Recently, we’ve observed a new wave of scams on
Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops
and buy heavily discounted sunglasses there. Victims’ payment card details are
at risk. The spam ads are spread via hacked Facebook
accounts that attackers have taken control of using malware and social
engineering tactics. Subsequently, without the owner’s consent, they post
pictures promoting fake Ray-Ban sunglasses with discounts as high as 90%.
On top of the possibility of losing few dollars on
counterfeit goods, victims’ payment card details are at risk. Also, the
transactions run directly on the bogus sites, not via a secure payment portal,
allowing the payment card’s details to travel unencrypted across the internet.
Images are also uploaded to the user’s
gallery which is shared with the public. To keep a low profile and avoid
suspicion, attackers usually tag only 4 to 6 friends from the friend’s list on
each of the fake ads.We have seen these fraudulent websites in different
language mutations, but most of them use English. Attackers target users in
various countries such as the Slovak Republic, the Czech Republic, Chile,
France, Spain, the United Kingdom and China. We have also discovered that many of these newly
created domains use a similar design. Most of them are situated in China and
were registered this year.
After searching for their favorite models, users
should realize that something fishy is going on since all of the Ray-Ban
sunglasses on the scam e-shops offer the same 90% discount. If the victim misses the red flags and decides to
order a pair of the displayed sunglasses, he/she will be asked to proceed with
their credit card payment. However, these fake e-shops are not secure and don’t
use an SSL certificate to encrypt communication between client and server.
Customer credit card details therefore, are sent to the attacker’s server in
plain text and can be misused in the future.
With the high number of similar looking e-shops
offering huge discounts, there is also the probability that customers will
neither receive the sunglasses they ordered, nor get their money back.
How it works
Many people tempted to buy these “discounted”
sunglasses are aware of similar scams. Hence, they try to contact the official
Ray-Ban Facebook fan page to verify whether the pages they have seen in the ads
are genuine or fake. Official brand representatives are working hard to react
to all of these inquires and confirm most of the reported Chinese pages as
bogus.
Already posted images on Facebook?
If you are one of the victims and have found an
image similar to those we’ve described above, posted on your wall (without your
consent), we advise you to follow these steps:
1.
Change your
Facebook password immediately (Settings
-> General -> Password).
2.
Remove all
suspicious Apps from your Facebook that
can automatically post content on the Facebook wall without user knowledge (Settings
-> Apps).
3.
Scan your
computer with an up-to-date antivirus software.
If the user still has doubts, he can always view
his previous account activity by going to Settings -> Activity Log.
There he/she can check for activities possibly caused by malware or the
attackers, such as posting or sharing images, or making unwanted friend
requests and likes.
Paid for sunglasses?
If you already got tricked and bought sunglasses
via these fake websites, we advise you to call your bank and cancel the money
transfer immediately. Credit cards used to buy the counterfeit goods can be
compromised as well, and should also be reported to the bank.
Prevention
If you don’t want to spread bogus ads amongst your
Facebook friends unknowingly, you can review posts and pictures your friends
tagged you in, before they appear on your timeline. You can activate this feature
by going to Settings -> Timeline and Tagging -> Review posts friends
tag you in before they appear on your timeline? -> Enable.
Don’t trust bogus extremely low price ads and
certainly don’t click or order the goods displayed. If the price offered seems
too good to be true, it probably is…
Scam websites
sk-rb.com; rb-sk.org; rbbuy-sk.com; rayban-sk.com; rbs-sk.com;
cz-rb.com; rb-rr.com; rbstore-no.com; rb-be.org; rbeus.co; rbius.co; rb-nb.com;
rbsave-fr.com; salesunglasses07.pw; rb-ff.com; rbcet.com; ok-rb.top; rbfr-rbs.com; frrbsrbs.com;
rbese.com; rb-as.com; rbs-chile.com; rayban-brand.com; spain-rb.com; rbshop-il.com;
ukrb-uk.com; esnrb.com; vt-rbs.com; rbbuy-se.com; rbstoreonline.org; glasses-sale.com;
rb-cz.com; rb-sk.com; rbbuy-se.com; rbnes.com;
2015goodsunglasses.com; rbstore-cl.com; cheapsunglasses.cn; rbwap.com; br-rbso.com