1. Steal your contact information

What they do

• Create fake Facebook pages that run fake Jetstar competitions.
• Send thousands of fake Jetstar emails containing fake receipts, boarding passes, surveys, contests, etc.
• Make thousands of scam telephone calls claiming you’ve won free flights.

You don’t even have to be a Jetstar customer to see these fake Facebook pages or get those fake emails and phone calls.

Why they do this

If you ‘like’ the fake Facebook page or click on an attachment in the fake email the scammers learn that:

• your contact information is accurate and
• you’re probably interested in air travel.

This makes you a higher quality scam target, both now and in the future.

Also you’ll notice that almost all of these fake Facebook pages and scam emails are just slightly wrong. They may have spelling errors or they may claim to fly to places that Jetstar doesn’t fly to. This is deliberate. The scammers are trying to find people who might be careless or in a hurry when they’re browsing Facebook or reading their email. If you are careless you become easier to scam and steal from.

What you can do to protect yourself

• Be careful when browsing the internet or reading your email. Be particularly wary of links and attachments in emails and the URLs of Facebook pages.
• If you see a Facebook contest that claims to be from Jetstar check to make sure that the page running this contest is real. All our Facebook pages have either a grey or a blue verified tick on them.
• If you get an unexpected email from us don’t click on any of the links or open the attachment. If that email looks and sounds too good to be true then it probably is.
• Finally if you’re not 100% sure about a Facebook contest you’ve seen or an email you’ve received send us a screenshot on Facebook or Twitter and we’ll tell you if it is genuine or not.

2. Get your credit card number

What they do

If you were distracted or in a hurry you may have ‘liked’ a fake Jetstar contest, clicked on a fake Jetstar email, or stayed on the phone when a scammer was calling you.

The scammers will now try to steal your credit card number directly from you:

• The fake contest link you click may say you have to submit your personal information in order to enter.
• The scammer on the phone may tell you you’ve won free flights but you need to pay a $50 ‘processing fee’ to claim the prize.

Why they do this

Once the scammers have you credit card and contact information they do one of two things:

• use your card to steal money directly from you or
• compile a big list of credit card data and auction it off to the highest bidder.

When scammers steal directly from your credit card they might start by making small purchases (eg $3.50) to see if you notice. If you don’t notice they’ll keep on making larger and larger purchases until you do. Or sometimes they just keep stealing small amounts so you almost never catch on.

What you can do to protect yourself

• If you did mistakenly ‘like’ a Facebook page, click on an email, or share your personal information with a scammer check your credit card statement to see if there’s been a purchase that you don’t remember making.
• It’s a good idea to regularly go through your credit card statement anyway. Sometimes the scammers wait months before stealing from you. And sometimes they’ve stolen your credit card information from somewhere else entirely (eg by breaking into the website of an online store).
• If your credit card statement does show a purchase you didn’t make get in touch with your bank’s fraud protection team as quickly as possible to let them know.

3. Hijack your computer

What they do

Sometimes, when you click on a link or an attachment in a fake email, the scammer isn’t trying to steal money from you. Instead they’re trying to gain control of your computer by installing malicious software, or ‘malware’, on it.

Why they do this

There are different types of malware used for different types of criminal activity.

• Some malware will collect the email addresses and phone numbers of all your contacts. They will then email your friends from your email account to try and scam them as well.
• Other types will log all your keyboard keystrokes. So, if you use your computer to access your bank account, they’ll know your login and password.
• Then there’s malware that installs a ‘plug-in’ in your internet browser. This plug-in will now show you fake pop-up ads or surveys from various companies as you browse the internet.
• The more advanced kinds of malware will make your computer a part of a ‘botnet’. A botnet (ie ‘robot network’) can be used to launch major, coordinated online attacks on other computers or networks across the world.

What you can do to protect yourself

• The most important thing you can do is keep your computer or smartphone’s operating system up-to-date. So when you see a notification telling you to update Windows, macOS, Android, or iOS please run that updater as soon as you possibly can.
• The second most important thing you can do is to use a different password for each website you have an account on. This way, even if one of your online accounts is compromised, the rest remain safe. Juggling this many passwords may sound daunting but password managers make this easy to do. You can learn more about password managers here: ‘Password Managers Are for Everyone—Including You’ and here: ‘The Best Password Managers’.
• Wherever possible use two-factor (or multi-factor) authentication on your online accounts. This way, even if your password does get stolen, scammers won’t be able to log in to your accounts. You can learn more about two-factor authentication here: ‘Two-Factor Authentication: Who Has It and How to Set It Up’.
• Finally, regularly run malware detection software on your computer to detect and remove any malicious software that may inadvertently have been installed. You can learn more about anti-malware tools here: ‘The five best free malware removal tools’.

4. Collect a ransom from you

What they do

Possibly the worst kind of malware that may get installed on your computer is called ransomware (‘ransom software’).

• Ransomware silently encrypts all your documents and photos in the background. Once all your important files are encrypted you won’t be able to open them without an encryption ‘key’.
• The ransomware will then pop-up a message on your computer saying if you want to get all your files back you have pay an anonymous online ransom to get that decryption key.

Why they do this

Over the last two years this type of attack has become more and more frequent. With very little effort scammers are able to encrypt thousands of computers and then get hundreds of victims to pay them money in an anonymous, untraceable way.

You can learn more about ransomware here: ‘Malware & ransomware’.

What you can do to protect yourself

• Aside from doing your best to not let ransomware get installed on your computer you have only two options: pay the ransom or don’t pay the ransom.
• If you don’t have a recent backup of your files then you may have to pay the ransom to recover all of them. Obviously we don’t recommend you do this.
• The better option is to take regular backups of your files so that, if you need to, you can just restore them from your latest backup. Basically what you might have done if your hard drive had crashed. Organising this is easier than you think because there are lots of tools that automatically, continuously back up all your files for you. You can find out more about them here: ‘How to Back Up Your Computer’.

Final thoughts

It takes a bit of extra effort to protect yourself from various types of online scams. But, compared to the potential loss of money and all your files, that extra effort is totally worth it. Eventually, keeping yourself safe online will be as quick and automatic for you as locking your front door when you leave your house.

A huge thank-you to all our customers who are quick to let us know whenever they spot a new online (or even offline) scam that is related to Jetstar. Please keep telling us when you see something so, together, we can make the internet a safer place for everyone.

Further reading and resources

• ‘Two Factor Auth (2FA)’ – list of websites that support two-factor authentication
• ‘What is Ransomware and 15 Easy Steps To Keep Your System Protected [Updated]’ – comprehensive introduction to ransomware and a list of steps you can take to protect yourself
• ‘A beginner’s guide to beefing up your privacy and security online’ – various steps you can take to keep yourself safe online

Photo credits: (1) ‘09-oct-16’ by Paul Joseph under CC 2.0; (2) ‘Holding credit card’ by CafeCredit.com under CC 2.0; (3) ‘Keys on Keyboard’ by Intel Free Press under CC 2.0; (4) ‘Hacking’ by Johan Viirok under CC 2.0)