Kaspersky researchers have reported on an escalating trend in the activity of the phishers in the Middle East. They are now monetizing their scams by requesting small sums of money under the disguise of various services, most often related to post and delivery, instead of stealing large sums in one go.
Phishers are social engineers that create fake web pages to scam users. They often pretend to be legitimate services, exploiting their solid reputation and intellectual property (logotypes, copies of the landing pages), yet in fact, have nothing to do with the actual company.
In the particular scheme detected by Kaspersky, the scammers were requesting users’ banking card details and then charging $2-$3 when confirming the delivery. As a result, fraudsters were ending up receiving money, bank card information and personal details that could be used in further scams.
‘The overall knowledge of the internet scams and cyber literacy has improved significantly in the recent years among the Middle Eastern internet users, said Tatyana Shcherbakova, a security researcher at Kaspersky. – It is less likely now that many of them will invest a lot of money by a request of a source which trustworthiness is questionable. This is very different for small transactions – people are more likely to spend a couple of dollars without getting alerted. This is why scammers are now trying a different model of monetization in the region. In addition, they are receiving personal and bank card details without alerting the users for further scams or for sale on the black market”.
To stay safe from spam and phishing, follow this simple advice:
- If you receive a link to a great offer via email, make sure to check the embedded hyperlink – sometimes it may differ from the visible one. If it does, access the deal page directly through the legitimate website
- Only make purchases through official marketplaces and pay attention to the web addresses if you are redirected to them from other landing pages. If they differ from the official retailer, consider checking the offer you were redirected to by looking for it on the official web page
- Use a security solution with behavior-based anti-phishing technologies which will notify you if you are trying to visit a phishing web page
- Never use the same password for several websites or services, because if one is stolen, all your accounts will be made vulnerable. To create strong, hack-proof passwords without having the struggle of remembering them, use password managers.