For offers of goods at a lower price on Avito and “Julia” are often the scammers figured out the experts of BI.Zone. Through a Telegram they send users to phishing links, copying the billing page legitimate resources. Total losses of victims reach 1 million rubles daily, with the transition to a regime of self-isolation of such scams is becoming more.On popular websites for ad placement — Avito and “Julia” — a new fraud scheme, found in BI.Zone (owned by Sberbank). Attackers will create ads for the sale of goods at a lower price, responding to the customers, the seller reports that is in another city, and offers to arrange the delivery. When the victim agrees, the attackers sent a phishing link to complete the purchase, which mimics the payment page of the legitimate resource — peck, Boxberry, “Mail of Russia”, SDEK, Avito or “Yuly”. Victim enters credit card information and pays for the goods, after which the scammers remove the account on the trading platform and no longer meet.Experts have found more than 20 Telegram channels that work according to this scheme, as well as separate channels for “recruitment” scams, one of which has 13.5 million members. Attackers use Telegram-bot to create phishing links and tracking defrauded customers through alerts on the performed payment.Before the creation of phishing demanded technical knowledge, now scams simply click on the button in the Telegram-bot and send the link to victim and to not worry about the preparation, registration, layout and create a phishing resource, the Director of the unit the expert services of the company BI.Zone Evgeny Voloshin. The owners of the Telegram-tools automation get the percentage of transactions with each of the fraud — this is actually called “phishing as a service”, i.e. the automated phishing for new intruders, explains Mr. Voloshin. This scheme lowers the barrier to entry dozens of times, increases the mass of attacks, emphasizes the speaker.Many of these fraudulent “business” can be conducted using persons in custody, said the head of Analytics and special projects CC InfoWatch Andrei Arsentiev. In 2017, the scammers have created a page that simulates the famous sites of delivery services, but the mass activation happened in the beginning of 2020, says Mr. Arsentiev: with the transition to the regime of self-isolation increased the demand for remote purchases. Users do not notice the forgery, so the fraud with phishing links is working, says the head of the research group of Department of Analytics of information security Positive Technologies Catherine Milusheva. She recommends not to go out of��social apps and never click on links from strangers, and to have a separate card for online payments with a limit on purchases.A blocked possibility to insert links to external resources in the messenger, and the user receives a warning when leaving the site, says security Director Avito Andrew its residents. In chats “Yuly” users also cannot send each other links to external resources, told in a press-service of the company, but the app added features of instant messengers, including free audio and video calls.It can be either “stolen” accounts, that is, a compromised user pages, or specially created accounts with the good reputation that fraudsters use three to four weeks, until the deceived buyers remain hopeful to receive the goods or to return money in the dialogue with the seller. Having credible account, the fraudsters do not have to take people to fake sites — it is easier to ask to transfer the money directly to the map, says Mr. Ulyanov, and if the buyer is in doubt, then to offer extra discount.Yulia Stepanova