- Статьи
- Society
- Keys to the cabinet: fraudsters have come up with a new scheme to cheat with marketplaces
Keys to the cabinet: fraudsters have come up with a new scheme to cheat with marketplaces
Fraudsters have devised a new method of deception connected with popular marketplaces. They create bots that masquerade as official accounts or support services and trick Russians out of their logins and passwords. "Izvestia" found out how such schemes work and how to protect yourself from them.
Bot scheme
Fraudsters have invented a new scheme to deceive Russians, associated with marketplaces. This was told by a member of the State Duma Committee on Information Policy Anton Nemkin.
According to him, criminals have begun to create Telegram-bots that masquerade as official accounts of marketplaces or support services. They offer the user to solve a "problem" with an order or account by asking for a login and password from a personal account.
"Believing they are communicating with a company representative, users agree and hand over their data, not realizing they are actually interacting with fraudsters," Nemkin said.
After gaining access to the account, fraudsters can change passwords, place orders in a person's name or withdraw funds from the internal balance and take them for themselves.
Also, the parliamentarian added, there is another scheme of deception, in which fraudsters create bots that send links to phishing sites. They completely copy the login pages to the marketplace - after a person enters their data, the hackers intercept them and gain access to a real personal account.
Evolution of deception
According to Dmitry Ovchinnikov, head of the Laboratory for Strategic Development of Cybersecurity Products at the Analytical Center "Gazinformservice", the use of bots to distribute phishing links is not a new scheme, it appeared in social networks (criminals created fake store pages there and deceived customers). And then, with the growing popularity of messengers, it was transferred to them and adapted to market realities.
- AI-assistants that replace live sales consultants are developing on the web. This is how stores save money and speed up the process of communication with the buyer, transferring him to a TG-bot that knows the answers to all popular questions. In addition, the bot can make an order and accompany the client from the beginning of the transaction to its completion. Naturally, many companies began to use the functionality, and criminals began to fake their bots," says the interlocutor.
At the same time, adds Alla Khrapunova, an expert of the People's Front project "For the Rights of Borrowers", curator of the "Moshelovka" platform, adding that in the marketplace circuit, the buyer's appeal to a Telegram bot is not provided for and makes no sense. All disputes and conflicts are resolved directly on the platform through the service of comments, Q&A and feedback.
- Based on our practice, even the preliminary stage of deception is impossible. If the user does not receive his order on the marketplace, the seller simply does not receive money. If the quality of the goods does not satisfy the consumer, there is a system of returns and compensations. This system is reliable and time-tested, " says the expert.
However, she notes, there are always people who do not know this. They become victims of criminals.
Trick variants
According to Alla Khrapunova, schemes with bots can be used by fraudsters in different ways. Sometimes people find such bots themselves - on the site of a fake online store, in advertisements or through a search (when a person, for example, looking for a seller or a community in Telegram). And sometimes the link is sent by scammers who operate on marketplaces pretending to be sellers.
- After a person makes an order, he receives a message from a fraudulent seller about some problem and a notification that you can get advice or solve the problem through support in messenger, - says the curator of "Moshelovka". - Then the client follows a link or through a search to a Telegram bot, which is actually created by fraudsters and masquerades as a support service. For greater credibility, such bots are often designed in the corporate style of marketplaces or allegedly their collaboration. But, of course, they have nothing to do with them.
In addition, adds Dmitry Ovchinnikov, fraudsters use bots in a scheme with prize drawings - people are invited to participate ostensibly for recently made purchases. But in the end, they pull the user's login and password from their account and start withdrawing money.
- Usually it happens like this: to confirm the receipt of a gift you need to authenticate in the marketplace. Then the user is slipped a link to a phishing site. Another popular scheme is when the user is asked to provide passwords to clarify the status of the order or its delivery," says the expert.
Deception on marketplaces
Speaking about deception on marketplaces themselves, Alla Khrapunova notes that over the past year and a half Moshelovka has received a large number of complaints about sellers. In their stories, victims told how they had been written to and informed that the goods had run out on this particular marketplace, but that they were available on another. It was said that the other site had a discount and a "more interesting price". The victim was sent a link to the allegedly same product on another platform, also a marketplace.
- When the victim clicked on the link, he or she saw a screen that fully corresponded to the expected visual design of the marketplace mentioned by the fake seller. At checkout, the funds were debited, after which the fraudsters disappeared and the goods were not sent to the victim. It is important that often there was also a compromise of bank card data: the victim entered all the parameters on the fake page, including the CVV code," says the Izvestia interlocutor.
Sometimes the scenario was slightly changed - the false seller sent a link to the goods and convinced them that he could give them a discount. The end of the story was the same: the person lost money and card data. And finally, there were cases when fraudsters hacked into personal accounts on sites selling goods and made POS loans for the purchased goods. The fraudsters took it back and the victim was left with an outstanding debt.
- Hacking an account on electronic platforms is dangerous by making unauthorized purchases through it and debiting the victim's card or internal wallet with the necessary amounts - in most cases, confirmation of payment is not required, because the card and wallet are "tied" to the personal account, - concludes the expert of "Moshelovka".
Ways of protection
In order to protect yourself from schemes related to marketplaces and fraudsters operating on them, Alla Khrapunova advises to follow a few rules. First, remember that all issues with the support services of marketplaces for the sale of goods should be solved exclusively in private offices and do not go beyond the contours of protection.
- Marketplaces and classifides spend billions annually to strengthen and maintain their security contours. These are serious automatic, technological solutions of control, including with the help of artificial intelligence, - says the expert of "Moshelovka". - It is in marketplaces that logs are stored on servers so that it is possible to quickly identify the essence of the dispute and satisfy the buyer's claims. An attempt to take the user out of the application or personal cabinet of a marketplace to discuss anything is always a marker of a fraud attempt.
Finding a solution to a problem on Telegram is not safe, she said. Going from messenger to account is too - it is necessary to divide the contours of work on the Internet and not to mix them. It is also recommended to work on e-commerce sites through downloaded applications and personal accounts, not through their web versions.
In turn, Dmitry Ovchinnikov urges you never and never to share your account name and password with anyone. Couriers, employees of marketplaces track the status of goods by order number, they do not need other data.
- If you follow a link to a third-party site, make sure that its address is exactly the same as the official one. When in any doubt, do not enter data, especially payment data," he concludes.
