Recently, we’ve observed a new wave of scams on Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops and buy heavily discounted sunglasses there. Victims’ payment card details are at risk.
The spam ads are spread via hacked Facebook accounts that attackers have taken control of using malware and social engineering tactics. Subsequently, without the owner’s consent, they post pictures promoting fake Ray-Ban sunglasses with discounts as high as 90%.
On top of the possibility of losing few dollars on counterfeit goods, victims’ payment card details are at risk. Also, the transactions run directly on the bogus sites, not via a secure payment portal, allowing the payment card’s details to travel unencrypted across the internet.
Images are also uploaded to the user’s gallery which is shared with the public. To keep a low profile and avoid suspicion, attackers usually tag only 4 to 6 friends from the friend’s list on each of the fake ads.