Messenger scammers
According to the Central Bank of the Russian Federation, more than a third of Russians – 35.3% – have encountered online financial fraud. At the same time, in 2022, the amount of damage from the actions of attackers increased by 4.3% compared to the previous year. Cybercriminals are constantly mastering new channels for deception, and fraud in calling and messaging apps has become a trend of the last year.VTB notes fivefold increase in share of fraudulent calls in messengers
In early February 2023, they content writing service accounted for more than 55% of all attacks, which is five times more than in February 2022. According to analysts, by the end of this year, messengers will account for eight out of ten such calls.
According to Positive Technologies, in Q4 2022, almost every sixth successful attack using social engineering against individuals was carried out through instant messengers.
https://afbdirectory.com/wp-content/uploads/2024/10/Content-Writing-Service-scaled.jpg
The popularity of using such communication channels for deception is partly explained by the rather strict legislative regulation of the use of SIM cards and phone numbers. Operators monitor suspicious activity and exchange information with each other.
In addition, there are currently special services that allow you to identify a fraudulent call. The combination of these factors makes instant messengers much more convenient for fraudsters than standard calls, Irina Zinovkina, Director of Consulting at InfoWatch Group, explained to RSpectr.
Back in 2021, the government adopted Resolution No. 1801 , obliging service organizers (messengers) to request from operators the availability of a current contract for the subscriber's number. Without identification - establishing the authenticity of the user's subscriber number - the owner of the messenger is obliged to prevent the transmission of messages. However, fulfilling this requirement is complicated by the fact that messengers are located outside Russian jurisdiction.
In case of termination of the agreement between the subscriber and the operator or changes in the user's subscriber number information, the operator must notify the owner of the messenger within 24 hours. Upon receipt of such notification, the service organizer is obliged to re-identify the user.
In a conversation with RSpectr, the head of the information security department at SearchInform, Alexey Drozd, noted that
law enforcement agencies have developed methods of combating fraudsters, and it has become more difficult and less profitable to work with phones
In addition, messengers are becoming more popular than calls, and attackers are following the audience. "They attack where there are more users, and where services are available that can be impersonated. For example, in Belarus, fraudsters often attack via Viber, and in Russia - via WhatsApp, because locally these messengers are the most common," the expert said.
GOALS AND SCHEMES
According to Ekaterina Semykina, an analyst at the Positive Technologies research group, most often attackers aim to steal credentials – in 84% of incidents, user passwords are stolen.
Most attacks aimed at stealing credentials are based on the following scheme: the attacker sends the user a link to a phishing resource containing a fake input form. If the victim enters their credentials, they become known to the fraudster. The compromised account then becomes part of the fraudulent scheme and is used to send further phishing messages to other users.
Fraudsters can write under various pretexts: for example, asking to vote for a relative in a competition or sending a “gift” that requires authorization to receive.
頁:
[1]