ESET has observed a new wave of Facebook scams: in one, cybercriminals are luring social network users into bogus Ray-Ban e-shops to buy heavily discounted glasses.
These ads are spread via hacked Facebook accounts that hackers have taken control of using malware and social engineering tactics. Without the owners’ consent, they post pictures promoting fake Ray-Ban sunglasses with discounts as high as 90%.
“Over 12-million South Africans make use of Facebook, providing a large social network opportunity for scammers to prey upon. It’s imperative that we apply common sense and logic when presented with products being displayed at prices that drastically undercut retailer and e-tailers,” says ESET Southern Africa’s Steve Flynn.
The chances of getting the product that has just been purchased online, is very unlikely. On top of not getting what you’ve paid for, victims’ payment card details are now at risk. The transactions run directly on the bogus sites, not via a secure payment portal, allowing the payment card’s details to travel unencrypted across the internet.
Images are also uploaded to the user’s gallery which is shared with the public. To keep a low profile and avoid suspicion, attackers usually tag only four to six friends from the friend’s list on each of the fake ads.
With the high number of similar-looking e-shops offering huge discounts, there is also the probability that customers will neither receive the sunglasses they ordered, nor get their money back.
Users who have fallen victim to the scam, and have found an image similar to those described posted on their wall without consent are advised to follow these steps:
* Change your Facebook password immediately (Settings -> General -> Password).
* Remove all suspicious apps from your Facebook that can automatically post content on the Facebook wall without user knowledge (Settings -> Apps).
* Scan your computer with up-to-date antivirus software.
If the user still has doubts, they can view previous account activity by going to Settings -> Activity Log to check for activities possibly caused by malware or the attackers, such as posting or sharing images, or making unwanted friend requests and likes.
Users who have already bought sunglasses via these fake websites, we advise you to call your bank and cancel the money transfer immediately. Credit cards used to buy the counterfeit goods can be compromised as well, and should also be reported to the bank.