- High-end and luxury products are advertised with huge savings
- 4,000+ fake domains that mimic large marks
- Victims lose money without receiving their products
More than 4,000 fake domains that mimic popular brands have been seen in a scheme pushing scam ads aimed at Facebook users.
The campaign was uncovered by threat analysis by Silent Push, in a trend scientist calls “Ghostvendors”, which sees the scam ads for the fake domains that primarily run on the Facebook market by exploding Meta’s ad policy lover holes, with ads removed from the Meta AD Library by campaigning to prevent tracking. with underconnect.
The key to the fake ads is unrealistically low prices designed to lure victims to believe that they have found a bargain – for example, scientists discovered a Milwaukee toolcare for $ 129.
Fusam artists lure shoppers via Facebook ads
The ads also provide a sense of urgency by using keywords such as ‘clearance’, ‘holiday sales’ or ‘excess stock’ that apply pressure on buyers to act quickly.
Links on the ads lead to scams that look like their true colleagues through domain generation algorithms and template cloning, with redirection also used to pull victims against malicious places.
Countless brands have been observed across the more than 4,000 fake domains, including retailers (Amazon, Costco, Argos), Footwear (Birkenstock, Crocs, Skechers) and married sites (Bath & Body Works, Yankee Candle).
Since there have been so many attacks, consequences can vary. Many victims have had their payment information stolen without delivered goods or have experienced financial fraud. Furthermore, the threat appears to be on a global scale and is not limited to a core country or region.
Silent Push says threat actors have shown a deep understanding of Meta’s AD systems that have been criticized for not holding a public archive with inactive scam ads and not to allow holistic tracking without (prohibited) external scraping.
Meanwhile, potential victims (including virtually all online shoppers) are advised to warn ads that seem too good to be true.
Users can also verify the authenticity of offers by visiting sites directly. It is also recommended that online purchases be made by credit cards that come with additional protection, with direct bank transfers that are completely inappropriate.
