Summary:
Security researchers have identified a sophisticated information-stealing fraud network, dubbed “Eriakos,” that lures victims to fake web shops through malicious Facebook ads. According to Recorded Future, this campaign exclusively targets mobile devices and users, making the scam websites accessible only via malvertising to evade security scanners. The investigation revealed that Eriakos is a large-scale operation, with 608 fraudulent e-commerce websites controlled by a single actor or group. These fraudulent sites are designed to mimic legitimate online stores and exploit well-known brands, creating a sense of urgency with time-sensitive offers to entice victims into making purchases. The merchant accounts and related domains linked to these scam websites are registered in China, suggesting that the threat actors have established their operations there. This indicates a level of organization and planning, likely involving a business structure to manage these scam merchant accounts.

The primary objective of the Eriakos campaign is to steal victims’ funds, card data, and personally identifiable information (PII) through transactions with these fraudulent merchant accounts. Once the victim makes a purchase, the scam sites harvest their financial information and PII, leading to financial loss and potential identity theft.

The Eriakos campaign specifically impersonates two popular brands: a major online e-commerce platform and a well-known power tools manufacturer. By using these reputable brands, the threat actors enhance the credibility of their scam websites, making it more likely that victims will fall for the fraudulent schemes. Although the exact start date of the Eriakos campaign is unclear, it was discovered on April 17 and continues to operate. The persistence of this campaign highlights the ongoing risk to mobile users and the need for increased vigilance.


Security Officer Comments:
To ensure their ads reach as many victims as possible, the threat actors send out dozens of ads related to each scam website. This approach helps them bypass Facebook’s ad filters, as even if some ads are blocked, others will still reach potential victims. The short lifespan of the scam domains, coupled with the rapid rotation of ads, suggests that the ad campaigns are designed to be brief but intense, allowing the operators to quickly attract and defraud a large number of victims before detection and shutdown.

The concurrent presence of over 100 ads for a single scam website domain on the same platform further amplifies the reach of these fraudulent campaigns. This flood of ads increases the likelihood that victims will encounter and click on them, whether or not the ads are detected and blocked in a timely manner.


Suggested Corrections:

• Be cautious of time-sensitive offers and advertisements on social media.
• Verify the legitimacy of e-commerce websites before making any transactions.
• Report suspicious ads and websites to Facebook and relevant authorities.
• Regularly monitor financial statements for unauthorized transactions.
• Use security software to detect and block malicious ads and websites.

Stay vigilant and protect yourself from this emerging threat by being aware of the Eriakos fraud network and its tactics. Understanding the sophisticated methods used by these cybercriminals can help you avoid falling victim to their schemes.


Link(s):
https://www.infosecurity-magazine.com/news/ecommerce-fraud-campaign-600-fake/