Recently, we’ve observed a new wave of scams on Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops and buy heavily discounted sunglasses there. Victims’ payment card details are at risk.
The spam ads are spread via hacked Facebook accounts that attackers have taken control of using malware and social engineering tactics. Subsequently, without the owner’s consent, they post pictures promoting fake Ray-Ban sunglasses with discounts as high as 90%.
On top of the possibility of losing few dollars on counterfeit goods, victims’ payment card details are at risk. Also, the transactions run directly on the bogus sites, not via a secure payment portal, allowing the payment card’s details to travel unencrypted across the internet.
Images are also uploaded to the user’s gallery which is shared with the public. To keep a low profile and avoid suspicion, attackers usually tag only 4 to 6 friends from the friend’s list on each of the fake ads.
We have seen these fraudulent websites in different language mutations, but most of them use English. Attackers target users in various countries such as the Slovak Republic, the Czech Republic, Chile, France, Spain, the United Kingdom and China.
We have also discovered that many of these newly created domains use a similar design. Most of them are situated in China and were registered this year.
After searching for their favorite models, users should realize that something fishy is going on since all of the Ray-Ban sunglasses on the scam e-shops offer the same 90% discount.
If the victim misses the red flags and decides to order a pair of the displayed sunglasses, he/she will be asked to proceed with their credit card payment. However, these fake e-shops are not secure and don’t use an SSL certificate to encrypt communication between client and server. Customer credit card details therefore, are sent to the attacker’s server in plain text and can be misused in the future.
With the high number of similar looking e-shops offering huge discounts, there is also the probability that customers will neither receive the sunglasses they ordered, nor get their money back.