Researchers have uncovered a network of fraudulent websites posing as online stores in a far-reaching fraud operation aimed at stealing user’s payment information.
Primarily impersonating genuine existing ecommerce sites, adverts posted on Facebook boasted high discounts and time-sensitive deals in order to entice customers into entering their card details. Not only was money taken from user’s accounts, but their details were then sold on dark web marketplaces, which often lead to long-term credit card fraud.
The fraud campaign was dubbed ‘ERIAKOS’, after the content delivery network (CDN) provider used, and over 600 fake web shops were discovered by Recorded Future, which found roughly 100 ads linked to each site.
Evading detection
In order to avoid being spotted, the fake sites were only accessible on mobile devices or through the Facebook ad links - which included false endorsements in the comments to appear legitimate.
“Brand impersonation is an enduring tactic for scams and phishing websites because it is effective. For this reason, the operators of this campaign will likely continue to model their scam websites after the brands they are currently imitating in order to attract potential victims as quickly as possible”, Record Future said in its report.
Although Facebook’s anti-fraud algorithm detected and deleted some of the ads, the high volume of content and sites involved made it a difficult task. The websites were designed to be short lived, so as one site was deleted, another was generated in its place. Many are now offline, but it is unclear just how many similar scam sites exist.
Related domains and merchants accounts linked to the scam are registered in China, which suggests this is primarily where the threat actor operates. Reports indicated ‘ERIAKOS’ mostly impersonated two popular brands: a large ecommerce platform, and a power tools manufacturer.
Scam websites don’t just affect the victims, but can have knock on effects for impersonated businesses, who can suffer reputational damage. Financial institutions also face risk through irrecoverable losses and chargeback disputes.
Via BleepingComputer
More from TechRadar Pro
- Russian cybercriminals are hijacking domain names — with thousands of sites already taken over
- Stay safe with the best identity theft protection tools we've seen
- Downloaded something dodgy? Check out the best malware removal tools around