Self-isolation has caused the increase in the number of phishing sites that mimic the popular delivery services. Every day in Runet appears about 20 new pages. Scammers use them in fraud schemes in ads, and in appearance resources are almost indistinguishable from the real thing, experts say. The increase in the number of such resources, they explain the proliferation of ready-made tools to create them.Every day in Runet appears about 20 new phishing sites popular service of delivery of goods, told “Kommersant” a senior analyst Infosecurity Softline Company Alexander Vurasko. For example, there are now about 106 domains with a combination of letters cdek (as in the address of website service delivery SDEK), while a year earlier there were six of them. The number of phishing sites that mimic the “Mail of Russia” grew five times compared to may of last year, and of counterfeit sites Boxberry and PEK last year did not exist, whereas now there are about 100 and more than 25 respectively, said Mr. Murasko.Fake web sites that duplicate the interface cdek.ru began to meet more often, confirms IT-the Director, SDEK Stanislav Gorbatovsky, adding that although the law does not obligate the company to track such resources, SDEK started cooperation with Group-IB to detect and eliminate sites before they have time to enjoy. Any change in the name of the site that make it different from cdek.ru indicate the fakes, he said. In the rest of the delivery services did not respond to requests.Phishing websites phishers use in the schemes of deception on large shopping sites and ad sites, say the experts. The attackers put up for sale expensive items at a significant discount, and interested buyers offer to arrange the delivery. For payment they send the link to a phishing website of the delivery service where the buyer pays for the goods, then the attacker disappears.In some cases scammers make delivery of the goods to the buyer’s name from any online store, noting in the order that payment is upon receipt, tells Alexander Vurasko: “In the end, the buyer arrives the courier with the goods, only the goods are not paid because the money went to the crook.”The increase in the number of fake web sites due to not only the popularity of the service delivery during isolation, but the fact that reduced barriers to entry in this business, there are instructions and tools for creating fake sites of delivery services, which are sold or leased, says Mr. Murasko. This gives you the opportunity to participate in the scheme, even people with little knowledge in the IT field. According to the company BI.Zone, each such team cheats on Avito and “Julia” makes an average of about 52 thousand RUB. a day, and the General rubbedand victims the ads could reach the 1 million RUB daily.The addresses of phishing pages are very similar to the names of these, for example, it may be yoola.ru instead youla.ru and appearance to distinguish these pages “almost impossible”, says the head of the research group of Department of Analytics of information security Positive Technologies Catherine Milusheva.Director of Trust & Safety “Avito” Andrew Rybintsev recommends users to switch to other messengers, to discuss the deal, do not click on unknown links, and also check the lock icon in the browser and the website address which should start with https, where the letter s indicates that the site is protected.To retrieve payment card data and enhance the user’s trust in transaction may be used and sites that mimic the interface of the popular payment services, said the head of the Zecurion analytical center Vladimir Ulyanov. At the same time, he adds, the majority of cheaters prefer to simply receive a fixed amount from the buyer is “real money” that can be used without restrictions, while access to the card account requires many additional steps and carries additional risks.Yulia Stepanova
