ONE ELECTRONIC STORE SOLD OLD CABLES, OBSOLETE TECHNOLOGIES AND OTHER DEVICES THAT COULD BE BOUGHT FOR A FRACTION OF THE PRICE FROM CHINESE STORES.
INDUSTRY WATCH
ID, Bitdefender researchers found more than 200 websites in this campaign, many of which are currently still online.
Basically, people might be tempted to pay one of these subscriptions, believing that it will provide them with discounts across the entire website. The shop owners even offer various subscription tiers, but the sums vary from one website to another.
The discounts offered are based on store credits, which are transformed using a 1:1 ratio. So if you invest € 68 you get 68 credits. If you want to buy something like a piece of furniture, for example, this is what it would look like.
It’ s all very complicated to follow, with store credits, discounts, credits tops every 14 days and so on. The basic idea is to have a process as convoluted as possible and to make it sound like a good idea at the same time. By the time the victim pays a subscription, it already seems like an investment.
In many cases, the scammers promise all the best products money can buy, but their offers are ridiculous. One electronic store sold old cables, obsolete technologies and other devices that could be bought for a fraction of the price from Chinese stores.
It’ s also important to mention that the contact address mentioned in most of these hundreds of websites
( Andrea Kalvou 13, 3085 Limassol) that are still up and running also appear in conjunction with a Cypriot record in the International Consortium of Investigative Journalists( ICIJ) Offshore Leaks Database that is associated with the Paradise Papers leak.
The subscription allure is too strong
Criminals have been pumping funds into ads and promoting impersonated content creators, using the same subscription model that now seems to be the driving revenue stream of these scams.
Scammers often change the impersonated brands and they’ ve begun expanding past the existing mystery boxes. They are now trying to sell low-quality products or imitation articles, fake investments, supplements and much more.
We have observed several techniques used to evade automatic detection:
• Multiple versions of the ad, with only one being malicious while the others display random product images.
• Uploading images directly from Google Drive( so they can be replaced later).
• Using cropped images to alter visual patterns.
• Relying exclusively on images in ads, with no text in the description( text appears only in the image itself).
• Classic homoglyph techniques.
• Some of these account pages can be created from scratch with names generated by algorithms, or they’ ve been hacked and taken over, after which they’ ve been renamed.
These stores might not seem to have anything in common, but for the most part they use the same design, the same themes, the same AI agents, and similar registration information, pointing to Cyprus.
ONE ELECTRONIC STORE SOLD OLD CABLES, OBSOLETE TECHNOLOGIES AND OTHER DEVICES THAT COULD BE BOUGHT FOR A FRACTION OF THE PRICE FROM CHINESE STORES.
While it’ s difficult to make a direct connection between Mystery Box Scams and this swarm of websites, the fact that the payment screen for some Mystery Boxes have links to Cyprus-registered subscription-based shops is suspicious, to say the least. Especially when the scams share the same subscription idea.
While many of these frauds are seemingly linked to the same operators, a lot of other scammers also figure out that subscription is the new normal. With significant investment fuelling sophisticated advertising, convincing fake websites, and the impersonation of trusted individuals and brands across numerous attack vectors, a surge in these fraudulent activities is an inevitable prospect for the online world. p
68 INTELLIGENTCIO EUROPE www. intelligentcio. com