Scam of the Week: Ray-Ban Phishing Scam

rayban scam header.png

Instagram users are being warned not to fall for a new phishing scam that's designed to trick them with the lure of cheap Ray-Ban sunglasses.

If you’re a regular Instagram user, you may have noticed your friends posting lots of images this week with offers of heavily discounted Ray-Ban sunglasses. The scam is circulating widely on the social media platform and huge numbers of people have already fallen for it.

The photos come in a range of different forms but tend to feature the Ray-Ban logo and sunglasses, alongside tempting offers such as ’90% Off’ and ‘One Day Only.’ The post also includes the name of a website, assuring the user that it’s ‘official’.

Of course, there’s nothing official about it, and if you type in the dodgy web address, you will be brought straight to a phishing website that's been specifically created to steal your personal details and Instagram login information.

Image: Fake Ray-Ban promotional post 

instagram-rayban.jpg

This type of scam takes advantage of accounts that have previously been compromised, whether it’s from a previous phishing attack or if a user’s credentials have been stolen from one of the many data breaches over the last few years.

If the crooks can gain access to an account, they can then use the user’s profile to spread the scam and post what appears to be legitimate photos. However, the scam rarely ends there. The personal details and contact information will then be used for further spam messages or the delivery of malware.

There’s no doubt that the offer of purchasing Ray-Bans at a knock down price of £17.65 is hugely enticing, but users should exercise extreme caution with any offer that seems too good to be true.

How to protect your Instagram Account

  • Don’t click on suspicious links–Instagram will never ask users to click on a link to update their personal details. These links will nearly always be created to steal sensitive information or deliver malware. If you’re unsure if the request is legitimate or not, go directly to the Instagram support pages and double check.

  • Use unique Instagram login details –Always use unique login details for each of your social media accounts so that in the event of being phished, attackers won’t have access to your other online accounts.

  • Review account settings – Ideally you should restrict all sections to be viewed/shared to ‘friends only’.

  • Only buy apps from trusted stores - Buying apps from trustworthy sources reduces the chance of your device being hacked or infected with malware.

  • Install Anti-Virus Software - The installation of anti-virus software will help detect threats on your device and block unauthorised users from gaining access.

  • Use strong complex passwords – A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For extra security, a passphrase can be created which is a password composed of a sentence or combination of words.

  • Enable Two-Factor authentication – Two-factor authentication provides an extra layer of defence in securing your accounts. If you enable this, Instagram will text you a unique code for logging in.

  • Delete Ray-Ban posts from your page – If a Ray-Ban promotional post has been uploaded on to your page, you should delete it immediately to prevent your friends being scammed with the same post.

  • Be vigilant – If an offer seems to good to be true, it usually is!

MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees to identify and respond appropriately to these threats.

To find out how you can protection your business and information, contact us below.