Fake LEGO website promoted through Facebook’s sponsored adverts

Crooks have yet again managed to exploit Facebook’s sponsored adverts feature to promote scams leading to spoof LEGO websites.

We’ve previously reported on how scammers have been managing to infiltrate Facebook’s sponsored adverts platform to promote get-rich-quick scams. Such scams have been leading Facebook users to websites peddling scammy get-rich-quick scams claiming visitors can get rich with binary options trading websites.

And in the run up to Christmas, crooks are also promoting counterfeit products on phony retail websites. Websites that – if you enter your card details – will most likely steal those details and use them to commit identity theft.

The advert below, for example, has been spotted on newsfeeds across the United Kingdom. The advert, posted by a Facebook page titled Last 7 days discount, claimed to offer incredibly cheap LEGO products.

Clicking the link leads to the website http://kai.yuyuezhipin.com, which in itself should raise a significant red flag for would-be buyers.

Listed on the website are dozens of LEGO products that are priced at up to 80% off the retail price. For example, LEGO Hogwarts Castle, that is priced at £350 on the official online LEGO shop is listed here at only £61.99. That may be a little too good to be true.

When selecting a product and heading to the checkout, users are asked to fill out their personal information and credit or debit card details on a webpage that is not secure (see below) meaning it doesn’t begin with https, just http (Google Chrome, the browser in the screenshot below, simply labels the website Not secure next to the browser address.) This means that eavesdroppers can easily steal this information once the visitor hits the submit button. It’s also another big red flag that the website is fake and shouldn’t be trusted.

Anyone entering their details into this webpage is likely to have their money and details stolen by crooks, and they can be sure that no heavily discounted LEGO products will be on their way.

Counterfeit websites like the example above claiming to sell heavily discounted goods are popular, especially at this time of the year. Here we give you some tips on avoiding them.

– Don’t trust websites you don’t recognise. Just because they appear to represent a well-known brand, it doesn’t mean they do. Check the web address at the top – if it appears suspicious, don’t buy anything or give out any information. Try and stick to recognisable brands – and if you are on a website you don’t know, do your research before you buy anything.


Sponsored Content. Continued below...




– Watch out for bad spelling and grammar. Counterfeit websites are often created by crooks in Africa or Asia where English isn’t a first language.

– Don’t enter your details on unsecured webpages. Websites MUST provide you with a secure webpage to enter confidential banking information. This means the web address will begin with HTTPS (the S stands for secure.) Certain browsers, such as Google Chrome, will instead simply say either Secure or Not Secure in the address bar. Chrome will also provide a warning when entering your card details on an unsecured webpage.

– If it appears too good to be true, it probably is. Just as with our LEGO example above, it’s pretty unlikely that expensive products will be discounted at over 80% off.

– Have good antivirus installed on your computer. Malware can direct users to malicious phony websites without their knowledge, or logged all keystrokes including passwords and banking information. See our recommended editor’s choice software below.

thatsnonsense.com recommends...
When it comes to premium security software for the home, we recommend Bitdefender Total Security 2020 because of its great detection & removal rates and advanced features that tackle ransomware. (click here to check it out.)

– Don’t shop on public Wi-Fi networks or on shared public computers.

– If in doubt, ask first. If you’re unsure, get advice first.

– And as we can see here, just because a website is being promoted by Facebook, this doesn’t mean it’s legitimate either.