Facebook Marketplace Is Full of Fake, Scammy Deals

Security researchers have uncovered a wide-ranging scam in which fake websites are masquerading as major brands, such as Amazon, Bath & Body Works, Costco, Lowe’s, L.L.Bean, and more, on Facebook Marketplace by using the promise of killer deals that—big surprise—turn out to be fake. Bait, basically.

It’s all detailed in a report by Silent Push, a cyber-intelligence security company. They’ve termed the scam GhostVendors, and it involves more than 4,000 domains pretending to represent major brands.

using major brands as bait

“During our research, we found that after the threat actor posted its malicious Facebook Marketplace ads for a few days, it stopped its campaigns, thereby deleting all traces of them from the Meta Ad Library,” said the researchers.

For example, somebody not paying close attention to a fake ad for Dollar General may not notice that the URL says “dolllargenerai.com”, to use an example of a real dupe from the Silent Push report.

Another targets the Icebreaker activewear brand, using the URL “icebreaker-store.com”, and another that masquerades as Duluth Trading under the URL “duluthtradingclearance.com”.

Some are more obvious than others. “Costcosale.store” looks pretty obviously fake, as does “bathandbodyworks-us.sbs”. Many are banking on a viewer not paying super close attention to the URL they’re clicking on, rather than them being an outright oblivious person.

You can check out a partial list of URLs if you want to get an idea of how the scams are operating, although it’s far from complete. It does name all the brands the researchers have found being spoofed, though, if you want a heads-up on what to look for next time you spot what you think may be a killer deal on Facebook.

As always, anytime you’re clicking a link online, hover your cursor over it to get the little pop-up of the domain name and check that it’s legit. On a phone, tablet, or other touchscreen device, it’s harder to vet links. If you do click on them, check the URL after the first page loads to check its legitimacy before you do anything, especially before you enter any payment information or personal details.