.
Naked Security reader Wayne told us that he’d seen the messages being spread from the Facebook account of his daughter and her work colleagues, and further investigation found others users’ accounts being used to spread the scam links.
What’s interesting, as our friends at Facecrooks point out, is that the messages are being spread via comments on other users’ walls rather than as status updates.
Messages include:
sweet! i just got 2 free flight vouchers from Southwest Air to fly to any destination i can think of lmao! i didnt believe it would work but it was, got it here..[LINK] try for yourself i just figured i would share with everyone
hey, i got my free Southwest airfare from [LINK] u should submit for a your own pair while they are still offering them!
hi, i just got my free Southwest airfare from [LINK] you should claim your own pair while its still available!
Southwest is offering complementary flights..but for a short time only: [LINK]
wassup, i just picked up my free Southwest tickets from [LINK] you should request yours while its available!
If you do click on the links you’re taken to a webpage which looks like the genuine Southwest Airlines website, but instead urges you to connect with it via Facebook.
The offer of free tickets may have proven too attractive a lure, of course, and so you might agree to proceed – whereupon you are greeted with the all-too-familiar sight of a Facebook dialog asking for your permission to install a third-party application.
This rogue application can access your profile, and post messages from your account – allowing the scam to spread widely.
You’ll then be presented with a series of questions and offers, which scoop up your personal information. Would you be prepared to give this level of information about yourself to a complete stranger in the street? (Well, perhaps you would as the video we made on the roads of Bristol proved..)
But you shouldn’t be so keen to share your personally identifiable information, especially when you cannot be sure what is going to be done with it.
Will we see more of these air ticket-related scams in the future on Facebook? I would bet money on it. After all, everyone dreams of the idea of flying off somewhere without having to pay for the privilege. In the past, we’ve seen Facebook scams regarding free tickets with JetBlue and Delta Air Lines, so it’s not really a surprise to see the latest scam use a similar ploy.
If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here’s a YouTube video I made which describes what steps you need to take:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 100,000 people regularly share information on threats and discuss the latest security news.
You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.
I posted about this a few hours ago for my readers on http://www.facebookvirusalerts.com but yours includes more detail. Thanks!
Just a note for all you readers. I saw a note being passed though facebook saying that if you see the free airline ticket message and click it your computer is doomed. If you follow all the steps in the Sophos guide I highly doubt your computer will be doomed.
hi, I do not see it listed in my applications. and i can only remove the post. there is no option to remove publishing rights.
Hi Tina,
same problem here. I only had tripadvisor as an app. I removed that.
Not sure how they did it….
Thx
Mathi
Thank You for this
Is anyone getting these free flights sent to them in their regular email box ? Are they the same as the facebook scams ?
I received this offer via email and they asked me to confirm my email address. I assume if I were to do so that they would spam my contacts and have access to my personal information. The email they attempted to access is the one linked to my facebook account. however, thanks to this article, I just proceeded to delete it after reading this article.
i can't remove the post from the main newsfeed.
How do I unsubscribe from the emails and texts I'm receiving as a result of registering for tickets?
Another BOGUS AD: Free Tickets for 2 on Southwest Airlines
The answer is simple — DO NOT USE third-party FB apps.
Again is happening 🙁
yea i am recieving them in my email box and have been recieving them for a few months. They will say anything to get ur info. so watch out. They are also doing a lot of free gift cards. The last one i saw was a $100.00 for Walmart. I did receive the 2 free southwest tickets too. I checked out SW site and it didn't say anything about giving away free tickets. So this is definitely a scam!
I did the survey for the 2 free tickets on Southwest Airlines. What a mistake that was, but you live & learn. When I tried to unsubscribe it wouldn't let me. The only way I could handle this was to report spam abuse in my E-mail, which I stated my situation about not being able to stop all the junk/spam I was getting. All of sudden the original message for the survey came up & said to select the unsubscribe button, which I did and a message came back saying they would remove me from the global list of marketers & would take 2 to 7 days….hopefully this will work.
