chase the coins
Scammers attack drivers using postpaid toll roads [позволяет платить после поездки, а не перед ней или во время. — «Газета.Ru»] Like the Central Ring Road (TsKAD) in the Moscow Region. socialbites.ca was informed about this in the security company Zecurion.
“After a while [после посещения дороги] the driver receives a call with a notification about the formation of a debt for the trip and the need to pay in order to avoid a fine. For convenience, it is recommended to get a link to pay by mail or messaging. The victim goes to a fake site that looks like the official operator’s portal and loses money there”, Zecurion analyst Maria Efremova explained the essence of the plan.
According to him, all drivers driving on toll roads are potentially at risk. First of all, if we are talking about the same Central Ring Road, Efremova noted that the new plan threatens truck drivers carrying goods and summer residents. She doesn’t know how many people are suffering from scammers right now, she.
In turn, Fedor Muzalevsky, director of the technical department of the RTM Group, which specializes in information security and law in the digital environment, noted that they were also aware of this plan and even several dozen of its victims.
“Few victims, as a rule, are able to distinguish a fake site from a real Rosavtodor – because trained drivers can pay tolls online and are less likely to fall into the tricks of scammers. Muzalevsky said.
At the same time, he noted that, according to analysts, about 10% of Russians have used toll roads at least once. Therefore, they are all among potential victims of scammers.
Diana Selekhina, principal analyst at Infosecurity a Softline Company digital threat detection service, is also aware of this plan. She noted that in the first half of 2022, her colleagues discovered more than 60 fake resources on RuNet using the topic of toll roads. All resources have been sent to domain centers for blocking.
In contrast, experts from the Group-IB Incident Response Center noted that since the beginning of May, they had discovered 36 domains belonging to the same group, which were also used to deceive drivers.
At the time of publication, Avtodor – Toll Roads, operator of the Central Ring Road, did not respond to socialbites.ca’s request. However, Tatyana Lynova, an analyst in the rapid response group of IS company Angara Security, noted that in May Avtodor – Toll Roads reported a similar scam plan. It consisted of the attackers bringing phishing resources to the top of Yandex and Google search results, which imitated the official fare payment pages on the Central Ring Road.
valuable information
Zecurion’s Maria Efremova said that in the disclosed scam scheme, the main challenge for an attacker was to obtain information about cars driving on toll roads and their owners. According to him, attackers can use several ways to solve this problem.
First, these are observers on the tracks who videotape passing cars so the numbers can be seen. Second, it leaks information from toll road operators or insiders in such organizations who leak data for money. Third, Wi-Fi radars that can be installed at the entrance or exit of the toll road.
“[Использование Wi-Fi-радаров] Technically, it is implemented as a fake Wi-Fi hotspot that nearby people’s devices try to connect to. The device IDs collected by the radar can then be used to initiate targeted advertising,” Efremova explained.
Such ads may be banners on social networks or websites with debt payment reminders and embedded links to phishing resources.
RTM Group’s Muzalevsky noted that a camera with license plate recognition, as well as any leaked traffic police or insurance company database, could be used to match the car and its owner.
At the same time, he noted that the use of any particular method by scammers is extremely unlikely as it is very costly in both time and money.
“The installation of special monitoring devices is very time consuming, complex and expensive. At the same time, scammers often calculate expenses and possible income very well. In addition, the technical means that can respond to the movement of vehicles and mobile phones are themselves under the control of the competent authorities. Therefore, their use is very risky,” he said.
At the same time, according to him, even if an attacker sums up the number of cars driving on toll roads, he will still need a database of their owners, which is burdensome.
Diana Selekhina of Infosecurity, a Softline Company, was very skeptical of the possibility that attackers could use specialized tools such as license plate recognition cameras or Wi-Fi radars. According to him, the attackers are much more primitive.
“Most likely, only cold calls and mail are used. For every 100 people, there will definitely be someone using the toll roads in the last months.”
In order not to fall into the trap of scammers, experts advise to use only official websites and online services, and not click on links to pay for travel from instant messengers, social networks and e-mails.