Summary:
Security researchers recently flagged a huge spike in online subscription scams—and these aren’t the sloppy, obvious cons people might remember from the past. This time, scammers have gone all-in, creating fake stores that look and feel incredibly real, even down to running Facebook ads and impersonating popular content creators. The goal? To trick you into handing over your credit card info and quietly sign you up for subscriptions you didn’t ask for.

What makes this new wave different is how much effort is going into the deception. These fake websites offer everything from trendy clothes and electronics to tempting “mystery boxes” that claim you’ll get surprise products at a bargain. The twist? The checkout page often hides a recurring charge buried in the fine print. By the time people realize they’ve been duped, they’re already being billed every two weeks.

Researchers traced over 200 of these sites back to a single address in Cyprus, suggesting the operation may be linked to an offshore network. Many of the scam websites are still live, and it’s likely that more are being created to replace ones that get taken down.

Social media—especially Facebook—is the main launchpad. Scammers are running polished ad campaigns that mimic the style of well-known influencers or brands. Some even create fake pages that look just like the real ones. By the time someone clicks through and reaches a checkout page, they’re usually convinced it’s all legitimate. That’s when scammers strike, often layering a second scam right at the payment step.

Security Officer Comments:
Mystery box scams sound silly on paper: pay a small amount and get a random box of goodies in the mail. But online, people fall for it. Variations of this grift include clearance sales from "abandoned luggage," fake postal warehouse finds, and so on. What they all have in common is a cheap buy-in and the promise of big rewards.

These scams have grown more complex over time. Early versions just asked for a few bucks and a shipping address. Now, they involve surveys, staged discounts, and multiple subscription tiers. People think they’re getting a deal—but they’re actually signing up for ongoing charges.

In some cases, victims are told they're joining a “VIP club” or a loyalty program. They're even given store credits, which they’re told can be redeemed for deep discounts—though those credits usually lead nowhere. The sites toss around terms like “member pricing,” “top-ups,” and “perks,” all to keep users hooked and spending.

Despite the variety of site names and store designs, many of them are eerily similar. The layouts, themes, and even customer service chatbots appear to be cloned. Most of them are registered with information pointing back to Cyprus—specifically, the address Andrea Kalvou 13, 3085 Limassol, which has ties to known offshore entities.

Researchers found examples where checkout pages linked to Cyprus-based domains like naillr[.]com, offering "loyalty" cards that supposedly unlock better deals. But it’s all part of the same pattern: a slick front that leads to hidden, recurring payments.

These stores are selling more than just mystery boxes now. Some push imitation electronics, fake supplements, bogus investments, or cheap knock-offs presented as premium items. New tactics are also being used to get around automated ad detection, like uploading ad images through Google Drive, cropping visuals to fool scanners, and running several versions of an ad—only one of which contains the actual scam.

Suggested Corrections:
The endgame here isn’t just a one-time payment—it’s getting people to subscribe. Whether it’s through fake memberships, VIP access, or some made-up loyalty program, the criminals are betting that small, recurring charges will fly under the radar. And once they get your info, they often sell it or reuse it for other scams.

This is why awareness matters. The signs can be easy to miss: a vague offer, a weird URL, or a small checkbox near the “Buy Now” button that actually signs you up for ongoing payments. These scams are getting harder to spot, and the people behind them are getting better at making them look legitimate.

Link(s):
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet