200+ Fake Retail Sites Used in New Wave of Subscription Scams

Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn how to spot these fraudulent schemes and protect your credit card details.

Cybersecurity experts at Bitdefender have observed a notable rise in online scams involving fake ads and websites that trick people into unknowingly signing up for subscriptions. This new wave of scams is different compared to past attempts because of the effort criminals put into making these fake websites believable enough to get people to share their personal and financial information.

Bitdefender discovered over 200 incredibly realistic websites offering a wide range of products, including shoes, clothing, and electronics. Customers are tricked into providing credit card information and agreeing to monthly subscriptions without realizing these are fake.

In their detailed blog post, Bitdefender noted a particular trend of “mystery box” scams, which involve paying a small amount for a box of unknown items, often with hidden recurring payments and links to fake online shops. Scammers impersonate content creators or create fake pages on Facebook and other social media platforms to promote these fraudulent schemes. They exploit people’s reluctance to pay attention during online purchases considering the offer is genuine to introduce a second layer of deception before the payment is completed.

This scam has various versions, each exploiting the human fascination with the unknown. Such as offering boxes supposedly left at post offices or bags found at airports, requiring a small payment to claim ownership, with the primary objective being collecting financial information from victims who believe they are getting a great deal.

Given the increased public awareness regarding mystery box scams, cybercriminals have adapted their methods to continue defrauding people. Victims are unknowingly enrolled in subscriptions before completing payment for a mystery box, often with subscription terms hidden in small print. Many of these sites are still active, researchers noted.

These scams are heavily promoted on social media through sponsored ads and sometimes via links to subscription-based online shops registered in Cyprus. This suggests an offshore company’s involvement, as per Bitdefender’s analysis, shared with Hackread.com.

The deceptive ads frequently redirect users to various online stores offering diverse goods. Researchers discovered around 140 websites employing this tactic, with one example revealing a hidden recurring charge: “Buy at member price and get FREE access… with an account top-up of 44.00 EUR/every 14 days.”

These ‘electronic stores’ offer numerous membership tiers with benefits, but subscription costs vary. Store credits and discounts are used to deceive victims into believing they’re making a worthwhile purchase, even though some sell outdated and overpriced items.

Notably, the contact address of many of these hundreds of active websites (Andrea Kalvou 13, 3085 Limassol) has been linked to the Paradise Papers leak in the ICIJ Offshore Leaks Database, suggesting a potentially wider network of illicit activity.

The profitability of the subscription model is driving criminals to invest in ads featuring fake endorsements and to expand their schemes beyond mystery boxes to include other deceptive offers like low-quality products and fake investments.

“With funds pumped into ads, real-looking websites, impersonations of people and brands, and all kinds of other avenues of attack, we’re bound to see these kinds of frauds inundate the online world,” researchers concluded.