Yandex Go, an application based on Yandex.Taxi, includes services for the delivery of food and groceries. There are 360 thousand people in his VKontakte community. On December 20, the official Yandex Go community in VKontakte sent out an offer to subscribers to take part in a fake raffle with the text “Let's give electronic equipment, accessories and the main prize - money”. Subscribers received messages with phishing links to an external site, where they were asked to enter bank details in order to win $3 thousand.
So, money was debited from the accounts of those who believed the scammers, and now some users are demanding Yandex to return the lost funds.
Yandex and VKontakte confirmed that the group was hacked. In total, 332 people followed the link.
VKontakte explained that the account of one of the administrators of the public was hacked by password selection or through phishing since he did not link a phone number to his profile to check the login. The social network assured that they immediately blocked the page of the scammers.
Alexei Drozd, head of the information security department at SerchInform, believes that small public pages are hacked more often, since the owners of large communities know what they risk and pay more attention to security issues, so the case with Yandex Go looks amazing.
He admits that the page was hacked through the account of one of the community managers. "Recently, VKontakte introduced the possibility of granting any role the right to place advertising records, so anyone who had this right could be hacked, or an editor who can post any records in the community," suggests Mr. Drozd.
In 2020, hackers hacked 130 Twitter accounts belonging to famous people and placed ads on their behalf asking to transfer money to a Bitcoin wallet and promising to return the amount doubled. Thus, the scammers collected about $100 thousand from subscribers.
