Hello and give back – Newspaper Kommersant No. 213 (7414) dated 11/17/2022

Internet scammers who lured victims through dating sites to phishing resources and deducted their funds began to bring this scheme to the EU, CIS countries, Turkey and the UAE, cybersecurity experts say. Experts attribute the beginning of the “export” to the success of the scheme in the Russian Federation, as well as to the move abroad of many Russians who are looking for acquaintances in new places of residence.

Fake Date, a scheme popular in Russia for stealing funds through false dates on dating sites, has spread abroad, Group-IB told Kommersant. Swindlers master the countries of the CIS and Europe, as well as the USA, the United Arab Emirates, Australia and Turkey. So, in a little more than six months, 52.2% of incidents under the Fake Date scheme occurred in the EU, 30.4% in the CIS and 17.4% in other countries. Group-IB discovered that some of the fraudulent resources are already localized in local languages, and some, in English, are aimed at several locations at once.

To organize the theft, scammers create profiles on dating sites, posing as real people.

After a short conversation, the victim is invited on a date, sending a link to buy tickets to an event, cinema or theater, which leads to a phishing site. A person buys tickets but does not receive them. Usually, the lifetime of a fraudulent account on a dating site is no more than 20 minutes, Andrey Bronetsky, CEO of Mamba, clarified: “Knowing this, the scammer tries to take the interlocutor to a third-party messenger.” In total, according to him, about 1.5 thousand profiles are blocked per day, and the percentage of real cybercriminals on the site is quite low.

The first fraudulent resources operating under the Fake Date scheme were noticed outside of Russia in March, by the end of the summer their number reached fifty, said Yulia Zingan, senior analyst at the CERT-GIB Information Security Incident Response Center. According to her, most often, cybercriminals use fake resources of theaters, cinemas and food delivery services as bait: “Now there are at least four fraudulent teams operating abroad under the Fake Date scheme.”

The reason for the exit of Russian scammers abroad is high competition within the country, according to Group-IB.

Also, the company notes, in the Russian Federation the scheme is already well known, and in many other countries the user is more trusting. According to the company, in 2021, the revenue of just one group of such scammers exceeded 18 million rubles. with more than 7 thousand transactions.

In 2021, in Russia, one of the most common “fishing rods” on dating sites was an invitation to performances by popular comedians (standup), then analysts counted about 25 fake sites on the topic of comedy (see “Kommersant” dated August 28, 2021). In 2022, the creators of phishing sites in Russia focused more on the news agenda, for example, creating fake offers to provide documents to delay mobilization (see “Kommersant” of September 21).

At the same time, dating applications are used today almost all over the world, notes R-Vision product manager Petr Kutsenko:

“Given that the Fake Date scheme proved to be effective in Russia, scammers began to apply this method of deception to Russian-speaking users abroad.”

According to his forecast, the growth in revenue from the activities of Fake Date groups abroad next year will be about 5–7%: “The growth of phishing sites in the CIS and the EU may be associated with an increased level of relocation of Russians to the countries of these regions during 2022.”

Schemes that have gained wide distribution and publicity in one country may at some point become irrelevant, says Olga Svistunova, content analyst at Kaspersky Lab: “Most users know about them and do not fall for tricks, so attackers can change approach is to add new elements to the legend or switch the focus to the audience of another country, slightly adapting it to the new region.” In general, the expert adds, the topic of dating is one of the eternally relevant, attackers have already actively used it in spam and phishing mailings around the world.

Tatyana Isakova