Story image

Hitting emails and Facebook: Ray-Ban scam is back

13 Jun 2016

A while ago, we informed you about a Ray-Ban scam campaign flooding Facebook via hacked profiles. Using fake ads that offered massive discounts, attackers tried to lure users into “buying” branded sunglasses, thus giving up their payment card details via an unsecured channel.

Spread mostly via posts disguised as ads for Ray-Bans, the scam also tags a small group of the intended victim’s friends. Attackers have also created a lot of bogus Facebook pages and events indirectly leading users to visit their scam stores. Other channels used to spread this hoax included communication apps such as WhatsApp, Viber, iMessage or Facebook Messenger.

Yet, it seems this hasn’t satisfied the attackers. As we have seen recently, they have reverted to an older but still very efficient way of spamming potential victims – email.

Expanding tentacles

In just the last few months, ESET’s Antispam solution has detected tens of thousands of these scam emails delivered worldwide. Some of the most affected countries have been the UK, Japan and Spain.

As shown in our previous analysis, fake sunglasses stores were often built for different countries using their respective currencies. Most of them accepted US dollars, the eurozone’s euro, British sterling, Canadian dollars and Australian dollars.

But the latest email spamming campaigns were redirecting to pages that also accepted less popular currencies such as the Brazilian real, New Zealand dollars, Swedish kronor, Danish kroner, Singapore dollar, Swiss francs, Norwegian kroner, and Czech koruna.

We would like to advise users to be extra careful and pay attention when dealing with offers promising high discounts or cheap branded goods. Browsing these web pages is not risky in itself, but proceeding to order and pay definitely is. These fake e-shops are not genuine and don’t use SSLcertificates to encrypt communications while sending credit card information. Therefore, sensitive data can be stolen and misused, or even eavesdropped upon by malicious third parties.


If you receive an email from an untrusted person with similar characteristics selling discounted goods:

·       Do not open any URL links inside the body of the email or download its attachment.

·       Report such email as spam.

In case you receive the scam ads on Facebook:

·       Do not react to any messages, tagged photos or advertisement images sent to your Facebook wall.

·       Remove a tag of yourself from any such images posted by your friends.

·       If you are the one sending or tagging friends then immediately scan your computer with up-to-date security software. If you don’t have any security software, you can use our free solution ESET Online Scanner.

Article by Lukas Stefanko, malware researcher, ESET

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.