17 June 2016

Cheap Ray-Ban sunglasses? It's a scam

Source: ESET. Chart for number of spam emails blocked by ESET.
Source: ESET.

ESET spam filters have detected a rise in scam emails luring recipients to buy luxury goods, mostly heavily discounted Ray-Ban sunglasses. The bogus websites where the fakes are offered use no encryption and may have been created to steal victims’ payment card details. ESET had previously warned that this scam, but that was when it had largely targeted Facebook. By adding email as an attack vector, the range of potential victims increases significantly.

“Those who enter their payment card data into these bogus website forms put their money at a serious risk,” says Lukáš Štefanko, ESET Malware Researcher.

Over the last few months, ESET researchers have detected tens of thousands of these scam emails. Parallel to adding email as a new attack vector, the criminals behind the scam have also extended their geographic reach. The bogus sunglasses stores often target countries using their currencies to appear more genuine.

A few months ago, they almost exclusively accepted US dollars, the Eurozone’s euro, British pounds, Canadian dollars and Australian dollars. However, the latest email spamming campaigns have been redirecting to pages that also accept less popular currencies such as New Zealand dollars and the Singapore dollar.

“Internet users should not lose their security instincts when pursuing extremely cheap deals, be it for sunglasses or anything else. Your payment card details open your wallet – so think twice about entering them at websites that have suspicious addresses, offer suspiciously priced goods or use unsecured communications channels,” recommends ESET’s Štefanko.

Recommendations on protecting yourself:

If you receive an email from an untrusted person with similar characteristics selling discounted goods, do not open any URL links, do not download any attachments and report the email as spam

If you are about to enter your payment card details, consider if the store is trustworthy and check if it uses encryption (there must be “https”, not “http” in the address bar, for example, and the link should not be a variation of a more well-known store)

Follow basic rules for safe online behaviour when using the Internet, such as ensuring the system is up-to-date, use a quality security solution or, at least, in case of any suspicion use a free tool to scan your computer.