Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Fraud ring steals credit card info with fake online shops advertised on Facebook

A padlock resting on a keyboard.

Researchers have uncovered a network of fraudulent websites posing as online stores in a far-reaching fraud operation aimed at stealing user’s payment information. 

Primarily impersonating genuine existing ecommerce sites, adverts posted on Facebook boasted high discounts and time-sensitive deals in order to entice customers into entering their card details. Not only was money taken from user’s accounts, but their details were then sold on dark web marketplaces, which often lead to long-term credit card fraud. 

The fraud campaign was dubbed ‘ERIAKOS’, after the content delivery network (CDN) provider used, and over 600 fake web shops were discovered by Recorded Future, which found roughly 100 ads linked to each site. 

Evading detection

In order to avoid being spotted, the fake sites were only accessible on mobile devices or through the Facebook ad links - which included false endorsements in the comments to appear legitimate.

“Brand impersonation is an enduring tactic for scams and phishing websites because it is effective. For this reason, the operators of this campaign will likely continue to model their scam websites after the brands they are currently imitating in order to attract potential victims as quickly as possible”, Record Future said in its report.

Although Facebook’s anti-fraud algorithm detected and deleted some of the ads, the high volume of content and sites involved made it a difficult task. The websites were designed to be short lived, so as one site was deleted, another was generated in its place. Many are now offline, but it is unclear just how many similar scam sites exist.

Related domains and merchants accounts linked to the scam are registered in China, which suggests this is primarily where the threat actor operates. Reports indicated ‘ERIAKOS’ mostly impersonated two popular brands: a large ecommerce platform, and a power tools manufacturer.

Scam websites don’t just affect the victims, but can have knock on effects for impersonated businesses, who can suffer reputational damage. Financial institutions also face risk through irrecoverable losses and chargeback disputes.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.