Security researchers have uncovered a sophisticated, multi-stage fraud campaign designed to trick consumers into sharing their card details.
Group-IB revealed that the fraudsters purchase on the dark web logins to government accounts originally obtained via infostealers.
They’re then able to reach out by phone to consumers who’ve submitted customer complaints about goods/services to an official government portal. Impersonating government officials, they claim to be able to help the victim process a refund, persuading them to download remote access software to their mobile device in order to streamline the process.
“Once screen sharing is established, the scammers request that the victim upload a photo of their credit card to the complaints app. While the victim does so, the scammers steal the credit card details, preparing to make fraudulent online transactions,” Group-IB explained.
“During this process, text notifications containing one-time passwords (OTPs) appear on the shared screen. The scammer then intercepts these OTPs and uses them to complete the fraudulent purchases.”
Read more on infostealers: New Infostealer Campaign Uses Discord Videogame Lure
The scheme, which Group-IB said targets consumers in the Middle East, is highly effective because it uses real customer information to socially engineer the victim.
Victims are usually female consumers with limited technology expertise. The scammers typically cash out their proceeds by making 3D-secure purchases of products or gift vouchers from e-tailers or recharging e-wallets, the report claimed.
Given the sophistication of the campaign, organized crime groups are the likely perpetrators, the threat intelligence firm noted.
“The scheme is well-structured and complex, requiring a mature level of operations, organized infrastructure, and various specialized roles,” Group-IB explained.
“It involves multiple stages, starting with data collection, preparing scripts for dialogues, proceeding to the implementation phase, which includes the use of RAT tools and performing transactions, and ending with the cashing-out and money laundering stages, which require extensive coordination, such as the creation and maintenance (farming) of mule and drop accounts, organization of reselling operations, and employing anonymization tools.”