Who wants fake tickets? Santa Claus vs Typosquatting

Disneyland Paris freely offers 4 tickets on Facebook! You just have to go here:

Then we arrive here:

A fine website stamped Disneyland Paris that asks us if we have already visited the park. Then in step 2, if we have liked it.

In step 3, you have to share and like the publication in order to open the door of our precious Facebook data to this website:

Myriad of fake comments below this screen are making us dream of these famous 4 free tickets instead of the 56€ for each tickets.

Once the step 3 is done, we fall back to earth, there is a random draw. And these tickets, we will probably never have them.

Actually, we will never have them.

But why? Explication:

The website in question:

So we have every reason to believe that we are on a Disney’s website.

Except that we will see how to read and understand a FQDN Internet address (Fully qualified domain name).

This figure of a Wikipedia article on the FQDN allows us to begin to understand:

If we want to read the address in the right order (from top to bottom on the figure), we have to read it from right to left by taking into account that each part of the domain name is separated by a dot and only a dot. In Wikipedia’s case:

Extension: org -> this is an organization

Root website: Wikipedia -> this organization is called Wikipedia.

Subdomain: ru -> we are in the Russian part of the Wikipedia’s website.

Thus, in this case, we should read the address that way:

Extension:

So we are on a website dedicated to game.

Root website:

We are on Com-Tombola’s website.

Subdomain:

We are in the part of the Com-Tombola’s website, dedicated to Disneylandparis.

A well-informed eye will easily detect that com-tombola, if this company really exists under this name, will probably not distribute free tickets for Disneyland Paris. This is a study case of Typosquatting, relayed by social networks. Everyone can easily fall into the trap, so be more vigilant!

Another interesting indicator to detect this kind of scam: The absence of SSL certificate which encrypts your data. Easily identifiable, SSL certificate displays a green lock on the browsers, and also the https:// protocol instead of the simple http://.

Here the examples:

Pirate website: