Ray-Ban Scam Now Also Spreads Via Email

ESET spam filters detect a wave of scam emails luring internet users to buy luxury goods, mostly Ray-Ban sunglasses. The bogus websites where those heavily discounted fakes are offered, use no encryption and may be stealing victims’ payment card details. Previously ESET warned that this scam had largely targeted Facebook.

Those who enter their payment card data into these bogus website forms put their money at a serious risk,” says Lukáš Štefanko, ESET Malware Researcher. By adding email as an attack vector, the range of potential victims increases significantly.

Over the last few months ESET researchers have detected tens of thousands of these scam emails. Parallel to adding email as a new attack vector, the criminals behind the scam have also extended their geographic reach. The bogus sunglasses stores often target particular countries using their respective currencies.A few months ago they almost exclusively accepted US dollars, the Eurozone’s euro, British pounds, Canadian dollars and Australian dollars. However, the latest email spamming campaigns have been redirecting to pages that also accept less popular currencies such as the Brazilian Real, New Zealand dollars, Swedish kronor, Danish kroner, the Singapore dollar, Swiss francs, Norwegian kroner, and Czech koruna.“Internet users should not lose their security instincts when pursuing extremely cheap deals, be it for sunglasses or anything else. Your payment card details open your wallet – so think twice about entering them at websites that have suspicious addresses, offer suspiciously priced goods or use unsecured communications channels,” recommends ESET’s Lukáš Štefanko.

ESET recommendations:

-          If you receive an email from an untrusted person with similar characteristics selling discounted goods: 
do not open any URL links, do not download any attachments and report the email as spam

-          If you are about to enter your payment card details:
consider if the store is trustworthy and check if it uses encryption (there must be “https”, not “http” in the address bar)

-          In any case:
follow basic rules for safe online behavior when using the internet; have your system up-to-date, use a 
quality security solution or, at least, in case of any suspicion use a free tool to scan your computer.

 

 

Read more in the analysis on WeLiveSecurity.com. About ESETSince 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.