Acai Berries: Spendy, Trendy and Dangerous

Acai berries—those small, nutrient-packed stalwarts of the healthy living aisle at the supermarket—have made a bit of a name for themselves. They’re billed as a magical cancer-fighting fruits, for one: 10 times more antioxidants than red grapes! Ten to 30 times more than the artery-protective flavonoids of red wine! And, even though there’s no science behind it, people swear by it as a weight loss aid.

Specious claims aside, Acai’s reputation as being the superfood-to-end-all-superfoods has dominated the daytime airwaves for a couple of years, with its profile solidified now as the ideal smoothie ingredient or dietary supplement. In fact, no less a personage than Oprah—Oprah!!—champions it as a must-have for longevity.

But it’s not just the Queen of Daytime (and Dr. Oz, and Whole Foods, and a host of dietary “gurus”) that love to get their Acai berry on-- in cyber-crime land, these Brazilian wonder-berries are fresh meat for attracting the masses. Because Acai comes at a cost—and everybody wants it.

To wit: The supplements run about $19.95 for a two-week dose. And in their dried form, a couple of ounces can cost close to $10. Liquid juices are even more—upwards of $40 for a vial of extract. So, incorporating Acai into one’s diet is a fad for the more affluent of the body-conscious among us. And as a cash cow, it’s rather unrivaled, leading a $13.5 million trade last year for a fairly low volume of product.

Recently scammers have taken to Facebook to offer deals on Acai, in the form of Timeline posts that appear to come from friends (or friends of friends) recommending a link. They’re hoping that the promise of Acai for-the-rest-of-us will be a strong enough social lure to hook in a good chunk of the social population.

As Paul Ducklin, a researcher at Sophos Security, explained, it’s a dual-pronged assault: An initial post extolls the berries themselves—“successfully results in this particular health solution,” and “OMG Do you read this?!?!” and “This cant be fake.” [Sic, sic and sic, by the way—grammar is not this scam artist’s forte].

Then there's a follow-up post, which looks “as though your friend forgot the link from the previous posting and corrected themselves,” explained Ducklin. It reads: “The link, hehe..”

The shortlinks redirect to URLs that show fake BBC News articles, which actually just consist of a sales pitch for Acai berry fruit juice, with an opportunity to click through to a buy page. No word on whether the product actually shows up on the doorstep once card details are entered.

“Assuming that you spot the scam for what it is before you fill in your credit-card number on the buy page, and bail out, you should be OK,” Ducklin said. “Having said that, the earlier you bail out, or get blocked by your Web filtering product, the better: Clicking through needlessly gives away at least some information about you….browser type, location, language, operating system, possible cookies from previous visits.”

He also pointed out that the Web pages could change at any time, with the dodgy diet offers replaced with more directly malevolent content, like exploit kits and drive-by installs.

Bottom line? As with anything else, beware the fad. And that’s advice that could also be taken to the grocery store. As Ducklin, quite rightly, points out: “As far as we can tell, it is pretty similar in nutritional value to lots of other fruit juices, such as orange, apple, pomegranate and various other berries with names that are easier for Anglophones to say.”

What’s Hot on Infosecurity Magazine?