February 2, 2023

Athens News

News in English from Greece

The Anatomy of a Digital Fraud


An e-mail received at noon on July 12 did not arouse his suspicions – civil engineer Antonis Anipistakis was indeed expecting a package from the United States at that time.

“Unfortunately, the delivery was delayed due to lack of information. Your package will be stored at the sorting center in Athens until your details are confirmed,” read the text, which indicated ELTA as the intended sender. He thought that his name might have been misspelled, that the package had indeed been stuck somewhere on the long journey to Sitia. He provided his card details to pay for the €2.84 storage fee, unaware that he was opening a loophole for cybercriminals. “They changed the daily transaction limit and got into my accounts,” he says.

The card he entered was linked to one account, but the cybercriminals managed to break into three others in which he was the sole or joint beneficiary. The total loss amounted to 5674 euros as a result of four consecutive operations within two hours. It turned out that the money was spent on purchases from a company owned by Tripadvisor and possibly a Spanish hotel search site.

The scammers tried to conduct two more transactions, but the accounts were blocked by the bank in time. One of them was worth 140 euros. The paradox is that, as Mr. Anipistakis notes in an interview with K, the bank did not stop the transaction in the amount of 2,062 euros, although it was made at a later time than the other, which was blocked. He emphasizes that he learned about the fraud and notified the bank on the morning of July 13 so that the transactions were questioned and “frozen”. However, this action did not help either. He filed a lawsuit against unidentified persons, hoping that someday his money would be returned.

“They changed the daily transaction limit and got into my accounts,” says one of the victims of the hackers.

He was not the only one who fell victim to misleading messages sent with the ELTA logo. In February, a Rhodes resident entered her credit card details on a similar page and later discovered that two transactions totaling €799 and €207 had been made to Revolut digital bank and a computer games store.

Journalists attempted to analyze this digital scam by focusing on three similar misleading messages sent to Greek Internet users in July and August. The first was published on July 24th. “Dear customer, we must inform you that the package you are waiting for has been returned to our warehouse,” the message said. “Please note that from tomorrow we will charge you a storage fee of one euro per day” . The sender used as the email address Email address is being protected from spambots. Javascript must be enabled in your browser to view the address..

August 14 from the site Email address is being protected from spambots. Javascript must be enabled in your browser to view the address. a new, almost identical message was sent. Its aesthetic, as well as the chosen logo, gave it a more professional image. There was even a tracking number for the package with an active hyperlink, which nevertheless linked to the original page of the General Postal Service and showed the progress of the package sent from Ilion (Attica). On August 23, a new message, allegedly from ELTA again, was sent in bulk to Greek recipients via email Email address is being protected from spambots. Javascript must be enabled in your browser to view the address.. This time the wording has been changed. It indicated August 19 as the day of unsuccessful delivery, and the weight of the package was 1.7 kg. “We may charge you for storage,” the message ended. In all three cases, there was a link urging recipients to click on it to correct their address.

The hyperlinks in three messages led to identical payment sites with different domain names: elta-tracking.web.app, hellenic-post.web.app and gr-elta.web.app. It is possible that they have the same author. It is not uncommon for cybercriminals to create more than one scam site in order to have alternative options in case one of them is detected and blocked. However, all three remained active until the first week of September.

Danger: Be careful, phishing!

Andreas Venieris, an information systems security specialist, studied three deceptive websites and found that they did not contain malware that could infect the victim’s computer, which is usually the case in such cases. The main task of their creator was the theft of bank card data. “It takes a lot of caution and preparation to be suspicious, not to give your card details anywhere,” he said. In July, digital evidence analysts at v4ensics determined that a similar scam was linked via email to a Facebook page that had a Tunisian phone number attached to it. “The fact that the various pages used in individual phishing campaigns are identical in appearance and functionality means that the attackers are using the same phishing kit, which may have been created by the attackers themselves or by third parties who sold it.

Usually attackers buy a phishing kit from an underground forum and use it to attack unsuspecting victims,” ​​one of the company’s analysts said. If you carefully examine the misleading messages sent to Greek users, you can find some errors. Email addresses, although and contained ELTA-related words turned out to be fake.Despite careful syntax, some words were misspelled, missing an accent, or roughly translated into Greek.Phishing scams focus on psychology in an attempt to stress the victim.Mr. Venieris emphasizes that haste is a bad adviser If an organization seems to be asking for money and there is doubt about the veracity of the report, even a phone call to the agency’s headquarters to double-check can reduce the risk.



Source link