Sale billet: record number of fraudulent websites blocked in Russia

In October, a record number of malicious sites were blocked in the Russian Federation — more than 8.2 thousand, a year earlier there were 1.5 times fewer such sites, the Coordination Center for .RU/.RF domains told Izvestia. The record was set before the start of the New Year sales: scammers have become more active and are trying to reach as many users as possible. Most often, attackers, posing as acquaintances or colleagues, offer a Telegram Premium subscription "for free", but in fact redirect to a fake messenger support site, where credentials are stolen. What other schemes are used by the attackers — in the Izvestia material.

How Scammers use AI

In Russia, in October, on the eve of the big sales season, a record number of fraudulent sites were blocked — 8,254 domains in the zones.RU and .RF. For comparison, a year earlier their number was one and a half times less, the .RU/.RF Domain Coordination Center told Izvestia. The vast majority of requests — more than 6 thousand — are related to phishing attacks, their number has tripled compared to the beginning of the year (2,168 thousand), said Evgeny Pankov, a data analyst at the center.

Photo: IZVESTIA/Anna Selina

— The increase in the activity of scammers is directly related to the approach of mass sales, such as "11.11", which is accompanied by many advertising campaigns, and the next one is "Black Friday". In pursuit of discounts, users lose their vigilance and click on phishing links more often," he explained.

In addition, according to him, hackers actively use Telegram: the main scheme is to hack user accounts and send fake links to their contacts.

Fantastic Beasts: Mutating AI Trojans Take Over the Web

New generation viruses break down the usual methods of protection and can remotely connect to generative AI models.

With the development of technology, schemes for stealing Telegram accounts are becoming more sophisticated, added Yana Avezova, a leading analyst at the Positive Technologies research group. The legend of fake gifts is especially relevant on the eve of the New Year holidays.

— The user receives a message from a compromised profile of an acquaintance offering a Telegram Premium gift subscription. To "activate" it is suggested to follow the link leading to the phishing site, where the attackers are already stealing credentials, she said.

According to her, in such scenarios, scammers create fake pages that disguise themselves as messenger support resources and redirect users to fake pages designed in the Telegram corporate style.

Photo: IZVESTIA/Sergey Lantyukhov

"The situation is aggravated by the use of modern AI technologies: attackers use deepfakes to simulate the faces and voices of acquaintances or technical support staff, which significantly increases the level of trust among victims," Yana Avezova added.

Why did scammers start using neural networks in large numbers?

Attackers actively use neural networks to create and replicate malicious content. Modern technologies make it faster and easier to do this, and fake sites are becoming almost indistinguishable from the official ones, Yuri Shabalin, Director of technology Development at Swordfish Security, told Izvestia.

According to him, deepfakes pose a real and growing threat. Today, there are services that use AI and large datasets to fake video and audio in fairly high quality: they substitute faces, substitute voices, synchronize lip movements, and form plausible facial expressions and gestures. Detecting such fakes is a difficult task for information security specialists, the expert noted.

Deepfake can be recognized by several signs: unnatural pauses between words, distorted facial expressions, errors when turning the head, the same volume of speech throughout the conversation, as well as the lack of synchronization of audio and video, Yana Avezova added.

Photo: IZVESTIA/Dmitry Korotaev

However, the quality of fakes is constantly increasing, so the expert advises not to fulfill requests from audio or video messages without reliable confirmation of the sender's identity.

Artificial intelligence, automation, and the proliferation of ready-made phishing schemes on the darknet have made cyber attacks easier to organize and cheaper to execute. At the same time, the market for stolen data is also growing, which encourages criminal groups to act more aggressively, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications, federal coordinator of the Digital Russia party project.

— Nevertheless, the authorities are actively responding to changes in the threat structure. In October, we managed to block a record number of malicious sites, which indicates the effective work of relevant departments within the framework of joint anti-fraud initiatives," he added.

It is important to understand that the fight against fraudsters is not only a task of the state, but also a matter of the digital culture of the users themselves. The higher the level of awareness of citizens about the signs of phishing, the more difficult it is for attackers to implement their schemes, the deputy concluded.