Ddos 
Bitdefender researchers have uncovered a sprawling web of subscription-based scams that blend professional-looking websites, social media manipulation, and financial trickery to steal victims’ credit card data and lock them into hidden recurring payments.
According to the Bitdefender report, this latest campaign involves over 200 fraudulent websites, all part of a growing scheme designed to appear “incredibly convincing,” and built to “trick people into paying monthly subscriptions and willingly give away credit card data.”
At the main of this operation lies an evolved version of the long-running mystery box scam — a bait-and-switch tactic in which users are lured with the promise of deeply discounted products hidden behind a veil of curiosity. But this time, the scam has grown far more complex and deceptive.
“Now, the mystery box scam has evolved in a new way. Right before you agree to give them money and financial information, you also agree to a subscription model (written in a tiny font)… that turns your current mystery shopping adventure into recurring payments.”
The campaign utilizes a cocktail of psychological manipulation and visual sophistication. Scammers impersonate content creators or spoof legitimate-looking Facebook pages, pumping paid ads across social media platforms to promote the scam.
“Scammers know that if a victim has reached the payment step, they’re already convinced the scam is real… It’s not just about closing the deal… but rather about stacking the fraud.”
A common address in Limassol, Cyprus (Andrea Kalvou 13) appears across many of the fraudulent websites, suggesting a coordinated operation possibly tied to an offshore entity. Bitdefender researchers also noted:
“The contact address… also appears in conjunction with a Cypryorecord in the International Consortium of Investigative Journalists (ICIJ) Offshore Leaks Database that is associated with the Paradise Papers leak.”
This address is now linked to a variety of online stores offering products ranging from outdated tech gadgets to cosmetic items — often accompanied by misleading promises of discounts, store credits, or VIP-tier membership perks.
To bypass detection, scammers employ several evasion strategies:
- Running multiple ad versions, with only one containing malicious content
- Hosting images via Google Drive, allowing silent updates
- Using only image-based ads with no readable text
- Homoglyph tricks and page impersonation
- Hijacking old Facebook pages and renaming them
These tactics make the scam ecosystem resilient, hard to flag, and alarmingly convincing.
Bitdefender advises online users to:
- Scrutinize ads promising unrealistically good deals
- Avoid entering payment details on unfamiliar websites
- Watch out for small print related to subscriptions or recurring payments
- Be cautious of mystery box-style offers, especially those linked through social media
“With funds pumped into ads, real-looking websites, impersonations of people and brands… we’re bound to see these kinds of frauds inundate the online world,” Bitdefender warns.
Donate