Skip to content

Scammers are using mystery boxes to steal your credit card

  • by
  • 2 min read

Security researchers have discovered subscription scam campaigns that use mystery box scams to trick unsuspecting victims into paying for monthly subscriptions and giving their credit cards away in the process. The scammers are mostly using Facebook to target victims.

Bitdefender researchers discovered the campaign, which involves more than 200 unique websites. Cybercriminals seem to have made significant investments in the campaign to make the fake sites look “convincingly legitimate,” the report adds.

These sites sell everything from shoes, clothes, electronics, and more. There are several variants of these mystery box campaigns out in the wild. Some claim to be boxes left at post offices and airport customs, while others are clearance sales from large retail chains or shopping centers.

This is an image of mystery box scam ads
Ads for fake mystery box scams. | Source: Bitdefender.

The scam is also two-phased. First, the scammers get users to believe that by just spending a few dollars a month, they can subscribe to mystery boxes that can have items of much higher value. Once the victim has reached the payment page, the cybercriminals slip in another scam. In addition to scamming users for the price of a recurring mystery box subscription, they also collect financial and personal information submitted during the payment process.

Scammers are also trying their best to evade automatic detection of scammy ads online. Researchers note that the scammers often create multiple versions of an ad, with only one being malicious and others displaying random product pages. They also upload images directly from Google Drive, making them easy to replace later.

Images are the centerpiece of these scam ads, as the scammers rely exclusively on images with no text in the ad description. Other tactics include using cropped images to change visual patterns and classic homoglyph techniques.

It’s also difficult to link the mystery box scam with the swarm of 200 websites the researchers discovered. However, the payment screens for some of the mystery box scams have links to Cyprus-registered subscription shops. The scams share the subscription idea, indicating a potential link.

In the News: Anthropic’s Claude AI exploited to for hundreds of fake political personas

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

Photo: patrickassale / shutterstock. Com

Anthropic’s Claude AI exploited to for hundreds of fake political personas

Tada images / shutterstock. Com

Google fixes actively exploited Android flaw with May security update

This is an image of scam featured 12341224

Brand new investment scam checks your IP address before scamming

This is an image of hacked security privacy

Co-op partially shutters IT systems after cyberattack

This is an image of protonmail featured 13

Indian government directed to block Proton Mail

This is an image of dark web hacker security

Malware-laden text editor used to target Uyghur users

>