Fraudsters have climbed into online stores: new ways to steal your money

Phishing is the process of extorting confidential information from a person in order to steal money or commit fraudulent activities. Fraudsters make fakes for some well-known sites. For example, they make a clone of the bank payment page, where you need to enter credit card information. Then the victims are mailed with a special link to it under some plausible pretext. For example, they write “a new traffic police fine has been found, you can pay here,” and then the same link is placed, says IT technology expert Oleg Artamonov. – Not so long ago, they tried to divorce me. In one well-known construction online store, I made an order for 15 thousand rubles. Two minutes later, I receive an SMS from the left number with a message about the cancellation of the order and an offer to follow the link for a refund. The link leads to a clone of the payment page of the bank that I used to pay for the goods. Two things struck me as suspicious. How does the clone already know the amount of my order and why does it offer to enter all the credit card details, including its current balance? I started my own investigation, and in the end it turned out who was the attacker. It was the order processing operator of the same online store. I draw your attention to the fact that this is a very well-known trading network for the sale of building materials and related products for repairs. So this unscrupulous employee corny leaked customer data to scammers. He is punished.

According to research by Roskachestvo, no browser provides 100% protection against identity theft. Experts from the Center for Digital Expertise and an anti-virus software company tested mobile browsers for their ability to recognize phishing links (more than 1,800 fresh links!). The test involved 5 browsers for two platforms: Android: Chrome, Opera, Mozilla Firefox and Yandex Browser IOS: Safari, Chrome, Opera, Mozilla Firefox and Yandex Browser. The experts tried to open phishing links in the mentioned browsers and recorded the facts of opening phishing content or, on the contrary, preventing its opening by the browser forces with a notification to the user. Thus, it was possible to determine the degree of security of ordinary mobile browsers without installing additional anti-virus software (software). Basic protection against phishing in browsers averaged 90%. The scores on iOS are slightly higher. This is because the platform is more private and less vulnerable to security issues. The best results on Android for Chrome and Yandex browser. On iOS, Safari.

– Basic protection against phishing in browsers was at a fairly good level, but still not 100%. Therefore, to increase the level of security, it is best for users to play it safe and install anti-virus programs, – says Sergey Kuzmenko, senior specialist of the Center for Digital Expertise for testing digital products. – I also recommend constantly improving your digital literacy.

In order not to fall for the bait of intruders, be extremely careful. Do not follow dubious links in mail, social networks, instant messengers or SMS. Do not click on suspicious banner ads. Extremely generous or overly disturbing messages should alert you, especially if you are rushed, do not give time to think or are intimidated, – comments Mikhail Sytnik, a leading analyst at an anti-virus software development company. – Before entering personal or payment information, pay attention to the name of the site in the address bar. It should not contain typos or extra letters. For online purchases, it is best to have a separate card, such as a virtual one, and keep small amounts on it. You can set daily withdrawal limits. It would be useful to install a security solution that will block an attempt to go to a phishing resource.

Do not believe the e-mail, “gifts” bringing

In any case, when you are going to an online store for holiday gifts, it is the knowledge of the weaknesses of virtual shopping that will become your weapon against cyber thieves. By the way, studies have shown that after the pandemic period, people’s habit of ordering goods on the Web not only persisted, but also turned into a cult of consumption. The number of online purchases sometimes reaches cosmic proportions, especially during the pre-holiday period. And that means that the schemers have a lot of work! Many people make so many orders that at some point their brain and ability to analyze turn off, and they stop noticing that something is wrong with their order.

– Attackers are very fond of forging official emails from retailers of well-known marketplaces. The email, for example, tells the person to enter their credentials or payment information in order to complete the order. Alternatively, the email informs the customer to sign in to update their billing information and purchase address. Links in such a letter lead you to a special page. It is very similar to the real one, where you need to enter confidential information.

If you saw a similar letter in your mail, first of all, remember the main signs of a fake:

Firstly, if it looks genuine but seems completely unexpected, beware.

Secondly, the presence of errors, clumsy stylistic turns – a reason for distrust.

