A sophisticated cybercrime campaign known as "ERIAKOS" has been detected, using Facebook advertisements to promote more than 600 fraudulent online shops. The campaign targets unsuspecting consumers by luring them into providing personal and financial information under the guise of unbeatable deals from well-known brands.
How the Scam Works
The fake web shops promise massive discounts on popular products like Nike sneakers, North Face clothing, and iPhones. However, these websites can only be accessed via mobile devices, a deliberate tactic to avoid detection by security scanners and fool consumers.
The ERIAKOS operation was uncovered by Recorded Future, a threat intelligence firm that believes the campaign likely originates from China. This assumption is based on several indicators, including the domain registrar, card networks, and payment service providers associated with the sites.
Despite efforts to take these sites offline, the campaign continues to evolve, consistently launching new waves of advertisements to direct users to newly created scam sites.
Inside the ERIAKOS Campaign
The fraudulent scheme, identified on April 17, 2024, derives its name from a shared content delivery network, eriakos[.]com, found across all associated fake stores. Each of these stores features dozens of Facebook ads specifically targeting mobile users, often including fake user testimonials to enhance credibility.
Recorded Future's investigation shows that while Facebook has managed to detect and block some of these ads, the fleeting nature of the scam sites suggests a deliberate design for short-lived operations. This allows the fraudsters to quickly target and exploit victims before moving on to the next set of sites.
The ads create a sense of urgency by promoting unrealistic, time-limited offers, pushing users to make impulsive purchases. However, these sites are nothing more than a facade for capturing sensitive credit card details and personal information.
To further evade detection, these fraudulent landing pages are designed to work only when accessed via mobile devices or through specific Facebook referrals. If a user attempts to visit the site manually on a desktop or without the correct referrer header, they are met with a 404 error page. This tactic effectively prevents immediate detection and takedown efforts.
Technical Details
The campaign's infrastructure relies heavily on domains registered with Alibaba Cloud Computing and utilises IP addresses 47.251.50[.]19 and 47.251.129[.]84. BleepingComputer discovered malware samples communicating with these IP addresses, although it's unclear if they are directly related to ERIAKOS or part of a broader network of cybercriminals using shared infrastructure.
Despite some sites being taken down, the ERIAKOS operation remains active. Recorded Future shared recent examples of advertisements with BleepingComputer, confirming the campaign's ongoing nature.
In a related development, a separate online fraud network named "BogusBazaar" was identified in May 2024 by researchers at SRLabs, also believed to be operated from China.
What Meta is Doing
Recorded Future has informed Meta, Facebook's parent company, about these fraudulent advertisements. While Facebook's anti-fraud algorithms have intercepted some scams, scammers continue to exploit the platform's advertising system to reach potential victims. Meta's response to the ongoing threat is awaited.
Protecting Yourself from Fraud
Fraudulent campaigns like ERIAKOS pose significant risks to consumers, including unauthorised charges on credit cards and the sale of personal data on the dark web. Here are some essential tips to safeguard against such scams:
Verify Before You Buy: Always research unknown online shops before making purchases. Check for user reviews, terms and conditions, and confirm that the domain uses HTTPS encryption.
Beware of Too-Good-to-Be-True Deals: Scammers often create a false sense of urgency with unbelievable discounts. Take time to assess the legitimacy of the offer before proceeding.
Exercise Caution on Mobile: Since these scams target mobile users, be especially cautious when shopping on your smartphone. Conduct thorough research if asked to provide credit card information.
Report Suspicious Ads: If you encounter any suspicious ads on social media, report them immediately to help others avoid falling victim to these schemes.
Stay Informed: Keep up with cyber security news and updates to be aware of the latest threats and protective measures.
By following these guidelines, consumers can protect themselves from falling prey to malicious cybercriminals exploiting trusted platforms like Facebook to commit fraud.
