A new scam wave has started to hit the world and this time it is a big one, advertising users to visit phishing web pages that aim to steal their sensitive information.
We at Sensors Tech Forum have covered malware for quite some time now, but we were always sensitive when it comes to the subject of online scams and the software behind it. When you spend several years time, investigating the purpose and trickery behind different scams, you start to see which scams are likely to be “a song resung” and which scams are “one time”. One such repeating itself scam is the latest one we have recently detected and decided to call the “Facebook Nike Shoes Scam”.
When we first saw this scam, the pattern immediatey brough back a memory from the not so distant past – the Ray-Ban Facebook scam. The both scams share absolutely the same ideology and when we come to think that this Ray-Ban scan derives from another old scam which used Oakley sunglasses, we immediately came to the most likely conclusion – these are made by the same people or person.
What Is The Purpose of The Nike Shoes Facebook Scammers and How Does It Work?
So the scam Is rather simple. Let’s say you are an average Facebook user and you see your friend, whose mobile device or PC has been compromised by “this thing” to post this on your profile:
By the looks of it, this scam is not something that everyone will fall for, but then again if they keep spreading it, there must be people who have become affected and they are likely to be a lot! So yes, let’s decide that you are one of those victims and decide to go for it and open the site, believing there are some awesome knockoff Nike™ shoes. The next thing that happens is that you are lured into the following fake site, which is not even SSL encrypted:
The site directly takes you to a number of shoe models advertised and offered at a very low price and as soon as you ad several shoes to your card, you are good to go. Oh, but wait, before you make a purchase, did you forgot to sign up? Here is where the scam happens:
The cyber-criminals want victims to enter their personal details and this is how they trick them. And if the victim keeps going, he or she will likely be taken to a web page where the financial details are demanded, such as the credit/debit card number, it’s security code, expiration date and other information which can be sold in the underground markets. And this is just the beginning of your nightmare. If you actually make a purchase and it pulls through, you can wind up paying what seems to be a chinese company by the looks of it and getting nothing in return or simply an empty box. So, yeah, don’t do it!
Why Does History Repeat Itself and What Are the Repeated Scams?
When we saw this scam, one thing jumped in our minds and that was that this was another elaborate attempt of the so-called Facebook Ray-Ban scammers, who terrorized Facebook with their nasty piece of false advertising. And they did not even bother to change how the scam works! The same thing happens all over again as a user sends a photo of a discount on a Ray-Ban knockoffs that is only lasting one day:
Notice the resemblance?
And by now you may have figured what happens next – the user is taken to a scamming site which shows different sunglasses and again wants you to type in your information:
Oh, but the story does not begin with the Ray-Ban scam at all. It started way back with the Oakley Scam links that were not only advertised on Facebook, but also sent to victims directly on their e-mails. Here is one such e-mail, that has come back to haunt us in 2018:
Subject: Oakley Sunglasses 85% Off. 2018 Styles
Date: 2018-06-27 16:09
You’re part of Oakley MVP program.
*Get Free 2-Day Shipping on orders $50+. Terms and Conditions apply.
You are receiving this message because you signed up for Oakley
communications. CLICK HERE TO UNSUBSCRIBE  COPYRIGHT ©2018 OAKLEY, INC. ALL RIGHTS RESERVED.
1 Icon, Foothill Ranch, CA 92610
As you might have now figured, the e-mail has URLs in it, that again, lead to a same well made copy of the Oakley website:
But how it all started?
We do not know the exact date or time when this scam begun, but we do know this – one of the first reports was well over 2 years ago by a reddit user who saw the scam being posted in the form of a direct web link, looking like the following image:
What is very interesting is that the URL back then was able to directly lead the victims to the fake site.
What Did Facebook Do About It and Why It Isn’t Working?
Since then, Facebook has not stood still against those scammers at all. Mark Zuckerberg’s corporation has made it possible that their sophisticated servers block scam links and restrict spam bots from compromised accounts, but that didn’t stop the scammers from compromising accounts via malware. So what happened next is that Facebook stepped up their account protection, enabling two-factor and other notifications and protection measures. It appears that this has basically done nothing to stop the scammers though, as they are now using short domains in URLs and what seems to me is a more sophisticated type of malware that hijacks profiles in a way that bypasses those measures. So the same people are likely still here and still active and so far users are still at risk. And while users need to learn on their own how to protect yourselves, not everyone is 100% safe against those scams, because there are the non tech-savvy users, who are mostly in danger, like seniors or children, who lack any idea what are those. So, I think that given the situation I can write “Your move, Facebook”.