How you can avoid the scam, or save yourself if you are already a victim.

One of your friends on Facebook wants you to look cool this summer, with high-quality shades at a low price. That’s why he tagged you in a picture on his page, an image of an ad for super-cheap Ray-Ban sunglasses, right?

Chances are, however, it wasn’t your friend, but instead a malicious schemer who took over your friend’s account and tagged not just you, but as many people as possible, to drive you all to a risky counterfeit sunglasses site.

A cybersecurity researcher has captured images of this scam ad in action, and wants to warn you before you give your credit card info away to liars and cheats.

Lukas Stefanko with cybersecurity company ESET said he saw the scheme unfolding in front of him.

“When I saw my Facebook friends get tagged in one week—for like the fourth time—it was very suspicious and I took a deeper look and started to investigate it,” Stefanko told Archer News.

The result? A window into the shady world of counterfeit goods peddled online by bad guys willing to hack your account in order to make a sale.

How it works

First, the bad guys use malware or social engineering to steal your Facebook user ID and password, Stefanko said.

“Bad guys will overtake the victims Facebook account and upload approximately 20 images,” he said.

The images are ads for Ray-Bans—which can cost more than $200—at 90% off, or less than $20.

“Just one day only!” the ad may say, with an image of Tom Cruise in shades, echoing his iconic look from the movie “Risky Business.”

The schemers tag only four to six friends for each image, so as not to raise too much suspicion, Stefanko said. But that can be enough to lure hundreds of people in.

“Let’s say five people are tagged in one image, and if each of these five people has about 200 Facebook friends, then this image can have as much as 1,000 views,” he said. 

Even worse, this might happen on your page, without your knowledge.

“Yes, it is possible that victim would not be aware that someone overtook his account,” he said.

Counterfeit

Some people don’t care if the “designer” items they buy are actually counterfeit.

A news anchor in Portland, Oregon purchased a counterfeit Kate Spade bag right after the news station aired an investigation into counterfeit purse sales rings potentially allowing criminals to raise money for terrorism, according to law enforcement officials.

The anchor sniffed, “I don’t care if this Kate Spade bag IS counterfeit. As long as it doesn’t LOOK counterfeit.”

But buying counterfeit glasses through this Facebook ad scheme could put you not just at moral risk, but also financial risk, according to Stefanko.

The false Ray-Ban sites do not use secure payment portals, Stefanko wrote in a post about his research on WeLiveSecurity, leaving your credit card info up for grabs.

“These fake e-shops are not secure and don’t use an SSL [Secure Sockets Layer] certificate to encrypt communication between client and server,” he said. “Customer credit card details therefore, are sent to the attacker’s server in plain text and can be misused in the future.”

“With the high number of similar looking e-shops offering huge discounts, there is also the probability that customers will neither receive the sunglasses they ordered, nor get their money back,” he added.

Deep discount

Similar “friend” ads have hit before. Last summer in the U.K., schemers offered Ray-Bans for 80% off, posting their ads on people’s Facebook pages and in Facebook comment sections, reported Cambridge News.

Researchers also found fake Ray-Ban ads on Facebook in 2014, after they set up a dozen “dummy” Facebook pages to investigate counterfeit fashion goods advertising. They ended up seeing ads claiming to be from sites like “Ray-Ban Official Site – USA.”

But researchers Andrea Stroppa and Agostino Specchiarello said the sites were not official at all, and usually had connections to China.

In their study, they said they did not have definite evidence that the culprits were from China, but noted that the many of the site registrants were Chinese citizens who used Chinese e-mail accounts, and the sites used a Chinese-language version of a well-known e-commerce system.

Scheme team

It takes a small army to run this scheme, the researchers said in their study.

“It seems that each illicit operation relies on a managing team, with different people taking care of website management, administrative tasks, customer care, counterfeit goods production, and online advertising (such Facebook sponsored ad campaigns),” the study said.

This team of schemers apparently does not include a focus on cybersecurity for customers.

“These websites apply outdated security protocols, thus showing a complete disregard for the safety and security of its user personal data,” the study said.

The latest round of scam Ray-Ban ads has similar ties, according to Stefanko.

“Most of them [the fake Ray-Ban ad domains] are situated in China and were registered this year,” he said.

How do the bad guys hijack my account?

Some Facebook users are giving up their passwords and IDs for money, reported WHNT in Huntsville, Alabama last month.

Facebook ads offering people $50 to $100 to participate in a “paid study” researching social media use turn out to be a way for the “researchers” to take over accounts, the Better Business Bureau said.

If you sign up for the study, you have to give the researchers your Facebook password and ID, the BBB said. You may also have to attach a small device to your Internet router.

Some companies are using those devices for “social spoofing,” said the BBB. The “researchers” post ads on Facebook under your name.

Save yourself

If someone has posted fake ads on your Facebook account, Stefanko has advice for you:

• Change your Facebook password immediately (Settings -> General -> Password)
• Remove all suspicious apps from your Facebook that can automatically post content on the Facebook wall without user knowledge (Settings -> Apps).
• Scan your computer with an up-to-date antivirus software.

“If the user still has doubts, he can always view his previous account activity by going to Settings -> Activity Log,” Stefanko wrote. “There he/she can check for activities possibly caused by malware or the attackers, such as posting or sharing images, or making unwanted friend requests and likes.”

Unhappy customer?

What if you saw the ad on your friend’s page and fell for the scheme?

“If you already got tricked and bought sunglasses via these fake websites, we advise you to call your bank and cancel the money transfer immediately,” said Stefanko.

“Credit cards used to buy the counterfeit goods can be compromised as well, and should also be reported to the bank,” he said.

More protection

You can take steps to ward off this kind of scheme.

“If you don’t want to spread bogus ads amongst your Facebook friends unknowingly, you can review posts and pictures your friends tagged you in, before they appear on your timeline,” said Stefanko.

“You can activate this feature by going to Settings -> Timeline and Tagging -> Review posts friends tag you in before they appear on your timeline? -> Enable,” he wrote.

And a final note.

“Don’t trust bogus extremely low price ads and certainly don’t click or order the goods displayed,” he said.