A popular online scam, the mystery box scam, has evolved to include another layer to trick users out of their personal and financial information.
Bitdefender researchers say there has been a surge in subscription scams which have gotten both more sophisticated and increased in number, involving hundreds of fraudulent websites.
The cybercriminals behind the fake websites have gone through significant lengths to make the fake retails sites appear to be legitimate retail sites offering shoes, clothing, beauty products and electronics. However, the goal of these sites is actually to trick victims into handing over their sensitive information – specifically their credit card data.
The mystery box scam works under the promise of offering sold out or high profile items for minimal prices, or by offering clearance prices on items that are unknown for example bags left at an airport or packages left at a post office. They often fall under the category of sounding “too good to be true,” in that they have a shockingly low price or are offered for a timed period. When a victim is tricked into ‘snagging’ the deal, instead their personal and financial details are stolen by the scammers.
Bitdefender has identified more than 200 different sites involved in the current surge of scams, many of them linking back to a single address in Cyprus which the researchers believe indicates an offshore company as being involved. Many of these cybercriminals started the scam by creating Facebook pages, and taking out ads to run the mystery box scam or variations of these types of offers.
In an added evolution to the original mystery box scam, the current sites – many of which are still up and running – include a subscription element. A recurring payment or subscription option is added as a last step, usually in a small print format and right before final payment is completed making your current purchase a recurring payment or subscription model. It’s intended to be hidden or very difficult to spot, and it means victims are then scammed twice.
How to stay safe from subscription scams
First, be incredibly wary of ads on social media especially ones that sounds too good to be true, anything that offers a high-value or in-demand product for a suspiciously low price, or anything of a 'mystery box' nature that offers goods where you don't know what you are getting beforehand.
Watch out for ads that have cropped images, images that seems to be sourced from Google Drive or ads lacking text as those are dead giveaways for this type of scam.
Be especially careful about where you give out your personal information and your financial information. Check the URLs of websites to make sure you're on the site you expect to be on, look up websites in a search engine to check to see if they're legitimate, and make sure you've protected yourself and your computer with the best antivirus software – often it will contain specific features that can help keep you safe when shopping online like a hardened browser or VPN, identity theft protection or monitoring and a password manager to protect your accounts.
Scams like these will likely keep showing up but by educating yourself on how to spot them and warning others, we can all be a bit safer online.
More from Tom's Guide
- Help Tom's Guide - your chance to win a $250 Amazon gift card
- AirPlay flaw exposes all Apple devices to hacking over Wi-Fi — what you need to know
- New ChoiceJacking attack lets hackers steal data from your phone using public chargers — how to stay safe
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
