By creating fake websites for free generation of gift cards, many cybercriminals are tricking users into parting with their time and data, for no return, researchers at cybersecurity firm Kaspersky Lab have warned.
While legitimate apps like Tokenfire and Swagbucks buy card codes from vendors, to then give them to clients as a reward for certain activities, criminals have apparently recognised the popularity of such websites and have decided to deceive users using a simple algorithm.
“The success of these new fraud schemes is based on criminals exploiting the drive of users to get something for free,” Lyubov Nikolenko of Kaspersky Lab said in a statement this week. “However, at best they will spend hours of personal time doing worthless tasks, and at worst lose money without receiving anything in return. So, if you want to get your hands on a free gift card, try to earn it on legal and trustworthy sites,” Nikolenko added.
For example, they may be asked to fill in a form, leave a phone number or email address, subscribe to a paid SMS message, install adware, and so on. The result is predictable – either victims get tired of doing endless tasks, or they finally get the useless code, Kaspersky Lab said. The earnings for criminals range from a few cents per every click on a desired link, to several dozen dollars for filling in a form or subscribing to paid services.
Using a reliable security solution with behaviour-based anti-phishing technologies to detect and block spam and phishing attacks is also one of the important preventive measures that users can take, according to the researchers.