Hand 2 (Photo: Walla! Technology, Yanon Ben Shoshan)
Most of us have already learned how to filter the spam messages on mobile or e-mail, but the never-ending battle between the hackers and the public never stops being perfected.
A new attack campaign detected in recent days by the research group of the cyber company Imperva, engages in phishing and attacks the Yad2 site, one of the largest trading sites in the country.
In addition, about 80 e-commerce sites, banks, shipping and mail services around the world that the attackers tried to impersonate, including Booking and DHL, were also attacked by setting up about 700 fake websites.
In this framework, the hacker's (originating in Russia) modus operandi includes locating fresh ads for sale and contacting sellers of items via WhatsApp, in which conversations are conducted through real people, who are apparently paid by the attackers and use a service such as Google Translate to make a conversation in the victim's language.
After several basic questions, it is suggested to the seller to use a service that apparently exists on the website (Hand2) for the purpose of shipping and transferring the payment.
This is a service that sounds reasonable, for example in cases where the seller and the buyer are at a significant distance from each other.
Despite this, and although the attacker sends a picture in order to convince that the service does exist - it turns out that the picture is fabricated, and such a service does not exist at all on the Yad2 website.
The excuse used by the attackers - "I live far away so I can't pick up the item" - is another step in the mask of fraud.
The picture is fake - such a service does not exist on the Yad2 website (photo: Imperva)
In the next step, the attacker claims to have paid for the product and sends the seller a link to "transfer the money".
This link is relatively sophisticated and includes the image of the product and its description.
This is an impostor website, whose purpose is to steal the seller's credit information.
Because the spoofed site's URL contains the word yad2, this makes it even more difficult for the victim to identify the site as spoofed.
More in Walla!
The leading health fund presents: the services that will make your life easier
In collaboration with Kalit
An excuse used by the attackers - "I live far away, so I can't pick up the item" - is another step in the mask of fraud. (Photo: Imperva)
"Although this is a relatively new campaign, the hacker group, which originates from Russia, has been operating for the past six months. We discovered that as soon as the attackers received the victim's credit card number, they tried to charge the card through a Ukrainian clearing service," says Sharit Yerushalmi and Yuri Arbitman, from the group The research at the Imperva company (imperva).
"In addition, we saw on the fake websites an infrastructure that simulates customer service, where you can ask questions about the operation of the website and get answers, apparently from a human operator. This is further evidence of the level of sophistication of the attack campaign, and it is not even clear whether it is a bot or a human operator of the customer service. The complexity of the infrastructure, and the effort that The attackers invested teach us that behind the matter there is an operation that brings in money, so it is likely that this type of campaign will continue, while changing IP addresses and domain names in order to continue operating under the radar."
technology
privacy and security
Tags
Second hand