Experts of the cybersecurity company Group-IB note that fraudsters skillfully disguise fake payment pages: they often contain logos of the international payment systems Visa, MasterCard.
"By creating phishing sites for popular services and online stores, scammers have learned to imitate payment pages protected by 3-D Secure, a technology that was previously considered one of the most effective to ensure the protection of user payment data when paying for online purchases worldwide", said the experts.
Attackers attract the victim with fraudulent advertising or spam mailing to the phishing page of the online store. There, the user enters payment data, paying for the selected product or service. Then SMS code is sent to the user's phone number to confirm the transaction. The user enters the code into the same form on the legitimate 3-D Secure page, and the money goes to the fraudster's card.
According to experts, to protect themselves, users must first pay attention to the source of the payment in an SMS message from the bank with a transaction confirmation code.
"If the words Card2Card or P2P are specified there, but the payment was not initiated from the specified resources, you should not enter the received code to confirm the payment," noted experts.
Information security expert Alexey Lukatsky stressed that it is necessary to pay attention to the name of the site, to its design, to possibly grammatical errors that are there, and to the domain on which this site is hosted.
The expert added that it is necessary to pay attention also to the 3-D Secure page.
"Because this domain must also be identical to the domain whose bank issues a card. Accordingly, if the domain name indicates something different or similar to our bank, then this is also a sign of fraud," added Mr. Lukatsky.
