White gold: How scam sites exploit paper shortages on Runet

White gold

Dozens of scam sites have appeared on RuNet, offering to buy printer paper at bargain prices. This pattern was reported to socialbites.ca by Igor Sergienko, Deputy CEO of Infosecurity a Softline Company, a developer of solutions against data leaks, corporate fraud, and other digital threats.

“The websites surfaced two weeks ago when demand for paper spiked,” Sergienko stated.

Alexander Dvoryansky, Special Projects Director at Angara Security, one of the largest players in the Russian information security market, echoed similar findings with socialbites.ca.

From March 7 to April 7, the company’s analysts logged at least 65 domains containing the words paper or bumaga.

“The majority of these sites offer office paper, but there is even a site that is secretly registered and sells only toilet paper,” Dvoryansky noted.

Scammers chasing paper shortages are also expanding their geographic reach. Previously targeting Russia, they have recently extended their activity to Belarus and Kazakhstan, according to the expert.

“As for brands, SvetoCopy office paper is the most frequently mimicked. A site often imitates the official representative and adopts the green and white color scheme associated with this brand,” emphasized Dvoryansky.

The emergence of such sites was also confirmed by Vladimir Ulyanov, head of Zecurion’s analytical center. While he did not specify a precise number of discovered sources, he noted that scammers use websites not only to sell paper but also to create social media accounts and send emails.

“Scammers are highly responsive to the news agenda. The paper shortage is a perfect trigger. They have previously exploited currency conversion, stock selloffs at old prices, and store closures to turn a profit. In most cases, the victims end up with nothing but losses,” the analyst explained.

How does it look

Industry observers from Infosecurity a Softline Company highlight several phishing cues. These include a very recent domain registration, dubious claims about parties and organizations, and inconsistent information across pages.

On one site reviewed by socialbites.ca, the store is described not as a trading company but as a team led by a prominent analyst from the Ministry of Industry and Trade. The narrative also references an event from 2014 when Russia faced sanctions over the Crimea crisis.

“There is a claim that certain goods will rise in price soon. The operators describe hoarding and then selling at inflated margins to achieve quick profits,” the so called crew definition states.

Additionally, scammers cite reviews left by fictitious users on a fake site that imitates Yandex.Market.

Dirty legal entity

Igor Sergienko noted that the paper sellers may issue invoices on behalf of operating companies such as LLCs. Victims can be confused by the mismatch between the represented firms and the actual stationery trade. A basic counterparty verification is advised for anyone considering a deal.

“It is not hard to register a fictitious legal entity. Dozens of fraud scenarios rely on bogus partnerships and shell companies.”

Besides registering fake entities, there are ready-made firms for sale on the black market, complete with documents and bank accounts.

The ETHICS service includes a module that monitors such offers, the expert noted.

Evgeny Egorov, Principal Analyst at the Digital Risk Protection Group-IB, added that invoicing from a legal entity is not a foolproof security measure. Rely on such claims with caution, especially in large transactions.

“There are multiple methods for how attackers get paid. Creating a legal entity is one option. It is possible to find online sales offers for fraudulent transactions on behalf of organizations.”

According to Sergienko, tax authorities require due diligence and counterparty verification. Locating and confirming a legal entity becomes difficult when founding documents do not match reality.

To avoid Runet scams, experts recommend following basic rules: verify site registration dates via WhoIs, avoid recently launched sites, and for large purchases, watch for typos and informal language, while confirming terms with counterparties before completing a deal.