If you’ve recently been tempted by a great looking advertisement on Facebook, keep scrolling.
According to Cybernews, a large network of more than 4,000 domains have been impersonating dozens of popular brands in order to run fake ads across the social media site in order to tempt visitors to check out their scam websites. The aim of these threat actors is to steal money, or payment details, or both.
Threat analysts at Silent Push have dubbed these scammers “GhostVendors” because they’ve discovered a way to circumvent Meta’s policy in order to cover their tracks. According to the researchers, the threat actors run their scam ads through Facebook Marketplace ads. “Meta’s policy dictates that any other types of ads are only saved while those ads are part of active campaigns.” That means that once the fake campaign ends, all proof of the scams vanish.
Like any other “too good to be true” style scam, the ones in this network of thousands of websites promote very, very low prices on popular products in order to tempt victims and unwary online shoppers. Silent Push found the threat actors to be impersonating high profile brands like Amazon, Costco, Lowe’s, Crocs, Duluth Trading, Tractor Supply, Thrive Market, Yankee Candle, EGO Power+ Tools and more.
The example given by Cybernews is an ad for Milwaukee Tools under the name “Milaeke” that offers a toolbox for a price of $129 under the domain name wuurkf[.]com. Other ads will use keywords like “clearance” or “holiday celebration sale” in order to make a deal seem tempting or temporary so that shoppers will act quickly.
The researchers at Silent Push say the threat actors can use a domain generated algorithm (DGA) to clone templates and reproduce the offers quickly to set up dozens of fake copies for various products across categories.
How to stay safe from scam ads on social media
Honestly, though it may sound tempting, most of your shopping just shouldn't be happening on social media in the first place. Even if you do see something that looks too good to pass up, your best bet is to note the name of the company and then independently visit their website in a web browser that you've opened yourself, and before you buy, you should first look for reviews and ratings from the Better Business Bureau or similar sites.
If you're buying something second hand, try to only pay cash or through a payment app like Venmo once you've received the item. If you're purchasing something that's being mailed, try to use a credit card and make sure to get a shipping number. That way, you can do a chargeback if you don't receive the item or get something that isn't at all like its description in the original listing.
Remember, if it sounds too good to be true, it probably is, and if an ad or social media post is trying to tempt you with a limited time offer, a countdown or some other form of pressure, it's suspicious at best. You can protect yourself as well by making sure you have one of the best identity theft protection services which will monitor your accounts for signs of fraud and other red flags, and one of the best antivirus software solutions which are also on the lookout out for suspicious websites, malicious behavior and of course, malware.
More from Tom's Guide
- Meta called out for tracking Android users across the web without their consent — what you need to know
- Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
- Delete these 20 apps right now if you downloaded them from the Play Store — they’re malicious
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
