Evil intent: more than a thousand fake cultural leisure sites blocked in Russia
Since the beginning of the year, more than a thousand cultural leisure sites used by fraudsters have been blocked in Russia, the Coordination Center for .RU/.RF domains told Izvestia. On dating sites or in social networks they created fake profiles and sent a partner a link to sites to buy tickets, after which money was stolen from the cards. Why these schemes become especially popular before the New Year and how not to fall for the tricks of fraudsters - in the material "Izvestia".
How to recognize a fraudster in correspondence
In Runet for 10 months of 2024 was blocked 1013 domains of fake sites of cultural entertainment. Among them are 316 movie theaters, 375 theaters, 296 stand-up shows and 26 posters of various events, told "Izvestia" in the Coordination Center of domains .RU/.RF. Domains are blocked by registrars and hosting providers at the request of competent organizations as part of the "Domain Patrol" project. It is aimed at detecting malicious sites (domains) in the .RU and .RF zones and protecting users from fraudulent resources.
12 organizations cooperate with the Coordination Center within the framework of the "Domain Patrol": National Computer Incident Coordination Center (NCCIC), F.A.C.C.T., BI.ZONE, Bank of Russia, Roskomnadzor, Federal State Unitary Enterprise MNII "Integral", RU-CERT, Kaspersky Lab, Doctor Web, Rostelecom-Solar, Safe Internet League and Regional Public Center for Internet Technologies (ROCIT).
Most often sites on these domains were used for fake date scheme - fake date, in which attackers create fake profiles on dating sites or social networks, posing as an attractive girl, explained the head of projects of the organization Evgeny Pankov.
- Having gained the trust of a partner, the "girl" offers to go to the movies, theater or to the performance of a favorite artist. Then she sends a link to the site to buy tickets - it turns out to be phishing, and after payment the user loses money, and the "girl" does not contact the user," he said.
Despite the fact that the first cases of this scheme were recorded about five years ago, since then its popularity has not decreased. Fraudsters are constantly improving it, the expert added. If earlier they were limited only to correspondence and then a link to a fake site, now the victim can communicate with his "partner" live - it can happen through video, and there are cases of offline meetings.
According to Irina Zinovkina, head of analytical research at Positive Technologies, fraudulent sites for buying various kinds of tickets become especially popular in the run-up to the New Year holidays.
- A user can lose from several thousand rubles to even hundreds of thousands - it depends on which tickets he buys and in what quantity. In order not to fall for the tricks of fraudsters, it is worth to keep a close eye on the site where the purchase is made for mistakes, - emphasized Irina Zinovkina.
Such sites take the masses. The user will not lose a lot of money, but for the attacker it is important that there were many victims, said Alexei Gorelkin, General Director of Fishman (Skolkovo resident). After all, if the amount is insignificant, people will not always dare to contact law enforcement agencies.
How to protect yourself from fraudsters
In this scheme, attackers use, among other things, artificial intelligence technologies. There are known cases when fraudsters used AI-generated records: they send voice messages to the victim to make them more convincing, said the leading analyst of the Digital Risk Protection department of F.A.C.C.T. company Evgeny Egorov. Evgeny Egorov.
In addition, he said, there is another option - when they send a link not to buy tickets, but to download a fake mobile application.
- It hides spyware and a phishing form, which intercepts entered bank card data and SMS codes. As a result, attackers can debit money from victims' cards or empty their accounts," the expert said.
Girls can also become victims in various scenarios of the scheme. For example, fraudsters offered them free professional photography, paying only the hourly rent of the studio, the expert explained. As a result, the victim's money and bank card details were stolen, including under the pretext of canceling the photo shoot and returning the prepayment.
The expert recommends not to pay for purchases on unfamiliar sites and not to follow links from unknown users, as well as to make purchases only on verified resources.
In addition, it is important to check the domain name of the resource and the date of its registration. If it differs from the original or just seems suspicious to you, you should not buy or order anything there, he said.
You can recognize fake sites by their appearance, said Olga Svistunova, senior content analyst at Kaspersky Lab. Most often on such resources no buttons work except for the payment button, there are typos and sloppy layout. She noted that most often, attackers implementing scam schemes combine them with social engineering techniques - they rush people, do not let them think. Users do not always have time to critically evaluate the appearance of the page where they enter data.
Igor Biryukov, head ofthe cyber hub of the Skolkovo Foundation (VEB.RF Group), believes that themajority of leaks occur precisely because of citizens' poor awareness of cybercriminals' schemes. To solve such issues with fake sites and services, it is necessary to have a basic knowledge of cyber hygiene and be vigilant, as well as to use antiviruses. Domestic means of protection are reliable and demonstrate a high level, he summarized.