Well…it's either back or still hanging out there in the ethers. Someone on my list showed up with it today. Sent out a warning and linked to your article here. Thanks for informing about this.
@docmurdock,
I saw the same thing just now. Not only did I post this link on her Facebook wall, I posted this link for everyone to see. What amazes me is how extremely intelligent people like her, who are not normally naive, will fall for this kind of thing. Thank you Sophos. Keep up the good work.
Just watched the video and got all cleaned up. Thanks so much for the great info and for the clean-up instructions. I'm so glad I got it all taken care of easily. Sophos Naked Securtity is GREAT!!!
thanks… we were looking for tickets and found the scam/offer. I figured I go to google and do a search and found your site. Thanks for to look out!
I did not receive my letter of a free SW ticket through Facebook, but directly to my email account. The letter knew that I had recently made two reservations on Southwest. This is disturbing. The scammers somehow have access to Southwest's reservation service.
I got this one through email and Walmart, Target etc etc
And I reported them to Spamcop and Yahoo.
But it is good Yahoo is interested in The Spam, by doing NOTHING!!!!!
Ironically when I just tried to add the link to this article under a Southwest ticket scam link I got the following message from facebook
"The content you're trying to share includes a link that's been blocked for being spammy or unsafe:"
I got that too. What are Facebook doing about it. Blocking a legitimate warning is only helping the spammers !
@Dan Russel I had the same issue. I emailed the author about it but I just realized the article is over a year old!
The attack has evolved though as the one I found doesn't require you to authenticate with a fake app. It steals your facebook iPhone access token instead.
That token is a lot stronger than the average. It includes hidden information like your birth year, phone number, emails etc.
Not just about yourself, but for all your friends that have their real email/phone number in facebook (public or not).
https://s3-us-west-1.amazonaws.com/swatickets1349…
It also seems impossible to remove it because you can’t de-authenticate the iPhone fb app.
I can't share this on Facebook. The link won't show and it gives a message I can't post this on my timeline.
I reported it to FB. You should too. No doubt the scammers have had it blocked.
Oh for crying out loud. Yes this is back, and facebook has this page blocked.
Tried to post link to this page as a comment to a scam post and facebook won’t allow it — this site has been marked as “spammy”. Right.
I fell for this and am now locked out of my Facebook page. The "security photo tag" is the southwestern airline scam and it wants me to identify people I have tagged in that "photo." It will not let me past that security question even when I hit "skip." What can I do to regain control of my Facebook account?
Me too! Please help me get my FB account unlocked. I have followed all the steps they provide, and have changed all my passwords, but when I get to FB's last step:
"Scan and uninstall
Click on the button below to download and install the Facebook malicious extension remover for your browser."
And I click on that button, NOTHING happens. I am stuck. The rest of my computer seems fine. I ran a scan, it showed nothing. I have tried all the steps 20 times….it just seems to go in a circle until I get to that last step, and then it won't do anything when I click on it. So I can't get back into Facebook at all! It does say that is is temporarily locked, so it is just a matter of waiting it out? Or is there anything else I can do?
Same exact thing here Bonnie!!
Anybody have any answers?
I tried to post this link on FB, FB denied the URL link. Weird!! It will allow spammers, but not articles about those spammers.
I get the message Validation is not available please try later. Also get the Southwest picture asking who I tagged. When I click skip I get nothing. Have changed my password 5 times in the last few days and still nothing. Please HELP.
Interestingly I tried to post this page to my facebook page as a warning to others and to provide them with information and the link was blocked. I got the massage that "The content you're trying to share includes a link that's been blocked for being spammy or unsafe."
Weird.
That’s Facebook being a little ..err.. over-enthusiastic in its (somewhat rudimentary) attempts to stop the scam spreading.
Unfortunately they’re preventing the *warning* about the scam from spreading too.
D’oh!
Me, too. It looks like the scammers are fighting back.