A Milwaukee tool chest or Birkenstock sandals at half price? A massive fake marketplace scam campaign involving dozens of major brand impersonations and over 4,000 domains has been discovered. Scammers are running tons of ads on social media.
Threat Analysts at Silent Push have discovered a sprawling, massive fake marketplace network, which they dubbed “GhostVendors.”
Over 4,000 scam websites are impersonating Amazon, Argos, Costco, Nordstrom, Rolex, Birkenstock, and dozens of other well-known brands.
They’re promoted through Facebook Marketplace ads, the proof of which vanishes once their campaigns end. The researchers warn that scammers exploit existing Meta policy to hide their tracks, while exploiting major brands via fraudulent ads, and then completely remove them.
“We found that after the threat actor posted its malicious Facebook Marketplace ads for a few days, it stopped its campaigns, thereby deleting all traces of them from the Meta Ad Library,” the report reads.
“Meta’s policy dictates that any other types of ads are ONLY saved while those ads are part of active campaigns.”
Like many other similar scams, cybercrooks promote very low-priced products to lure unsuspecting shoppers. In one case, scammers spoofed the Milwaukee Tools brand under the sponsored ad with the name “Millaeke.”
However, it featured the original image of the toolbox and a price tag of $129. The advertiser’s name was “Millaeke,” and the domain it promoted in the ad was wuurkf[.]com.
In other ads, scammers often used keywords such as “Clearance” or “Holiday Celebration Sale” and other too-good-to-be-true deals to lure visitors to malicious websites.
The threat actor often clones website templates and spins up dozens of look-alike fake copies.
Silent Push warns that hackers are using fraudulent websites to conduct various types of financial fraud.
“This is achieved by either not delivering the ordered products or stealing victims’ payment details,” the researchers said.
However, the report mainly focuses on the significant challenges defenders face when tracking these campaigns due to Meta’s lax ad data retention rules, enabling the rapid launch-and-stop tactic to remain undetected.
“It’s currently impossible to holistically track malicious ads on this network,” the researchers said.
Your email address will not be published. Required fields are markedmarked