Phishing attackers have launched a new scheme
[ad_1]
A new fraudulent scheme involving attacks on subscribers of major telecom operators is spreading online. Attackers send push notifications about the need to confirm passport data via a link leading to the website of the alleged operator, and then to the State Services portal, where the user must enter the login and password for their personal account. This is how scammers receive both access data to “State Services” and confirmed information about the subscriber. This is dangerous not only for users, but also for operators, experts warn: trust in official messages is decreasing.
Attackers involved in phishing attacks (stealing money and deceiving network users) have launched a new scheme, noted the authors of the True OSINT (Open Source Intelligence) Telegram channel. The authors of the channel note that phishing sites have begun to appear, masquerading as large telecom operators, where the subscriber is asked to supposedly verify the number. Kommersant discovered a similar resource pretending to be MTS (by the evening of March 22 it was already blocked, Kommersant was convinced).
According to amendments to the Law “On Communications”, which came into force on June 1, 2021, operators have the right to request from subscribers confirmation of information about them (phone number, full name, etc.). The operator can provide services only if there is reliable information about subscribers. Therefore, companies sometimes send messages to subscribers requiring them to confirm their personal data; one of the verification options is the Gosuslugi portal. Verification may also be required for the operator to update existing subscriber data. As Kommersant was informed by Roskomnadzor, the verification process now takes up to 48 days, which also increases the risk of the number being used by scammers (see Kommersant on March 22).
Additional verification of the subscriber is necessary if the operator has detected incomplete or incorrect data in its database (incorrect full name, passport number, etc.), explains Alexey Slukin, editor of the Telegram channel “Telekommunalka”: “As a rule, operators turn to new subscribers for verification who have recently concluded an agreement.”
Alexander Vurasko, head of the Solar AURA external digital threat monitoring service at Solar Group of Companies, confirms that there is an increase in phishing attacks “allegedly on behalf of operators.” In general, in January-February, more than 40 thousand phishing resources were identified on the RuNet; at the end of 2023, their number increased almost one and a half times and tripled compared to 2021 (see Kommersant on March 14).
Kommersant’s interlocutor in the cybersecurity market explains that attackers distribute links to phishing resources using push notifications that can be configured through a website without having a mobile application: “They contain a message that it is necessary to verify passport data to renew mobile number, when opened, the notification transfers the user to a phishing site.” The website asks you to fill out a form: phone number, full name and date of birth. Users fill out the data, then the site takes them to a fake login page for the State Services portal for additional confirmation.
As True OSINT experts note, fraudsters can obtain login information for State Services accounts, as well as personal information that can be used for targeted attacks through calls (fraud).
MegaFon says that phishing links imitating the websites of the operator and other large companies “appear regularly.” This company and MTS clarified that they use their own anti-phishing platforms to identify fraudulent resources. Tele2 “does not observe a significant increase in fraud using phishing”; VimpelCom did not answer Kommersant.
The scheme appears to be a continuation of the manipulation of subscribers through calls, including through the requirement to “extend the mobile communication contract” over the phone, which was tested by attackers last year. In particular, VTB noted at the end of December 2023 that the number of customer complaints about such calls has increased by more than a third since November 2023.
The cybersecurity company Angara Security warns that such schemes pose a threat not only to subscribers, but also to telecom operators themselves: trust in communication with the company decreases, and accordingly, conversion from advertising messages of the brand falls. Also, the company adds, this threatens claims from regulators against telecom operators.
[ad_2]
Source link