Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information.
According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious “Like of the Year 2020” contest.
The development is a reminder that rewards-based social engineering campaigns continue to be an effective means to scam users, not to mention the leveraging the collected data to their financial advantage.
Under the “Like of the Year” scheme, users were invited to win a large cash prize, telling them they’ve been randomly selected after liking a post on social media platforms such as VKontakte.
The invites were sent via an email blast by hacking the mail servers of a fiscal data operator, which refers to a legal entity created to aggregate, store and process fiscal data to serve the Federal Tax Service of Russia.
Apart from sending emails, the fraudsters also delivered the phishing messages by sending cash prize alerts as Google Calendar events, a new trend in social…