Security researchers have identified a sophisticated mobile-only scam network known as “Eriakos” that has been active since April 17, 2024.

Description

The campaign, named Eriakos [5], targets victims through fake web shops advertised on Facebook [5], exclusively focusing on mobile devices. It uses malvertising to evade security scanners and has been linked to over 600 fraudulent e-commerce websites [5]. The threat actors behind the campaign operate merchant accounts and domains registered in China [5], indicating a likely connection to scam activities in that region [5]. The scam websites exploit popular brands and offer time-sensitive deals to create a sense of urgency among victims [5], with the goal of stealing funds [5], card data [5], and personally identifiable information (PII) [5]. The threat actor sends out multiple ads for a single scam website [5], ensuring that even if some are blocked by Facebook filters [5], others reach their intended victims [5]. The short lifespan of the scam domains suggests that the ad campaigns are designed to be short-lived [5], with the intention of quickly defrauding victims [5]. The campaign impersonates two well-known brands [5], an online e-commerce platform [2] [3] [5], and a power tools manufacturer [2] [3] [5]. The scam e-commerce network [1] [3], known as ERIAKOS, was detected by Recorded Future’s Payment Fraud Intelligence team [1] [3]. It targets Facebook users with fake websites to steal personal and financial data through brand impersonation and malvertising tricks [3]. The campaign uses a content delivery network (CDN) called oss.eriakos[. [3]]com and comprises 608 fraudulent websites. The network exclusively targets mobile users through ad lures on Facebook [3], with some ads offering limited-time discounts to entice clicks [3]. The campaign employs social engineering tactics to build trust with victims [4], such as limited-time offers and personalized recommendations [4], and processes stolen funds through merchant accounts linked to major card networks and Chinese payment service providers [4]. The evasion of detection through advanced screening techniques highlights the increasing sophistication of cybercrime and the need for advanced detection technologies to combat evolving threats [4].

Conclusion

To protect against scams like ERIAKOS [1], individuals should exercise caution when sharing personal information [1], verify website authenticity before making purchases [1], install security software [1], and stay informed about cybersecurity threats [1]. Financial institutions and impersonated businesses can suffer reputational damage and financial losses due to these scam websites [2].

References

[1] https://www.krofeksecurity.com/beware-how-facebook-ads-can-lure-you-to-fake-websites-and-steal-your-credit-card-data/
[2] https://siliconfit.com/blog/2024/08/01/fraud-ring-steals-credit-card-info-with-fake-online-shops-advertised-on-facebook/
[3] https://thehackernews.com/2024/08/facebook-ads-lead-to-fake-websites.html
[4] https://cyberpress.org/fake-shopping-sites-target-facebook-users/
[5] https://www.infosecurity-magazine.com/news/ecommerce-fraud-campaign-600-fake/