If you are a fan of purchasing online through Facebook, experts in cybersecurity Toronto urge you to be extra cautious. A recent scam uncovered by Recorded Future’s Payment Fraud Intelligence team has revealed a disturbing trend involving Facebook ads and fake websites. They are designed to steal credit card information. Named ERIAKOS, this scam was detected earlier this year and targets mobile users by impersonating trusted brands and misleading advertisements.
This fraudulent campaign starts by using over 600 sites. These are only accessible through mobile devices and Facebook ads. The ads mentioned usually sell enticing discounts and savings in order to lure customers. Furthermore, they also Facebook comments to further entice shoppers. One baited, the victims are led into clicking counterfeit sites. The scam happens because they spoof major brands that customers trust.
According to the investigation team, the merchant accounts of these impostor sites are registered overseas, specifically China, which also suggests that operations are managed there. Although this investigation is new, there have been similar cases to this. An example would be the BogusBazaar network, which operated over 75,000 fake stores. This scam gathered over $50 million by offering known brands at unbelievably low prices.
In another case, the scam involved a new traffic direction system (TDS) named R0bl0ch0n. This TDS boosts affiliate marketing scams by using fake shops and survey sites with the goal of collecting credit card information. Furthermore, experts in cybersecurity Toronto warn about fake Google ads are redirecting users to a malicious site, “chromeweb-authenticators[.]com.” This site delivers malware disguised as a Google product. Named DeerStealer, this malware is spread through ads that appear legitimate but are actually part of a broader malvertising campaign. Similarly, other malware families, such as SocGholish and MadMxShell, have also been disseminated through similar fake ads.
Anti-malware company, Malwarebytes, has reported that some of these ads have been used to distribute both MadMxShell and WorkersDevBackdoor. This is done with overlapping infrastructure which shows a shared origin. These malware payloads are able to steal confidential information and enable ransomware attacks. An email address “goodgoo1ge@protonmail[.]com” is being associated with domains that disseminate these malicious programs. This further highlights the intricate nature of these cyber threats.
As cyber threats continue to evolve, it is crucial for business owners and their team to remain vigilant. Everyone must be aware of the need to be skeptical of unsolicited ads and offers, especially on social media platforms like Facebook. Here at EBSolution, we can provide your business with systems that will enhance your company’s cybersecurity posture. By ensuring strong cybersecurity practices and establishing a solid business recovery plan, we can help you protect your business against these increasingly complex scams.