A recent discovery by security researchers has brought to light a highly intricate fraud campaign aimed at duping consumers into divulging their card details. Group-IB, the firm behind this revelation, disclosed that the scammers involved in this operation acquire logins to government accounts from the dark web, which were originally obtained through infostealers.
Once armed with this stolen information, the fraudsters proceed to contact individuals who have lodged complaints about products or services on an official government portal. Posing as government officials, they offer to assist the victim in processing a refund, convincing them to install remote access software on their mobile devices for a smoother transaction.
Under the pretense of screen sharing, the scammers then instruct the victim to upload a photo of their credit card onto the complaints app. While the victim complies, the scammers slyly pilfer the credit card details with the intention of carrying out unauthorized online transactions. In a cunning move, the scammers intercept the one-time passwords (OTPs) sent as text notifications during the process and utilize them to finalize their fraudulent purchases.
Group-IB explained, “During this process, text notifications containing one-time passwords (OTPs) appear on the shared screen. The scammer then intercepts these OTPs and uses them to complete the fraudulent purchases.”
This devious scheme primarily targets consumers in the Middle East and is particularly effective due to its strategic use of authentic customer information to manipulate the victim. The victims are typically female consumers with limited technological knowledge. The report highlighted that the scammers tend to cash out their ill-gotten gains by engaging in 3D-secure transactions for products, gift vouchers, or e-wallet recharges from online retailers.
Given the complexity and sophistication of the operation, it is speculated that organized crime groups are behind this fraudulent campaign. Group-IB pointed out that the scheme is meticulously structured, requiring a high level of organization, specialized roles, and a well-coordinated infrastructure.
“The scheme is well-structured and complex, requiring a mature level of operations, organized infrastructure, and various specialized roles,” Group-IB elucidated.
“It involves multiple stages, starting with data collection, preparing scripts for dialogues, proceeding to the implementation phase, which includes the use of RAT tools and performing transactions, and ending with the cashing-out and money laundering stages, which require extensive coordination, such as the creation and maintenance (farming) of mule and drop accounts, organization of reselling operations, and employing anonymization tools.”
This egregious fraud campaign serves as a stark reminder of the dangers lurking in the digital realm and underscores the importance of vigilance and caution while navigating the online landscape. As cybercriminals continue to devise sophisticated schemes to exploit unsuspecting individuals, it is crucial for consumers to remain vigilant and adopt stringent security measures to safeguard their personal and financial information.