Fraudsters have invented a new phishing scheme, which was called “White rabbit”. Its essence is that the client first engaged in harmless branded websites with surveys where promised a reward, and received notification of winning with a malicious link to remain vigilant and transfers money to the attacker. A surge of such cases were recorded in the second half of 2019, told “Izvestia” in Group-IB, confirmed the information in the big banks. The danger is that each individual step does not seem suspicious to the security services of credit institutions, the attacks take into account the individual characteristics of the victim, and customers tend to be in a long chain for the “white rabbit”. The bait intruders could get, in particular, fans of the works of Yuri Dude.
Updated the script to communicate with potential victims has become more dangerous than all previously used.
Scammers decided to extend the scheme to phishing, to increase the confidence of the victim. About the new way of cheating “news” told the head of the Department of innovative brand protection Group-IB’s Andrei Basargin. He noted that the scheme conventionally called “White rabbit” by analogy with the fairy tale “Alice in Wonderland”, it begins with the innocuous steps: attackers are often in social networks on behalf of the star or using the fake commercials in the news format offered the potential victim to take a survey on a branded website, for example, a Bank or mobile operator, with promise of reward.
After some time the mail client receives a message about the prize. A one-time link that do not contains verified domain organization leads to a site with no logo, but the client has already confided in “white rabbit” and let my guard down, hitting the “black hole”. On the website, the fraudster may, for example, ask a “test” payment of hundreds of rubles, and to clarify the CVC code or the username and password from online banking, — said Andrey Basargin.
He said: the scheme is especially dangerous because each individual step is not suspicious and it is difficult to keep track of the security service of the Bank.
Attack on such a scheme address: client gathers information about the browser, device, ISP, language, geolocation, based on a one-time link for a specific user, said Andrey Basargin. He explained that when the owner of the security service will send a complaint to the Registrar of the website against misuse of the brand or the phishing, the link that opened the fraudulent portal simply doesn’t work. Surveys are also targeted: scammers know what online games and online shopping visits a client, the expert said Group-IB.
Massive fraud in this way was observed in the second half of 2019, said Andrey Basargin. He appreciated that every resource with the fake interviews were attended by nearly 6.5 thousand users a day, but overseas there have been examples and 13.5 thousand users per day. In Group-IB said that do not have data, how many people were defrauded by this scheme and how much they transferred to the fraudsters.
To have fallen for such a Scam could fans of Yuri Dude. The attacker then downloaded a video blogger with a call to participate in this contest, placing under it a link to an external site. The correspondent of “News” held a poll on the portal, after which he suggested a “adapter” payment of 240 rubles and bring the alleged winning amount. References to this poll appear in the feed Facebook. The “news” sent the questions to the jury about the Dude using his videos in a fraudulent manner.
Also to convince customers used video format in the news: leading from the studios, similar to the main channel Rossiya 1 and channel one, reported about the possibility to receive social benefits or to tax deduction tax free. “Izvestia” found these videos in Facebook and YouTube. Links under video lead to fraudulent sites offering to pay false legal advice.
In ROSBANK, PSB, “Opening”, “Zenith” and Yekaterinburg SKB Bank know about the new scheme, confirmed to “Izvestia”, representatives of credit organizations.
Fraudulent surveys with reward or promise of guaranteed payments schemes of social engineering that are gaining momentum, said Director of the Department of information security of the Bank “Opening” Vladimir Zhuravlev. He stressed that the amount stolen is often small, so customers don’t always go to the Bank and law enforcement agencies.
Organizations are constantly monitoring the social network collecting information about new types of cyber threats and fraud, and monitor misuse of the brand, — said the Director of information security Department at ROSBANK Mikhail Ivanov.
However, the new scheme can be difficult to identify because of the links that work only once. The expert stressed that the fraudsters in social networks know all the information about the victim from an open account, and it increases the likelihood of a successful Scam.
The victims in the Network can become gullible teenagers who, for example, use cards to parents, warns the head of the Department of cybersecurity the Bank “Zenit” Oleg Volkov. Also criminals under the pretext of social experiments, crowdfunding or charity events in social networks can easily gain the trust of young people actively participating in such activities, he added.
On the other hand, the Internet a person has the ability to think and make an informed decision, while phone Scam scaring and rushing the victim, giving no time for a reassessment of the situation, the Director of the unit “security” SKB-Bank Denis Oleico.
Classic phishing, which is often used, has become less effective as customers have come to trust spontaneous reports of prize or reward. The scheme of “white rabbit” are interesting from the point of view of methods of sochinenii that reduce the vigilance of the victim, said Deputy Director of the information security Technoserv Denis Shmyrev.
— Last year, the attackers also used for deception fake websites of government agencies. For example, on the fake web portal of the Pension Fund for a small fee it was proposed to issue benefits or payments, he said.
Banks can not return the money to the victims of social engineering, because de jure the client made the transfer to the account of the fraudster or shared data of his card voluntarily. The main way to protect against such incidents is to use anti-virus software and enter your personal information only on trusted sites, said the head of the research group security of banking systems Positive Technologies Jaroslav Babin. He added that the portals that are ostensibly for payment please enter all the card details given name and surname, date of expiry and CVV, you need to be treated with suspicion: to transfer money enough room on the front side of “plastic”.
The Central Bank has not responded to the request of “Izvestia” if they know about a new fraud scheme.
© 2020, paradox. All rights reserved.