WhatsApp and Facebook ticket giveaways: viral fraud

January 21, 2019

If you got a message from a friend in WhatsApp saying that Disneyland is giving away tickets, just politely ignore it: It’s a hoax. In this post, we explain how it works.

Here’s what happens. You get a message from someone in your friend list about a ticket giveaway. If you head to the site, you might read about, say, 500 free tickets to mark Disneyland’s 110th anniversary. Nearly 300 have supposedly been snapped up already, but about 200 are still temptingly available.

What’s more, the page is brimming with comments, seemingly from other users falling over themselves to praise Disneyland and post pictures of the tickets they won.

The procedure for getting a free ticket is very simple. Complete a short survey (usually about 5 simple questions, such as: Have you been to Disneyland before? Are you 18 or over? Do you like Disneyland?), and then share the message with your WhatsApp friends, for which a special button is handily provided on the site.

After that, you’re prompted to boldly click or tap the “Get Tickets” button. But, for some strange reason, the tickets are not forthcoming. Instead, you are likely to be redirected to another site, which sends you to a third, and from there to a fourth, and so on.

In the end, you might end up on a site offering some shady goods or services. In general, you will be redirected to a partner site, so that the owners of the fake Disneyland landing page can be paid for the traffic.

This scheme is now very common, and new fake pages pop up almost daily. WhatsApp or Facebook are used for sending messages, and users are complicit in distributing them when they click “Share” in the hope of getting free tickets.

We have observed the spread of such messages supposedly from Disneyland, Legoland, Europa-Park, Air France, Singapore Airlines, and many others. The companies themselves, of course, have absolutely nothing to do with such pages — the fraudsters simply use famous brands to lure people onto their sites. However, regardless of which companies are exploited, the imitation websites all look similar, and even the comment topics and faces of the commenters are usually the same. Only the logos at the top of the page and certain minor details are different.

Redirecting traffic to partner sites is not the only monetization scheme. You might instead be sent to a page where you can subscribe to a dubious mailing list, or end up on a malicious website (see our post here), or you might be signed up for a mobile operator’s paid services, for which the malefactors earn a percentage. Some media reports state that when a user presses the “Get Tickets” button, an attempt is made to steal their personal data, but we were unable to reproduce this scenario.

In any case, even if you’re not threatened with losing money, personal data, or something else, never follow links in such messages.

You should also definitely not share them with friends or post them on Facebook — you’ll only be helping the scammers to profit. If you receive such a message from a friend on WhatsApp, or spot a link to a nonexistent ticket giveaway on Facebook, kindly inform the sender or poster that they are facilitating a scam.