Hitting emails and Facebook: Ray-Ban scam is back

A while ago, we informed you about a Ray-Ban scam campaign flooding Facebook via hacked profiles. Using fake ads that offered massive discounts, attackers tried to lure users into “buying” branded sunglasses, thus giving up their payment card details via an unsecured channel.

Spread mostly via posts disguised as ads for Ray-Bans, the scam also tags a small group of the intended victim’s friends. Attackers have also created a lot of bogus Facebook pages and events indirectly leading users to visit their scam stores. Other channels used to spread this hoax included communication apps such as WhatsApp, Viber, iMessage or Facebook Messenger.

Yet, it seems this hasn’t satisfied the attackers. As we have seen recently, they have reverted to an older but still very efficient way of spamming potential victims – email.

n1.png

Expanding tentacles

In just the last few months, ESET’s Antispam solution has detected tens of thousands of these scam emails delivered worldwide. Some of the most affected countries have been the UK, Japan and Spain.

Screen-Shot-2016-06-07-at-10.42.02.png

As shown in our previous analysis, fake sunglasses stores were often built for different countries using their respective currencies. Most of them accepted US dollars, the Eurozone’s euro, British sterling, Canadian dollars and Australian dollars.

But the latest email spamming campaigns were redirecting to pages that also accepted less popular currencies such as the Brazilian real, New Zealand dollars, Swedish kronor, Danish kroner, Singapore dollar, Swiss francs, Norwegian kroner, and Czech koruna.

bb3.png

We would like to advise users to be extra careful and pay attention when dealing with offers promising high discounts or cheap branded goods. Browsing these web pages is not risky in itself, but proceeding to order and pay definitely is. These fake e-shops are not genuine and don’t use SSL certificates to encrypt communications while sending credit card information. Therefore, sensitive data can be stolen and misused, or even eavesdropped upon by malicious third parties.

Conclusion

If you receive an email from an untrusted person with similar characteristics selling discounted goods:

  • Do not open any URL links inside the body of the email or download its attachment.
  • Report such email as spam.

In case you receive the scam ads on Facebook:

  • Do not react to any messages, tagged photos or advertisement images sent to your Facebook wall.
  • Remove a tag of yourself from any such images posted by your friends.
  • If you are the one sending or tagging friends then immediately scan your computer with up-to-date security software. If you don’t have any security software, you can use our free solution ESET Online Scanner.

by Lukas Stefanko, ESET


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s