- AWS no longer offering private 5G, cedes field to established industry players and carriers
- Agentic AI, LLMs and standards big focus of Red Hat Summit
- The best free AI courses and certificates in 2025 - and I've tried many
- I replaced my laptop with Microsoft's 12-inch Surface Pro - here's my verdict after two weeks
- I gave away my Kindle and iPad within hours of testing this tablet
Mystery Box Scams Deployed to Steal Credit Card Data
Cybercriminals are engaging in sophisticated subscription scam campaigns, involving “incredibly convincing” websites, Bitdefender researchers have warned.
These include the use of “mystery box” scams, designed to trick people into paying monthly subscriptions and giving away their credit card data.
The fake websites purport to sell a range of products, including shoes, clothes and electronics as well as promoting fake investments.
The scams involve significant promotion efforts to make them appear legitimate. These include the creation of Facebook pages and paid online advertising.
Content creators are also being impersonated to promote products.
The researchers said the campaigns are part of a broader evolution of social engineering techniques, designed to bypass security protections and trick users with more sophisticated approaches.
“Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their game. They have already begun crafting more complex and convincing schemes to bypass skepticism and lure victims into handing over sensitive information, especially credit card data,” they wrote.
The researchers added: “With funds pumped into ads, real-looking websites, impersonations of people and brands, and all kinds of other avenues of attack, we’re bound to see these kind of frauds inundate the online world.”
Bitdefender traced over 200 different websites used in these scams to a single address in Cyprus, which is likely home to an offshore company. Many of these websites are still up and running.
Detection Evasion Techniques
Bitdefender observed scammers deploying several techniques in the adverts, designed to evade automatic detection on devices.
These include creating multiple versions of the advert, only one of which is malicious. The others displayed random product images.
They also often rely exclusively on images in the ads, with no text in the description, just in the image itself. Cropped images are used to alter visual patterns.
Facebook account pages used to promote the subscription scams are either created from scratch with names generated by algorithms, or have been hacked and taken over, after which they have been renamed.
Mystery Box Scam Evolution
One prominent variant of the subscription scam model observed by Bitdefender involves the use of “mystery boxes”.
Legitimate mystery boxes offer consumers a chance to buy a mysterious box of items, often relating to a common brand or theme.
In the scam version, the victim is told to pay a minimal sum of money to purchase a mystery box, enabling scammers to collect their personal and financial information.
These scams have “flooded” social media, made possible by sponsored ads, the researchers wrote.
To appear more legitimate, the scams have evolved to include the addition of surveys “to ensure” victims are a real person and not a bot when visiting the website. This makes the enterprise appear more legitimate.
In addition, scammers have added a subscription clause, written in tiny font, just before the victim agrees to give money and input financial information. This turns their purchase into recurring payments.
The researchers highlighted the “significant investment” cybercriminals have undertaken to make these fake websites look legitimate.
Some of the mystery box adverts take users to online shops containing a variety of products like clothes, electronic equipment and beauty products.
These shops offer different subscription tiers with various perks. These are designed to trick people into paying one of these subscriptions, believing that it will provide them with discounts across the entire website.
“It’s all very complicated to follow, with store credits, discounts, credits that you can top up every 14 days, and so on. The basic idea is to have a process as convoluted as possible and make it sound like a good idea at the same time. By the time the victim actually pays for a subscription, it already seems like an investment,” the researchers explained.
