The Anti-virus Times

Thursday, October 20, 2022

Spoiler: those looking for low interest loans, cheap online tickets and lucrative marketplace offers.

The word "phishing" is assonant with the word "fishing". This criminal scheme is similar to fishing; however, a gullible user is the quarry, and a fake site or application serves as the bait. The attackers’ goal is to gain unauthorised access to your personal information, which they can then use to hold onto your purse strings or manipulate you for profit.

According to Doctor Web, most often such fraudsters pose as employees of banks or other financial institutions. In addition, fake aggregators of ticket offers and marketplaces have confidently gained a foothold in phishing schemes.

At the same time, often the risk of falling for the bait has nothing to do with how confident a user is. It's all to do with their personal qualities: their carelessness, hastiness and unwillingness to check information lead to sad consequences. There are examples when even specialists, who have a specialised IT education, have fallen victim to phishing.

Fake banks

Cybercriminals who pose as online banking services have different ways to attract users. For example, they can:

• carry out mass mailings promising more favourable conditions than other banks offer, and faster and more convenient service;
• call potential victims with offers of reduced-rate loans;
• find victims via so-called "online loan services".

To extract money from people, attackers can ask users who’ve taken their bait to pay for something. For example, you are told that in order to get a loan, you need to get insurance, order the delivery of a credit card, pay some tax, etc. After receiving your money, they will stop contacting you.

Finessing for tickets

In the next risk group of users are those who buy tickets online. Phishing sites that make a profit from selling fake air and railway tickets (as well as tickets to theatres, concerts, etc.) exist from a few hours to several days.

Users are usually lured to these sites by advantageous promotions and discounts. Here, they first show you real information about flights or performances, and then they offer to issue you a ticket and ask you to pay for it with a bank card. The purchase procedure seems genuine, but eventually unsuspecting buyers find themselves with no money and no tickets. To steal money, fraudsters use bank services to transfer money from one card to another (P2P): they are disguised and embedded in a fake site so that the victim does not notice anything suspicious.

"Advantageous offers" on fake marketplaces

Are you going to place an order online? Be careful: cybercriminals know how to create believable fake marketplaces. At the same time, the goods on them are offered at very attractive prices. Links to such resources can be distributed via email or in instant messengers, and also via ads in search engines that appear at the top of your search results.

First, you are lured to a fake site with low prices. Then you add the product you like to the cart, specify your data, pay for the purchase with a card and wait for the product, which you will never receive. Cybercriminals have your money and a full set of your personal information: last name, first name, phone number, email address, postal address and bank card information.

***

Unfortunately, it’s not only fake marketplaces, banks and ticket offices that threaten the safety of Internet users. Criminals closely monitor news posts and instantly react to them, inventing new schemes to deceive users. Getting you to act impulsively is their main task.

In any situation, take your time to determine what’s going on. Did you see huge discounts on the very product you were looking for? Is someone offering to sell you the thing you need dead cheap? Promising to do something implausibly quick and convenient? Are you being informed about a possible blocking of your bank card or email account? This is a reason to be five times more careful.

Pay attention to the address of the sender from whom you have received an email. Make an effort to explore their site, make a call to them, compare prices for a similar product or service on other sites: in general, conduct a short investigation. Of course, you will spend time on this. But you will save your money and personal data.