Cybercriminals have launched a phishing campaign on Instagram to steal money and obtain personal data
Real-time threat news | Hot news | All the news
February 17, 2020
Doctor Web experts warn users about the launch of a large-scale phishing campaign on Instagram, based on messages about a one-off payment to all Russian citizens. Fraudsters provide information as extracts from news releases, using relevant fragments from real broadcasts. With that, the advertising video has additional frames showing someone using a phishing website and browsing its pages.
The first results of the so-called «social contracts program» are being summed up in several Russian regions. These are one-off payments that allow one to start their own business. Many people were able to solve their harsh situation thanks to that program.
Posts are distributed using targeted advertising via fake accounts of federal TV channels: Channel One Russia, Russia-1 and Russia-24. All posts are accompanied by deliberately false comments from users who allegedly received the specified payment. A pre-created Facebook profile is used as the advertiser for the campaign.
At the moment we know about two phishing websites used by the attackers: https://news-post.*****.net/ and https://minekonovrazv.*****.net/. These websites have a valid digital signature and are presented as official resources of the Russian Ministry of Economic Development.
To verify the payment availability, victims are invited to enter their full name and date of birth. Upon doing so, the webpage generates a random amount, which usually exceeds 100,000 rubles. To receive the money victims have to pay a fee for registering the electronic application. The check-out page contains fields for entering your phone number, name and bank card information, including the CVC code. The fee does not exceed 300 rubles. After payment, users lose the registration fee and all entered data goes to the crooks.
The mentioned websites have already been added to Dr.Web’s dangerous and non-recommended website database, and no longer pose a threat to our customers.