Hitting emails and Facebook: Ray-Ban scam is back

A while ago, we informed you about a Ray-Ban scam campaign flooding Facebook via hacked profiles. Using fake ads that offered massive discounts, attackers tried to lure users into “buying” branded sunglasses, thus giving up their payment card details via an unsecured channel.

Spread mostly via posts disguised as ads for Ray-Bans, the scam also tags a small group of the intended victim’s friends. Attackers have also created a lot of bogus Facebook pages and events indirectly leading users to visit their scam stores. Other channels used to spread this hoax included communication apps such as WhatsApp, Viber, iMessage or Facebook Messenger.

Yet, it seems this hasn’t satisfied the attackers. As we have seen recently, they have reverted to an older but still very efficient way of spamming potential victims – email.

Figure 1 – Received scam emails

Figure 1 – Received scam emails

Expanding tentacles

In just the last few months, ESET’s Antispam solution has detected tens of thousands of these scam emails delivered worldwide. Some of the most affected countries have been the UK, Japan and Spain.

Screen Shot 2016-06-07 at 10.42.02

As shown in our previous analysis, fake sunglasses stores were often built for different countries using their respective currencies. Most of them accepted US dollars, the eurozone’s euro, British sterling, Canadian dollars and Australian dollars.

But the latest email spamming campaigns were redirecting to pages that also accepted less popular currencies such as the Brazilian real, New Zealand dollars, Swedish kronor, Danish kroner, Singapore dollar, Swiss francs, Norwegian kroner, and Czech koruna.

Figure 2 – Targeted countries

Figure 2 – Targeted countries

We would like to advise users to be extra careful and pay attention when dealing with offers promising high discounts or cheap branded goods. Browsing these web pages is not risky in itself, but proceeding to order and pay definitely is. These fake e-shops are not genuine and don’t use SSL certificates to encrypt communications while sending credit card information. Therefore, sensitive data can be stolen and misused, or even eavesdropped upon by malicious third parties.


If you receive an email from an untrusted person with similar characteristics selling discounted goods:

  • Do not open any URL links inside the body of the email or download its attachment.
  • Report such email as spam.

In case you receive the scam ads on Facebook:

  • Do not react to any messages, tagged photos or advertisement images sent to your Facebook wall.
  • Remove a tag of yourself from any such images posted by your friends.
  • If you are the one sending or tagging friends then immediately scan your computer with up-to-date security software. If you don’t have any security software, you can use our free solution ESET Online Scanner.

Author Lukas Stefanko, ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.