Login

Register

Login

Register

#hacking | Russian Instagram users targeted with fake news phishing scam



Adam Bannister

17 February 2020 at 14:57 UTC

Updated: 17 February 2020 at 15:14 UTC

Malicious social media posts said to have been viewed more than 200,000 times

Cybercriminals have manipulated footage from Russian news broadcasters as part of a phishing campaign, conducted via Instagram, that purports to offer Russian citizens a one-off government payment.

In a bid to dupe victims into paying a registration fee to secure their lump sum, fraudsters have spliced together various news segments to create a narrative around a fictional presidential decree offering Russians funding to start a business.

In a post on its website, Moscow-based antivirus outfit Doctor Web said the videos depict Russian citizens benefiting from the so-called ‘social contracts program’ as well as demonstrating how to enter payment details into phishing websites.

The fraudsters have further burnished the scam’s credibility with fake photos and user comments from citizens who have supposedly received their government payout.

Targeted ads

Doctor Web said the fraudulent posts are being distributed through targeted advertising via Instagram accounts purporting to be operated by three state-run TV networks: Channel One Russia, Russia-1, and Russia-24.

They said the two phishing websites collecting payments – https://news-post.*****.net and https://minekonovrazv.*****.net – have valid digital signatures and are designed to appear as though they were operated by the Russian Ministry of Economic Development.

Once victims have entered their name and date of birth, the sum to which they are supposedly entitled is generated.

Fraudsters have spliced together news segments in a bid to
dupe Russian Instagram users into paying a fake registration fee

In reality, this is a random amount usually exceeding ₽100,000 ($1,580). At this point they must pay a fee – also variable up to ₽300 ($4.70) – to complete the fake registration.

The checkout page contains fields for entering a phone number, name, and bank card information, including CVC code.

Insta-scam

Doctor Web reports that the malicious posts have been viewed more than 200,000 times.

The antivirus vendor’s latest research comes as social engineering attacks can harness increasingly sophisticated technologies for manipulating audio and video, including ‘deepfakes’ that can successfully impersonate a person’s voice or likeness.

The Daily Swig has contacted Doctor Web and Instagram to ascertain whether there are plans to remove the offending content.

INSIGHT A guide to spear-phishing – how to protect against targeted attacks



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW