A new phishing campaign is actively spreading in Russia that’s promising a fake presidential decree to give citizens a lump sum for starting their own business. But for that, they’d be asked to pay the application fee of $5 (in rubles), which was stolen along with the sensitive card credentials in the phishing site.
Fake campaigns and greedy citizens
Unknown attackers are crafting legitimately looking websites along with several advertising accounts and pretending to be from the government to lure greedy citizens. Dr.Web, an antivirus company from Russia unearthed this news first and have collected adequate information of this campaign. It has identified two sites that are claiming to be official resources of the Russian Ministry of Economic Development.
https://news-post.*****.net/
https://minekonovrazv.*****.net/
This fraud campaign has been significantly promoted in Instagram, where over 200,000 users have watched it till now. It’s unsure how many have fallen for the prey yet. In the video, criminals pretend to be offering lumpsum amounts to those who’re eligible under Social Contracts Program. This was even backed by carefully-crafted legitimately looking excerpts from news releases and TV broadcasts.
They’d be saying of a fake presidential decree No. 1122B that would be offering eligible citizens a lump sum for starting their own business. All this fraud is even advertised heavily via Instagram and fake sites of popular government channels as Russia-1, Russia-24 and Channel One Russia. Further, hackers have even created fake reviews and comments on their advertised posts to let the public belief as a trusted program.
The scheme lures greedy and innocent citizens to register by their name and email for verification. This generates a random amount they can claim as a part of a government program, but to have so, they’d further be asked to submit their details in an electronic application, where they will be charged 300 rubles ($5) for its download. Aside from stealing that simple $5 amount, hackers are also stealing sensitive card information that’s being entered into the phishing site.
Source: Dr.Web
