According to ESET experts, one of these fraudsters' tricks is related to travel services: criminals pretend to be employees of travel companies and ask victims to make an advance payment.
The second scheme popular among fraudsters is fake websites, where one can allegedly receive "New Year's payments from the state." "Hackers fake web pages under the banner of law firms or imitate the sites of popular banks, where they ask you to enter card details to receive funds," the experts explained.
Analysts also warned that the data on the expiration date of the bank card and the three-digit CVV number cannot be transferred under any circumstances. "This information is needed only for payment, but certainly not for receiving money," noted in ESET.
Experts have also recorded a serious increase in the number of fake food delivery sites. Fraudsters completely imitate the appearance of popular sites and then use them to find out the bank data of Russians and withdraw money from cards.
Domain names of real and fake sites often differ from each other by just one character. “For example, dellivery-club instead of delivery-club or eda.ynadex instead of eda.yandex,” the company explained.
Experts noted that the victims of attackers are also often fans of ski resorts. "Attackers take advantage of the desire of Russians to save money and sell fake online tickets to ski slopes," ESET stressed.
ESET experts also warned that cybercriminals often send congratulatory emails, offering to click on malicious links.
Scammers know that on the eve of the holidays, companies generously distribute bonuses and gifts to their customers, and take advantage of this. When a person clicks on such a link as a rule he gets to a phishing site where he is asked to fill in personal or banking information. Often such messages contain links to viral software.
According to a survey conducted by ESET, a company specializing in anti-virus software development and protection against cyberthreats, most Russians (77%) believe that they are being tracked via mobile devices.
Young people aged 18 to 24 expressed the least concern about possible surveillance (35%), believing it is a manifestation of paranoia. People over 35 years of age are more concerned about surveillance.
At the same time, 39.5% of respondents believe that the search history on all devices is tracked, 25.5% believe that all actions performed on the device are transmitted, 14.1% believe that they are monitored using the microphone and gadget camera, and 20.9% think that all the above means are used.
Among the main reasons why interested companies collect personal data, 65% of the study participants named the setting of targeted advertising. According to other respondents, the data is used by special services and fraudsters.
According to the study, the Russians are afraid of the use of their personal data by fraudsters, leakage of intimate videos and photos, reading correspondence and wiretapping, as well as study habits and interests based on the search history.
To avoid potential surveillance, 45% of respondents disable geolocation on their devices. Another 39% check the ability of applications to access data. 34 and 32% avoid discussing personal topics on the phone and connecting to public Wi-Fi.
In July, Pavel Durov, the founder of VKontakte and Telegram, reported about the surveillance of his mobile device with the help of a spyware program. According to him, spyware applications are able to hack any phone on the iOS and Android operating systems and there is no way to protect the device now.
Experts of the antivirus company ESET have discovered a series of attacks, behind which is one of the most famous North Korean groups, Lazarus. The hackers targeted users of government and banking websites in South Korea. The cybercriminals used an unusual mechanism to deliver the malware, disguising themselves as stolen security software and digital certificates.
The spread of the Lazarus virus was facilitated by the fact that South Korean Internet users are often asked to install additional security programs when visiting government websites or Internet banking websites, explained the head of the investigation, Anton Cherepanov.
"The WIZVERA VeraPort integration installation program is widespread in South Korea. After installation, users can download the necessary software for a specific website. This scheme is usually used by the South Korean government and banking websites. For some of these sites, the presence of WIZVERA VeraPort is mandatory,” said Mr. Cherepanov.
Attackers used illegally obtained code signing certificates to inject malware samples. And one of these certificates was issued to a firm specializing in security - the American branch of a South Korean security company.
"Hackers disguised Lazarus malware samples as legitimate programs. These samples have the same file names, icons and resources as legitimate South Korean software," said Peter Kalnai, who was involved in the investigation of the attack.
ESET's analysis once again demonstrated the non-standard nature of the methods of intrusion, encryption and configuration of the network infrastructure, which has become the business card of Lazarus hackers.
It is worth noting that on November 13, Microsoft representatives reported that, according to their data, in recent months, three APT groups attacked at least seven companies engaged in COVID-19 research and vaccine development. The Russian-speaking group Strontium (Fancy Bear, APT28, and so on), as well as North Korean Zinc (Lazarus) and Cerium, are blamed for these attacks.
Hacker group Zinc (aka Lazarus) mainly relied on targeted phishing campaigns, sending potential victims emails with fictitious job descriptions and posing as recruiters.