Threat Research

Fake Nike deal spreading on Facebook

Matěj Krčma, 4 April 2019

Learn how to spot online scams like the ridiculous $26 Air Jordans.

Social media networks are a great way for people to connect, keep in touch, update friends and family, but also a great place to spread fraudulent offers. Cybercriminals continuously take advantage of social media networks, like Facebook, to make money by spreading fake shopping deals. The latest fake deals we have come across are fake Nike websites being shared on social networks.

Creating the perfect scam

The purpose of this particular Nike scam is for cybercriminals to make money. The way they do this is by spreading fake sites selling popular products at extremely low prices on social media networks, like Facebook. In this case, Nike is being used to lure people onto the fake site, which “sells” popular shoes, like Air Jordans, at ridiculously low prices. Once a customer makes a purchase, the cybercriminals charge their credit card for products that will never arrive at their doorstep.

You might be asking yourself why anyone would fall for a cheap scam like this. You most likely have a few favorite online stores and are probably cautious when purchasing products elsewhere, which is why cybercriminals choose to spread scams like this on Facebook — to reach a new target audience they otherwise wouldn’t. People are also likely to be more susceptible to phishing attempts when they are in an environment they know very well and is shared by their friends and relatives. Why wouldn't you trust a friend sending you a link to an online store having huge sales? Especially when they’re selling your favorite sneakers at an 80% discount. Your friend's profile might have been hacked, though, and a bot probably sent the message. Also, with an average number of 338 friends per user, it's easy to lose track of everyone's activity. People may have stopped using the account or haven’t logged in for a long time and may not be aware that someone else gained access. A common problem is the reckless sharing of your personal data with careless third-party developers on a platform such as Facebook.

Pay close attention to detail

In addition to abusing people’s trust by using other people’s Facebook accounts to spread the fake website, the page is well-made with a responsive template and even displays a mobile- friendly version when people open the site on their smartphone. An important aspect, especially for fraudsters, is that they are targeting people from countries with low rates of personal computer ownership.

nike-fake-website

Most of the elements on the website actually work. You can search for products, browse through the terms & conditions, and even register an account with the site.

If you take a close look, however, you’ll notice a few shady things, including the "Contact Us"  page:

contact-us

This page contains no legitimate information. You should always watch out for shops without a physical location listed on their website. The lack of a telephone number is also a sign that something is off. And finally, the text contains grammatical errors.

Customer reviews and comments can also be made up, giving shoppers a false impression. If you click on the social media buttons on the website, nothing will happen, and you will stay on the same page. You can notice in the screenshot below, following “href=” there is a #? There should be a link pointing users to the website’s Facebook page, or Twitter feed. However, the href=”#” just points to the top of the page.

href-no-social-links

Creating social media pages would require extra effort, effort that is just not worth it for these cybercriminals.

Another red flag is the volume of sales. It is probably normal to have few items on sale in a regular shop, but not everything!

great-deal-too-good-to-be-true

As an example, in the above screenshot they are offering Air Jordan’s with a price drop of 87%. Furthermore, all the shoes are in stock in various sizes. You can order 10,000 pairs of sneakers worth thousands of dollars on this website, which is not normally possible on trustworthy websites, as stock is limited. This all does not add up, right? Indeed, it doesn't.

Making its way around the world

Let's concentrate on the geographical location of the scam now. The fraudsters are mainly targeting Eastern Europe and the Baltic states. But we also recorded attacks in Brazil and Indonesia. The number of times we blocked people from accessing the websites is low, which may be a result of people marking the posts as spam to Facebook, and Facebook taking them down.

fake-fb-websites-detection-mapThe cybercriminals behind the scam use a simple technique to trick users into thinking that the online shop is the real deal. They use a combination of “nk” like in Nike , plus a random combination of three letters as the websites’ domain name, a few examples can be seen in the screenshot below. The shorter the domain name, the less attention it gets. That is the attacker’s goal.

fake-urls-fb-websitesIf we look into the registrant of the domain, using the publicly available tool called “whois”, we get more useful information.

fake-websites-registrantsThe information we get from “whois” proves that this is not a Nike subsidiary or even a regular business. We don’t know who the registrant is, the website is only a few days old, and it was registered in China.

Going a step further, we performed a search for the shop and on the first page of the Google search results included a forum post complaining about other, similar fake shops dating back to 2014. Fraudsters have been in business for a long time.

How to avoid online scams

Last year, all kinds of fake content was spread on the web. AI-generated videos proved to be almost indistinguishable from the real ones. The volume of fake news created by questionable publishers increased. It seems that navigating through the rough seas of the internet these days is harder than ever. So, let's go through some basic tips you can follow to protect yourself from falling victim to a shopping scam:

  1. Do some research. Try to look for the owner of the business on the website. Do they have an address on their website? If yes, copy and paste the address into Google Maps and have a look at the street view. Also, search for  the website and check the Facebook post for reviews. Carefully consider what others wrote about their experience with the website. Did they ever receive the products they purchased? How was the quality? How responsive is the company?

  2. Question the sender. If you receive a link through an instant messaging app, pay attention to the sender. Do you know the sender well, or is it someone you added as a friend a long time ago and don’t know very well? Would this person even send you an offer like this?

  3. Inspect the website. It is difficult to determine if an online shop is fake or not, so pay close attention to the details. Check the prices, products available in stock, shipping rates, and the language and images used on the site. If any of these appear suspicious, you may want to avoid making a purchase.

  4. Let us know. Please note that everyone can report malicious content to Avast. You can go to https://www.avast.com/report-malicious-file.php and click on the “website” radio button, paste the fishy URL into the form and hit send. Quite easy.