Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Facebook ads lead to fake websites stealing credit card information
Global Security

Facebook ads lead to fake websites stealing credit card information

AdminBy AdminAugust 1, 2024No Comments4 Mins Read
Facebook Ads
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 1, 2024Ravi LakshmananInternet fraud / Malicious advertising

Advertising on Facebook

Facebook users are being targeted by an e-commerce fraud network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malicious advertising tricks.

Recorded Future’s Payment Fraud Intelligence team, which discovered the company on April 17, 2024, named it ERIAKOS due to its use of the same content delivery network (CDN) as oss.eriakos(.)com.

“These fraudulent sites were only accessible via mobile devices and advertising baits, a tactic designed to evade automated detection systems,” the company said in a statement. saidnoting that the network included 608 fraudulent websites and that the activity spanned several short-lived waves.

A notable aspect of the sophisticated campaign is that it was exclusively targeted at mobile users, who visited the scammers’ sites via Facebook ad baits, some of which relied on limited-time discounts to entice users to click on them. Recorded Future said up to 100 meta-ads linked to a single scam site are served per day.

Cyber ​​security

The fake websites and ads were found to mainly impersonate a major online e-commerce platform and power tool manufacturer, and targeted victims with fake offers to sell products from various well-known brands. Another important distribution mechanism involves the use of fake user comments on Facebook to lure potential victims.

“Merchant accounts and related domains associated with fraudulent websites are registered in China, indicating that the threat actors operating this campaign may have established a business that they use to manage fraudulent accounts merchants in China,” Recorded Future noted.

This is not the first time criminal e-commerce networks appeared with the aim of collecting credit card information and making an illegal profit from fake orders. In May 2024, a huge network of 75,000 fake online stores – the so-called BogusBazar – was found to have earned more than $50 million from advertising name-brand shoes and clothing at low prices.

Then, last month, Orange Cyberdefense discovered a previously undocumented traffic routing system (TDS) under the name R0bl0ch0n TDS used to promote affiliate marketing scams through a network of fake stores and tote sites for the purpose of obtaining credit card information.

“Several separate vectors are used to initially distribute the redirect URLs via R0bl0ch0n TDS, indicating that these campaigns are likely run by different affiliates,” said security researcher Simon Verneen said.

The development comes in the wake of fake Google ads being displayed when searching for Google Authenticator on the search engine is observed redirecting users to a fake site (“chromeweb-authenticators(.)com”) that delivers a Windows executable hosted on GitHub that eventually removes the information stealer called DeerStealer.

What makes the ads seem legitimate is that they appear to come from “google.com” and that the advertiser’s identity has been verified by Google, according to Malwarebytes, which says that “some unknown person was able to issue pretend to be Google and successfully push malicious software disguised as a Google branded product.”

Malware campaigns have also been spotted distributing different malware families, e.g SocGholish (aka FakeUpdates), MadMxShelland WorkersDevBackdoorwith Malwarebytes detecting infrastructure overlaps between the latter two, indicating that they are likely run by the same threats.

In addition, advertisements for Angry IP Scanner were used to lure users to fake websites, and the email address “goodgoo1ge@protonmail(.)com” was used to register domains that deliver MadMxShell and WorkersDevBackdoor.

“Both malware payloads have the ability to collect and steal sensitive data, as well as provide direct access to the initial access brokers involved in the deployment of ransomware,” security researcher Jerome Segura said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.