By leaps and bounds
In less than April, about fifty scam sites have surfaced on the Russian Internet that allegedly sell tickets to concerts, theater performances, stand-up shows and football matches. This was reported to socialbites.ca by Sergey Trukhachev, head of the special services block at Infosecurity a Softline Company. A significant part of the new resources contains in the link the words “kassa”, “ticket”, “ticket” and other letter combinations typical for addresses of popular legitimate services. In all new sources, if a “good” is paid for, people lose money and get nothing in return.
“Currently, several criminal groups operate on the ticket market, each of which uses its own patterns and methods,” Trukhachev said. Said.
Vera Kolenikova, an expert in brand protection at Angara Security, also shared the statistics with socialbites.ca. According to him, at least 74 fake ticket sales addresses surfaced in April. However, nowadays there are links that lead to mostly empty, meaningless sites.
“The peak of records was on April 15. Now most of the fields are inactive – there is no information about them. But where the content is already there, here’s the picture: from different user addresses, it’s eventually transferred to the same site. It turns out that the same people were behind the creation of all these sites.”
Group-IB Head of Digital Risk Research Yakov Kravtsov acknowledged that a single attacker group or even a single individual could be behind the creation of new malicious sites.
Links to all malicious sites detected by Infosecurity a Softline Company experts were sent to the National Domain Coordination Center’s trusted organizations for blocking, including Kaspersky Lab, Group-IB, BI.ZONE, and others.
And there’s a hole in the old lady
Infosecurity, a Softline Company, noted that rogue sites of the new wave have many bugs that can be used to suspect a threat. As an example of one of the “mistakes”, the company made a comment “in the basement” of the already blocked site “kassirland”. “Due to the difficult epidemiological situation, the Cabinet of Ministers of Ukraine took restrictive measures in Russia, as a result of which it is impossible to buy tickets at the theater box office,” it wrote. The customer, seeing such an inscription, should at least be confused by the fact that the Ukrainian department for some reason oversees the work of Russian organizations.
“It sounds ridiculous, but that’s exactly what the creators of a new wave of fake theater ticket websites are claiming. In the process of converting the phishing site to another country, it looks like someone forgot to change all the necessary information. And so it will be, ”Trukhachev said.
Another shortcoming of the new sites that the experts mentioned was the payment pages where invoices are issued and where you have to enter bank card information. According to Infosecurity a Softline Company, on some of these pages the purchase price is displayed directly in the address bar and is functionally linked to the web resource’s interface.
“The payment amount in plain text is available in the address bar and you can change it at your discretion. However, the payment site is still not working properly at the moment. Most likely, this is due to temporary technical problems or a change in the payment mechanism, ”Trukhachev explained.
Scammers make mistakes when typing government agencies and their abbreviations. Often bad guys make up the names of government agencies.
Kolenikova of Angara Security has also identified websites where scammers have lately intimidated potential victims with covid restrictions. However, she also ran into more ridiculous errors.
“We met with the 2022 website. It contains a text about the so-called upcoming festival, which should take place on August 28, 2021,” he said.
Expert Kravtsov from Group-IB said that the reduced requirements for ordinary scammers led to the appearance of such errors.
“Now these are not top-notch experts, but beginners who work according to a certain algorithm and use ready-made tools of real professionals. Real professionals manage these startups and get their percentage,” he said.
Fedor Muzalevsky, head of the technical department at RTM Group, added that such mistakes are often made because of attackers’ attempts to catch a news break, which is often of very limited relevance.
And laughter and sin
Sergey Trukhachev of Infosceirity a Softline Company is confident that, despite the presence of major and sometimes even funny mistakes, fraudulent sites do not cease to be dangerous.
“Such errors and inaccuracies go unnoticed by 90% of the target audience, which consists of potential victims, which means that these sites perform their functions perfectly. Such errors are mostly funny to experts, but they do not interfere with the functioning of a fake site” said.
A similar view is shared by Group-IB expert Yakov Kravtsov. In his opinion, mistakes should not cause Russians to lose their vigilance, at least because scammers periodically correct them.
“Not just the elderly, but all segments of the population are at risk. For many users, the presence of errors on the site does not play any role, they simply do not notice them,” Kravtsov said.
Source: Gazeta