Thirdly, the presence of signs of psychological pressure, such as the need for an urgent decision, looks very suspicious.

Fourth, the presence of a link to an unknown attachment, to which it is most likely unsafe to navigate.

Fifth, you get an “incredible exclusive offer”, which is very similar to a trap.

“The task of phishing villains,” says Alexei Shcherbakov, a developer of Internet services, “is to look as convincing as possible. Each of these schemers may have a general education of a different level. Therefore, your task is to tune in to distrust in advance. After all, if a person lives by deceiving others, he will definitely make a mistake on “indirect” details. Both such figures and their suspicious letters can always be split according to 9 tell-tale signs that are best written down and kept at hand: use of a well-known brand, urgency, anonymity, any errors, the presence of a malicious link in a pop-up window, scare tactics, a fictitious department or division at the end of the letter, incorrect copyright and address, the presence of a zip file.

You own a bank card – be on the lookout

All credit and debit card holders are exposed to the threat of compromising their financial information. That is, in fact, each of us. When shopping on marketplaces and classifieds sites, it is important to understand how attackers work, who hunt for your card data on the Internet.

– Skimming in general is the interception of client data on the original site or device. For example, a device is installed in the card reader of a real ATM that reads the data of all cards inserted into it and transmits them to an attacker. But now the cards are all contactless, so this option is a thing of the past. But electronic skimming, also known as web skimming or Magecart, is a common class of attacks that are usually aimed at visitors to online stores,” says Oleg Artamonov. “This is the freshest form of card scam in the digital markets. A cybercriminal hacks the store’s server, but does not break the site itself. He only adds code there, which, for example, intercepts the data of each order made and sends it to the villain. That is, the malicious code is hidden on the checkout page. And then, for example, he can send letters from these orders by e-mail. Their content is something like this: “You can pay for your order here” with a link already to your phishing site. Fraudsters use such software to collect financial data about buyers. The stolen information usually includes the victim’s name and address, card number, and security code (CVV). Hackers can sell stolen data both on the dark web and to anyone interested to make purchases using victims’ cards.

An important point is the readiness of online stores to ensure the information security of their sites. It’s also a question of reputation!

– One of the surest ways to avoid fraud is to spend money in regular stores. But the online market is tempting, and we are used to buying from the comfort of our homes,” Sergey Kuzmenko comments. – The first thing you should pay attention to when entering the site is the letter S at the end of the extension. You should see HTTPS. This will mean that the connection is secure. However, at the moment, it is not difficult to obtain a security certificate for the site. Therefore, carefully look at the content. And if some offer seems too tempting to be true to you, then most likely it does not seem to you.

Alas, it is difficult for an ordinary user to detect electronic skimming fraud on the site’s payment page. Even if the site is encrypted and everything else looks perfect. In most cases, a hidden electronic skimming device will be viable for only a few days, and if it is not discovered sooner, then weeks. So what to do and how to suspect something was wrong?

Experienced experts advise shoppers who want to surf online to secure their financial information in advance in several ways:

1. Securely protect your account on different sites: enable two- or even three-factor authentication of identity confirmation (at least this is a one-time code and password).

2. Get a virtual card in your bank. It is designed specifically for online payments on the Internet. The level of security of operations performed with it is higher, since you do not have to disclose the details of the main card. In addition, initially a person sets a spending limit on it himself (it’s not bad to set such a limit on the main card).

3. Buy from trusted sellerstaking precautions to protect their sites from online attacks. In the public domain today, you can check the trustworthiness of the seller in a special register of trusted online sites.

IMPORTANT! Psychological experts are drawing attention to the greater dependence on online shopping in people with increased social anxiety. After all, acquisitions on digital platforms do not require personal contact. Experts advise such shopaholics to spend more time with loved ones. Such time is priceless and will never replace the short-term one-time joy of acquiring a thing. So on the upcoming New Year holidays, it is most preferable to give your people a bright self, that is, packed in Tenderness, Care and Love for one’s neighbor. Put all your passion into it.