Buying Ray-Bans? Don’t fall for this Facebook scam, says ESET
|Example of scam ads spread via hacked accounts|
ESET, a global pioneer in proactive cybersecurity solutions, today warned of an ongoing Facebook scam targeting Chinese language users of the popular social networking website. Crooks are luring social network users to visit bogus Ray-Ban e-shops to purchase heavily discounted sunglasses, putting victims’ personal and payment information at risk.
Spam ads, promoting fake Ray-Ban sunglasses with discounts as high as 90 percent, are spread via hacked Facebook accounts that attackers have taken control of using malware and social engineering tactics. Subsequently, attackers post pictures and ads via individual Facebook accounts without the owner’s consent. Victims that fall for the scam and click on these ads are taken to fraudulent websites where they can make a purchase.
On top of the possibility of losing money on counterfeit goods, victims’ payment card details may also be at risk as the transactions run via bogus sites rather than secure payment portals. This allows victims’ credit card details to travel unencrypted across the Internet before being sent to the attacker’s server in plain text, making it easy for attackers to use these details in the future.
These fraudulent websites are available in different language mutations notably Chinese and English. However, attackers are also targeting users in different countries such as the Slovak Republic, the Czech Republic, Chile, France, Spain, and the United Kingdom.
|Example of a bogus e-shop targeting Facebook users in China|
Most of these fraudulent websites are also situated in China and use a similar design. Many of them are newly created domains registered only this year, showing that this popular scam is still very prevalent, despite being around for a number of years.
|Checking with Ray-Ban prevents Facebook users from falling victim|
Commenting, Nick FitzGerald, Senior Research Fellow of ESET Asia Pacific, said: “This kind of scam remains prevalent in Asia and across the world, so it’s fair to assume that the attackers are seeing value in this approach. It is however very easy to protect yourself from these attacks, not only by having the correct security protection in place to fend off attack, but also by making sure you have strong passwords in place across social media and that these details are updated regularly. Lastly, it might sound simple, but giving serious thought before clicking on seemingly amazing value ads, could save you a lot of money in the long run.”