Use Cases

Smoke, Mirrors, and Sunglasses: Ray-Ban Shopping Scam

Arjun Sambamoorthy
Posted by

Arjun Sambamoorthy,Nov 24 2020

Smoke, Mirrors, and Sunglasses: Ray-Ban Shopping Scam
dots-bottom-bg

With Thanksgiving around the corner, millions of people are feverishly refreshing their browsers to catch the latest sale on their favorite branded goods. This public expectation of discounts is regularly exploited by cybercriminals and scamsters that either try to steal money/data, or just pull the wool over our eyes by selling us counterfeit goods.

In this blog, we’ll focus on a shopping scam where attackers impersonated Ray-Ban, a popular luxury sunglasses brand, in an attempt to sell fake branded goods. Clicking the shopping links in the email led readers to a site replete with Ray-Ban branding and seemingly counterfeit inventory for purchase at deep discounts (10% of the original price).

The Scam

A few days ago, we saw an email impersonating Ray-Ban attempt to hit multiple customer inboxes. The email promoted an 85% sale on Ray-Ban products and included several links for recipients interested in browsing and purchasing sunglasses.

A snapshot of the email is given below:

Img

Fig: Email scam advertising a sale on Ray-Ban sunglasses

Clicking the links in the email led victims to a fake website that was made to look unerringly similar to the official Ray-Ban website. The similarities in branding and color treatments is sufficient to trick people who haven’t visited the real Ray-Ban website before (or have just visited it in passing).

Img

Fig: The scam website was designed to resemble the look and feel of Ray-Ban’s website

The website domain - lstrb[.]com - was created in October 2020. The domain registrar is Cnobin Information Technology Limited, which is a company that provides turnkey websites among other services. It’s likely that scammers used Cnobin to stand up this fake website.

Img

Fig: Whois Record for the fake Ray-Ban site

The Endgame

It’s important to point out that this fake Ray-Ban site is NOT a phishing website. It has functioning search and ecommerce capabilities, it links to PayPal for final checkout, and it has copied over inventory from the real Ray-Ban website. The intent behind this website is not to steal account credentials, but to sell you counterfeit Ray-Ban goods.

In the comparison below, we checked the prices for the Clubmaster Classic brand of sunglasses. While it’s at full price on the real website, the same brand of sunglasses is available at a ~90% discount on the fake website. This repeats across almost every sunglass brand we checked on both sites.

Img

Fig: The fake website sells counterfeit Ray-Ban inventory at ~80-90% discount

In a way, the website is providing what the initial email promised - sunglasses at 85% off. But while victims might think they’re getting the deal of the century, the sunglasses they end up receiving will probably break apart after a couple of months. Or weeks. Or days…


Guidance and Recommendations

Here are some points of guidance for individuals or organizations looking to protect themselves against shopping scams driven by brand impersonation:

1. Too good to be true? Subject emails to rigorous eye tests

Whenever possible, engage with emails related to money in a rational manner, especially when you expect email frequency to be high (like during Black Friday season). Subject the email to an eye test that includes inspecting the sender name, sender email address, language within the email, and any logical inconsistencies within the email or the links it contains.

2. Stick to familiar online destinations during shopping season

Scammers know that people expect large discounts during the holiday season, and will send malicious emails to take advantage of our heightened expectations. For holiday shopping, it’s best to stick to popular online retailers or smaller but known retailers that you’ve interacted with in the past.

3. Follow 2FA and password management best practices

The scam highlighted in this blog wasn’t a phishing attack, but the same techniques could have been used in a shopping-themed phishing attack. Since all workplace accounts are so closely interlinked, sharing credentials to one of your accounts can prove to be very dangerous as cybercriminals send emails in your name to your customers, partners, and loved ones. If you haven’t already, implement these hygiene best practices:

  • Deploy two-factor authentication (2FA) on all possible business and personal accounts.
  • Use a password manager to store your various account passwords.
  • Don’t repeat passwords across accounts or use generic passwords such as your birth date, ‘password123’, ‘YourName123’ etc.

For more email security threat research, news, and industry guidance, sign up for email updates from Armorblox below. And no matter how good and inexpensive those jeans look online, make sure you’re ordering the real deal and not being duped into having a Bleak Friday.

Join Armorblox Mailing List