One-two shopping: why do they hack into the accounts of marketplace customers

The accounts of Russian marketplace users have recently become a new target of cybercriminals. The UBK of the Ministry of Internal Affairs of Russia reported massive hacks of user profiles on such resources and analyzed the risks of their legitimate owners. Izvestia, together with experts, found out how criminals act and what can be opposed to them.

The Ministry of Internal Affairs warns

The cyber police considers the increased hacking of accounts on popular e-commerce platforms to be a serious problem. The main concerns are caused by scenarios involving the purchase of expensive goods on credit from the profile.

"The main goal is to purchase in installments and split payments. Having gained control of the account, fraudsters place orders for expensive electronics and gadgets, their accomplices receive the goods, and all financial obligations remain with the account holder," warns the Russian Cyber Police Bulletin channel.

Photo: IZVESTIA/Tatiana Ulemskaya

According to police, criminals most often use social engineering methods.

"Ads with offers of "earning money on marketplaces" are posted on social networks and messengers, scammers pose as participants in partner programs and ask to make a purchase for a reward in order to increase the rating. Phishing sites, fake marketplace authorization pages, and malicious applications are also used," the channel's authors report.

Theft plus cashing out

The problem with hacking accounts of marketplace customers is also noted in the cybersecurity industry. Dozens of phishing resources created specifically to steal personal accounts of sellers and buyers are identified and blocked every day, said Alexander Vurasco, Director of Development at the Solar AURA External Digital Threat Monitoring Center at Solar Group. The bank card linked to the account makes the personal account practically an electronic wallet.

Showcase of sovereignty: what will quotas give for Russian goods on marketplaces?

The bill on the "Russian shelf" will strengthen the position of domestic products, but may complicate the lives of small market players.

"By gaining access to a personal account, attackers can purchase items at someone else's expense, either directly from the victim's linked card, or through credit or installment programs on the marketplaces themselves," the expert explains.

But this is just the tip of the iceberg. Stolen accounts are now actively used in money laundering schemes. The mechanism is quite simple: the criminal binds a card to the hacked profile, the funds from which must be legalized, makes purchases, and then resells the goods at a discount on other sites.

Simple money

A simplified scheme for confirming transactions, for example, only by SMS, opens up opportunities for intruders. If an account is hacked, they can apply for a loan or installment payment to the owner, warned Viktor Ievlev, director of information security at the Garda company.

Photo: IZVESTIA/Yulia Mayorova

According to him, account hacking is a key risk for users of trading platforms.

"Attackers can not only make purchases with a linked card, but also, using simplified verification procedures, issue credit products in the name of the account holder," the expert explained.

This, as noted by Ievlev, leads to serious consequences: debts, fines and lengthy proceedings to challenge transactions. An additional problem will be account blocking due to suspected fraud, which will make it difficult to regain control.

A separate threat is the personal data available in the account.

"Hacking gives access to a phone number, address, and order history. This information is then used for phishing and targeted attacks using social engineering," the expert concluded.

Sellers under the gun

If buyers are hacked for the money on their cards, then sellers are hacked for the account itself as an asset. And attackers usually have two goals, says cybercriminalist Alexander Vurasko.

Photo: IZVESTIA/Sergey Lantyukhov

The first is extortion. Scammers block the owner's access to their own store and demand payment of a ransom for its return. Business processes are paralyzed, goods are not being shipped, the rating is falling — many prefer to pay just to restore work.

Training alert: Russians have become more likely to be deceived with the purchase of online courses

Experts urged to be wary of aggressive marketing and keep data on all negotiations and payments.

The second scheme is more complicated and more cynical, Vurasko believes. On behalf of the hacked seller, the attackers place ads for the sale of non-existent goods at discounted prices. When there are buyers, the criminals contact them, inform them that the order has allegedly been canceled by the marketplace, and offer to "resolve the issue directly" — to deliver the goods themselves and receive payment.

"However, marketplaces are actively fighting such schemes, so their number has decreased significantly recently," notes Vurasco.

Phishing is changing tactics

Despite the improvement of security systems, phishing remains the main weapon of fraudsters. Only now it is being used in conjunction with social engineering, which, according to the expert, provides "extremely high efficiency."

Photo: IZVESTIA/Sergey Konkov

—Every day, the Solar AURA service identifies and blocks dozens of phishing resources aimed at sellers and buyers of marketplaces," says Vurasco.

Login pages, promotional offers, and blocking notifications — criminals are constantly updating their arsenal, forcing users to enter usernames and passwords into fake forms on their own.

Experts remind you that neither marketplaces nor banks ever request confirmation of payment data through links in messages. Any suggestion to switch to an external resource for "account verification" should be suspicious.