14 DAY TRIAL // It’s the holiday season and scammers are trying to benefit from our growing shopping appetite with new campaigns launched on social media.
One of the latest such attempts involves Uggs, as scammers are trying to trick people into opening malicious store links with unrealistically low prices for these popular boots.
The scam ads are typically posted on Facebook, although scammers can use other spreading channels as well, and advertise prices that are too good to be true, calling for users to click the links and access online stores.
Once they do that, visitors are provided with fake store listings using a compromised payment system that allows attackers to receive credit card details.
“Just as before, payment card details, as well as the money of unaware Christmas shoppers, seem to be the target of the attackers. Fake e-shops resemble their legitimate counterparts, however, the transactions run directly on the site, not via a secure payment portal. This allows the payment card’s details to travel unencrypted across the internet,” a post on ESET’s WeLiveSecurity community blog reads.
Look for HTTPS and SSL
Several fake online shops have already been spotted online, and most of them are registered in China, so make sure that you double check before making a transaction.
In most of the cases, the easiest way to tell that a store is fake or not is by looking at the address bar, as legitimate websites are using SSL certificates to encrypt communications between clients and servers. HTTPS is also being used for encrypting payments.
It goes without saying that scammers are getting smarter every new season and they’re always trying to adapt their attempts using all kinds of tweaks.
This time, for instance, their Facebook posts trying to entice users into visiting malicious stores also include photos promoting the low prices, as well as tagged people, which are supposed to add to the legitimacy of each ad.