Scammers are utilizing Google Adverts to pose as Tesla in an elaborate cybercrime marketing campaign that goals to acquire illicit preorders for the corporate’s unreleased Optimus humanoid robotic and different gadgets.
These misleading sponsored listings seem prominently in search outcomes for phrases like “Optimus Tesla preorder,” directing customers to counterfeit web sites that mimic Tesla’s official area.
In contrast to conventional phishing assaults aimed toward credential theft, this operation focuses on extracting non-refundable deposits and probably harvesting cost card particulars for resale or fraudulent use, exploiting the hype surrounding Tesla’s AI-driven robotics developments.
Rising Rip-off Targets Tesla Fans
The rip-off capitalizes on Tesla’s historical past of accepting preorders with refundable deposits for merchandise just like the Cybertruck, making a veneer of legitimacy.
Nevertheless, Tesla has not formally introduced preorders for Optimus, regardless of demonstrations showcasing its evolving capabilities in duties comparable to dishwasher loading, laundry folding, and garden mowing.
Fraudulent websites demand a $250 non-refundable deposit, aligning intently with Tesla’s previous pricing methods to boost credibility.
Investigations reveal that these platforms don’t course of precise costs instantly; as a substitute, they acquire bank card info, which might be exploited in a while underground markets or “carder” boards on-line black markets for stolen cost knowledge that stay energetic regardless of legislation enforcement crackdowns.
Forensic examination of the implicated domains, together with offers-tesla.com (at present operational), exclusive-tesla.com, and prelaunch-tesla.com (each lately taken offline), exhibits they deploy near-identical replicas of an outdated Tesla.com format from round March to Could 2025, primarily based on file timestamps in uncovered directories like /api and /js.
These websites lack useful login pages, a deliberate omission that stops customers from monitoring order standing and delays rip-off detection.
Technical Evaluation Reveals Copied Designs
When making an attempt a take a look at transaction, the system accepts invalid card particulars with out quick validation, redirecting to a bogus authentication subdomain like auth.cp-tesla.com a delicate deviation from Tesla’s official auth.tesla.com endpoint.
No affirmation emails are dispatched, suggesting automated failures or spam filtering as a part of the ruse to keep away from scrutiny.
Extra suspect domains comparable to private-tesla.com, corp-tesla.com (which redirects to the actual Tesla website), www-tesla.com, and hyper-tesla.com exhibit various states of accessibility, indicating a rotating infrastructure to evade takedowns.
Hosted behind Cloudflare’s content material supply community, these websites obscure their origins and improve resilience in opposition to detection.
Knowledge submission routes to disparate endpoints, together with https://caribview.data/tesla/, hinting at a distributed command-and-control setup that fragments proof trails.
This modular structure not solely facilitates speedy deployment of recent pretend websites but additionally complicates attribution, as menace actors can pivot domains swiftly upon discovery.
The absence of quick monetary processing raises suspicions of knowledge harvesting for card-not-present (CNP) fraud, the place stolen particulars are used for on-line purchases elsewhere.
Whereas Tesla probably screens and points takedown requests evidenced by the brief lifespan of those websites, typically simply days the marketing campaign persists by way of Google Adverts’ sponsored ecosystem, underscoring vulnerabilities in advert verification processes.
Victims could stay unaware till anticipated supply dates move, probably months or years later, amplifying the rip-off’s stealth.
Cybersecurity consultants suggest verifying URLs immediately on tesla.com, avoiding unsolicited adverts, and reporting suspicious listings to Google and authorities to mitigate such threats.
This incident highlights broader dangers in AI product hype, the place enthusiasm for improvements like Optimus blinds customers to social engineering techniques.
As Tesla advances its robotics with out agency launch timelines, shoppers ought to train warning, prioritizing official channels to forestall falling prey to those evolving monetary exploitation schemes.
Discover this Information Attention-grabbing! Comply with us on Google Information, LinkedIn, and X to Get Instantaneous Updates!
