Threat actors use mystery box scams to steal credit card details

Cybercriminals currently execute “mystery box scams” on convincing websites to steal credit card information.

These sophisticated scams are intended to deceive individuals into subscribing to monthly payments while giving away their credit card details. The fraudulent websites claim to sell various products such as shoes, clothing, and electronics and even promote false investment opportunities.

Significant promotional efforts are employed to lend legitimacy, including creating Facebook pages and paid online adverts.

In addition, content creators are impersonated to endorse these products. Researchers indicated that these campaigns show a new approach to social engineering tactics to bypass security measures and further deceive users with sophisticated strategies.

Researchers have identified over 200 scam websites linked to a single address in Cyprus, likely belonging to an offshore company. Many of these fraudulent sites remain operational.

 

The mystery box scams employ different tactics to deceive targets.

 

According to investigations, the operators of mystery box scams are using various strategies in their advertisements to evade devices’ automatic detection.

These threat actors create multiple ad versions, only one of which contains malicious content, while the others showcase random product images.

Additionally, they often rely solely on images in the pitches, avoiding text in descriptions and placing it only within the images while using cropped images to alter visual patterns.

Facebook pages used to facilitate subscription scams are either newly created with algorithm-generated names or hijacked accounts that have been renamed.

Furthermore, a key variant of the subscription scam identified is the deployment of “mystery boxes.” Legitimate mystery boxes allow consumers to purchase a surprise collection of items branded under a specific theme.

In the fraudulent version, victims are asked to pay a small fee to acquire a mystery box, which allows scammers to collect their personal and financial details. The researchers reported that these scams have increasingly “flooded” social media platforms, fueled by sponsored advertisements.

These scams have evolved by incorporating surveys to confirm that victims are actual individuals, not bots, when they visit the sites to enhance their apparent legitimacy. This tactic further legitimises the operation.

Scammers have also introduced a subscription clause written in small print just before victims consent to payment and enter financial information, converting their initial purchase into ongoing charges.

Cybercriminals have invested significantly to make these counterfeit websites appear credible. Some mystery box ads redirect users to e-commerce sites featuring various products, including clothing, electronics, and beauty items.

These sites often offer various subscription tiers with enticing perks, misleading victims into believing they would gain discounts across the entire site.

Therefore, active social media users should be very cautious about these ads to avoid falling victim to these scams.