A malware operation has surfaced in the context of a complex cyber threat landscape, using tainted Google Ads to pose as Tesla and trick consumers into placing fictitious preorders for the unannounced Optimus humanoid robot.
Security researchers have identified multiple malicious domains mimicking Tesla’s official website, capitalizing on the electric vehicle giant’s history of accepting deposits for upcoming products like the Cybertruck.
These scam sites, appearing prominently in sponsored search results for queries such as “Optimus Tesla preorder,” redirect victims to cloned interfaces that solicit non-refundable $250 deposits, aligning closely with Tesla’s past preorder models to enhance credibility.
Unlike traditional phishing operations that harvest login credentials, these sites eschew authentication pages entirely, potentially to avoid detection and prevent users from verifying nonexistent orders, thereby delaying victim awareness until well after the initial transaction.
Fake Preorder Scams
The campaign’s technical infrastructure reveals a calculated approach to deception and data exfiltration.
Domains such as offers-tesla.com remain active, while others like exclusive-tesla.com and prelaunch-tesla.com have been taken offline, likely due to takedown requests from Tesla’s monitoring teams.
Additional suspect domains, including private-tesla.com, corp-tesla.com (which redirects to the legitimate tesla.com), www-tesla.com, hyper-tesla.com, and auth.cp-tesla.com, form a network of deceptive endpoints.
The primary fake sites replicate an outdated version of Tesla’s web design, with file timestamps from March and May 2025 indicating when the legitimate site’s assets were scraped and repurposed.
Hosted behind Cloudflare’s content delivery network, these impostor platforms obscure their origins and resist easy takedowns, while open directory listings such as /api and /js expose backend artifacts, hinting at a hastily assembled operation.
Phishing Sites Harvest Payment Data
Operationally, the scams extend beyond Optimus to fictitious preorders for other Tesla products, broadening the attack surface.
According to the report, when users input payment details, including credit card numbers, the data is not immediately processed on-site but funneled to secondary endpoints like https://caribview.info/tesla/, suggesting a modular architecture for data harvesting.
Testing with invalid card numbers has shown apparent acceptance without charge attempts, implying that the sites may forgo real-time validation to collect raw cardholder information for later exploitation.
This could involve resale on underground carding forums remnants of which persist despite crackdowns or direct fraudulent purchases elsewhere.
The absence of email confirmations, as observed in controlled tests, further indicates that the campaign prioritizes stealth over follow-through, with spam filters or deliberate failures preventing alerts that might prompt early scrutiny.
This malware variant diverges from classic drive-by downloads or ransomware, focusing instead on financial fraud through social engineering.
By mimicking Tesla’s refundable deposit precedents (barring an April Fool’s jest), the attackers exploit consumer trust in emerging AI robotics, where hype around tasks like dishwasher loading and lawn mowing overshadows release timelines.
The delayed detection mechanism victims may not notice the scam until expecting delivery months or years later amplifies the potential for widespread impact.
Tesla’s lack of official Optimus preorders underscores the urgency for users to verify domains directly, as sponsored ads continue to poison search ecosystems.
Cybersecurity experts recommend enabling ad blockers, scrutinizing URL authenticity, and reporting suspicious sites to mitigate this evolving threat vector, which blends phishing with typosquatting to siphon funds from tech enthusiasts.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Source link
