Recently, we’ve observed a new wave of scams on Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops and buy heavily discounted sunglasses there. Victims’ payment card details are at risk.
The spam ads are spread via hacked Facebook accounts that attackers have taken control of using malware and social engineering tactics. Subsequently, without the owner’s consent, they post pictures promoting fake Ray-Ban sunglasses with discounts as high as 90%.
On top of the possibility of losing few dollars on counterfeit goods, victims’ payment card details are at risk. Also, the transactions run directly on the bogus sites, not via a secure payment portal, allowing the payment card’s details to travel unencrypted across the internet.
Figure 1 Example of spam ads
Images are also uploaded to the user’s gallery which is shared with the public. To keep a low profile and avoid suspicion, attackers usually tag only 4 to 6 friends from the friend’s list on each of the fake ads.
Figure 2 Images spreading scam pages
We have seen these fraudulent websites in different language mutations, but most of them use English. Attackers target users in various countries such as the Slovak Republic, the Czech Republic, Chile, France, Spain, the United Kingdom and China.
We have also discovered that many of these newly created domains use a similar design. Most of them are situated in China and were registered this year.
After searching for their favorite models, users should realize that something fishy is going on since all of the Ray-Ban sunglasses on the scam e-shops offer the same 90% discount.
If the victim misses the red flags and decides to order a pair of the displayed sunglasses, he/she will be asked to proceed with their credit card payment. However, these fake e-shops are not secure and don’t use an SSL certificate to encrypt communication between client and server. Customer credit card details therefore, are sent to the attacker’s server in plain text and can be misused in the future.
With the high number of similar looking e-shops offering huge discounts, there is also the probability that customers will neither receive the sunglasses they ordered, nor get their money back.
Figure 3 Credit card info sent unencrypted to the server
How it works
Figure 4 Scam scheme
Many people tempted to buy these “discounted” sunglasses are aware of similar scams. Hence, they try to contact the official Ray-Ban Facebook fan page to verify whether the pages they have seen in the ads are genuine or fake. Official brand representatives are working hard to react to all of these inquires and confirm most of the reported Chinese pages as bogus.
Figure 5 One of the replies by Ray-Ban representatives
Already posted images on Facebook?
If you are one of the victims and have found an image similar to those we’ve described above, posted on your wall (without your consent), we advise you to follow these steps:
- Change your Facebook password immediately (Settings -> General -> Password).
- Remove all suspicious Apps from your Facebook that can automatically post content on the Facebook wall without user knowledge (Settings -> Apps).
- Scan your computer with an up-to-date antivirus software.
If the user still has doubts, he can always view his previous account activity by going to Settings -> Activity Log. There he/she can check for activities possibly caused by malware or the attackers, such as posting or sharing images, or making unwanted friend requests and likes.
Paid for sunglasses?
If you already got tricked and bought sunglasses via these fake websites, we advise you to call your bank and cancel the money transfer immediately. Credit cards used to buy the counterfeit goods can be compromised as well, and should also be reported to the bank.
If you don’t want to spread bogus ads amongst your Facebook friends unknowingly, you can review posts and pictures your friends tagged you in, before they appear on your timeline. You can activate this feature by going to Settings -> Timeline and Tagging -> Review posts friends tag you in before they appear on your timeline? -> Enable.
Figure 6 Review friends tag
Don’t trust bogus extremely low price ads and certainly don’t click or order the goods displayed. If the price offered seems too good to be true, it probably is…