When on the fake site, the user is asked to select the gift card he/she wants in order to receive the code.
After that, the fraudulent mechanism is set in motion. To get the generated code, however, the user needs to prove that he/she is not a robot.
To do this, the user has to follow the suggested link and complete various tasks, the number and type of which are determined by the partner network to which the user is redirected.
For example, he/she may be asked to fill in a form, leave a phone number or email address, subscribe to a paid SMS message, install adware, and so on.
The result is predictable - either victims get tired of doing endless tasks, or they finally get the useless code, Kaspersky Lab said.
The earnings for criminals range from a few cents per every click on a desired link, to several dozen dollars for filling in a form or subscribing to paid services.
Thus, the criminals make a profit virtually for nothing, getting paid from the user's actions on the websites of third-party partners, who, for their part, also benefit by getting access to personal data which can be used for private purposes.
To avoid falling for cybercriminals' fraudulent schemes and losing personal data, Kaspersky Lab researchers suggest that users should not spread questionable links among their friends.
Using a reliable security solution with behaviour-based anti-phishing technologies to detect and block spam and phishing attacks is also one of the important preventive measures that users can take, according to the researchers.