A new scam network, known as ERIAKOS, is targeting Facebook users through a vast array of fraudulent e-commerce websites. Detected by Recorded Future’s Payment Fraud Intelligence team on April 17, 2024, the network uses over 600 fake sites and relies on brand impersonation and deceptive advertisements to steal personal and financial data. The scam primarily targets mobile users who are enticed by limited-time discounts and fake user comments promoting these counterfeit sites.
The ERIAKOS campaign specifically utilizes mobile devices to avoid detection by automated systems. The fraudulent sites are only accessible via mobile, and the network employs ad lures on Facebook to direct users to these sites. With as many as 100 ads related to a single scam website served in one day, the attackers effectively exploit the platform’s advertising capabilities to reach a wide audience.
The fake websites impersonate major e-commerce platforms and power tools manufacturers, along with offering bogus sales for well-known brands’ products. These sites are supported by fake user comments on Facebook, further enhancing their credibility and drawing in unsuspecting victims. The scam is part of a broader trend of criminal e-commerce networks that aim to harvest credit card information and profit from fake transactions.
This latest scheme follows other significant cybercrime operations, such as BogusBazaar, which operated 75,000 fake online stores and generated over $50 million, and the R0bl0ch0n TDS traffic direction system. These operations underscore the increasing sophistication of online fraud tactics, as seen in recent malware campaigns where fake Google ads were used to spread malicious software.