In the first 6 months of 2020, Kaspersky lab has identified more than 23 thousand scam resources in RuNet – sites where users can earn a large amount for a commission or a security payment. For example, banners for a survey with earnings from 5 thousand rubles in 5 minutes pass through the AdSense advertising network. This figure is almost three times more than in the same period in 2019.
Kaspersky Lab has identified a new type of cryptocurrency fraud. One of the popular schemes offered everyone to hand over their computer power for mining, working through a browser, and as a reward to earn up to 20 thousand rubles per hour (depending on the power of the PC). The only condition is that the account must be verified in order to withdraw the accumulated amount. Naturally, when the payment for verification is in progress, no amount earned is received, since customers are simply deceived.
The details of the fraudulent scheme are as follows: the registration of an account on the profile platform takes place in a standard way. The account has a balance and the ability to programmatically rent out computer power. When a computer starts performing computational operations for mining cryptocurrency, income appears on the balance sheet.
To withdraw funds from the account, you need to reach a certain threshold value of 10,000 rubles, the amount of which is collected quickly enough. To withdraw the amount, you need to log in to the billing system by linking the card to withdraw funds. The card must contain the amount of 400 rubles, which is debited for the services of the billing system.
People who have fallen for the trick lose 400 rubles, do not receive the earned payment and show the data of their cards, which can be used by cybercriminals in the future for mercenary purposes, warns a Kaspersky Lab specialist.
Kirill Solodovnikov, CEO of Infosecurity a Softline Company, emphasized that in such schemes, in order to match the status of a serious organization, fraudsters can use small and unpopular payment systems. This is due to the fact that in such systems the minimum security measures are implemented in the smallest volume.
The idea of deception is a modification of the classic mechanism of extracting money from citizens. There is a virtual “carrot” in front of the eyes of a potential victim, which can be picked up if the organizers get some money from their own pockets.
Advanced schemes do not stop at the first stage, but introduce the following. For example, to move to a new level (reduced withdrawal threshold, increased% of profit, etc.), you can pay extra for services while the first transaction is “supposedly” displayed on the card within 3 working days. The victim can purchase additional services until she realizes she is being cheated.
The rise in popularity of social engineering attacks has been anticipated by Trend Micro since late 2019. If back in 2010 the maximum percentage of attacks fell on operating systems of the Microsoft family, then ten years later the key victim is not an advanced operating system, but the weakest element of any information system – the user himself.
The craving to get huge profits without proportional costs has always attracted and will attract a person to easy money. When the money “honestly earned” by the computer’s power reaches the long-awaited mark of 10,000 rubles, it is difficult to refuse the benefit 25 times higher than the initial contribution.
Payment systems can and should take measures against such crimes, says information security expert Mikhail Kondrashin. If each payment system strictly establishes the recipient of funds, then by sharing the data with law enforcement agencies, you can quickly find out the identity of the fraudster and detain him.
On the one hand, such a measure can really help in the fight against cyber crime. But on the other hand, you can forget about data privacy. Not in every country you can just trust the state like that.
Also, this solution creates a new problem. There are cases when the data is leaked by employees or hackers break into the system.
Imagine that the payment information of millions of people is stored in one place. For criminals, it will be like a “red rag for a bull.” For such a jackpot, 100% will fight.
As a result, if we apply a measure to store payment data, we face the risk of the largest hack in history. Also, this is an additional restriction of freedom.
What do you think? Share your opinion in the comments!
