Phishing Attack – Free Travel tickets with Emirates Airline

Estimated read time 3 min read

Today itself, a friend sent me a message about free travel ticket with Emirates airline through WhatsApp. On seeing the URL, I immediately doubt about the authenticity of such kind of strategy spammers are using to make money as well as to harvest data about you. Once you fill in the form, it will prompt you to share the information to 30 people on WhatsApp to get your ticket. Common, this does not make sense at all and I believe that the website should be reported and Emirates Airline to make an official announcement on its website about these scammers.


Photo Credits: Emirates.com

The message sent to me was in French. Since I’m well conversant in French, I could easily read and interpreted it. The message received is as follows:


“Pour le 33° Anniversaire, la compagnie aérienne *Emirates Airline* donne à tout le monde *2 billets d´avion gratuits*. Récupérez votre billets d´avion immédiatement. http://bit.ly/Emirates-airline”

The translation looks like this in English:

“For the 33rd Birthday, the aviation airline “Emirates Airline” is giving a free *2 air travel tickets. Get your airline tickets immediately. http://bit.ly/Emirates-airline”

If you observed carefully the real URL has been shortened on bit.ly. There is nothing wrong when using bit.ly which is a great tool for URL shortener. However, if you try to access the URL, you will be redirected on http://5ack.com/Emirate/ which is well known for attacks.

Let’s see what does the whois tool said about 5ack.com:

1.According to domaintools.com, the IP Address behind is 107.180.59.131 

2. The IP Address 107.180.59.131 is well known for attacks and there is no real information as to who is behind this domain name.

3. Worst, the domain 5ack.com has a history of 55 counts of changed IP addresses.

Extract from domaintools.com

4. On the following link https://chat.stackexchange.com/transcript/65945/2018/11/14/2 we can see someone has blacklisted the IP 107.180.59.131 who at that time was selling health supplement. Of course, it’s fake again.

Please don’t click on the link otherwise you might eat those baits and be a victim of Phishing attacks. I wonder how come those links ended in Mauritius which is probably due to French-speaking people here in Mauritius. Otherwise, several French-speaking countries in Africa is at risk. I wish someone from the security team of Emirates Airline read that blog and made an official announcement soon about those spammers hovering everywhere on the Internet. Let’s work together for a safe and secure Internet and keep on passing the message.

Nitin J Mutkawoa https://tunnelix.com

Blogger at tunnelix.com | Founding member of cyberstorm.mu | An Aficionado Journey in Opensource & Linux – And now It's a NASDAQ touch!

You May Also Like

More From Author