An e-mail received at noon on July 12 did not arouse his suspicions – civil engineer Antonis Anipistakis was indeed expecting a package from the United States at that time.
“Unfortunately, the delivery was delayed due to lack of information. Your package will be stored at the sorting center in Athens until your details are confirmed,” read the text, which indicated ELTA as the intended sender. He thought that his name might have been misspelled, that the package had indeed been stuck somewhere on the long journey to Sitia. He provided his card details to pay for the €2.84 storage fee, unaware that he was opening a loophole for cybercriminals. “They changed the daily transaction limit and got into my accounts,” he says.
The card he entered was linked to one account, but the cybercriminals managed to break into three others in which he was the sole or joint beneficiary. The total loss amounted to 5674 euros as a result of four consecutive operations within two hours. It turned out that the money was spent on purchases from a company owned by Tripadvisor and possibly a Spanish hotel search site.
The scammers tried to conduct two more transactions, but the accounts were blocked by the bank in time. One of them was worth 140 euros. The paradox is that, as Mr. Anipistakis notes in an interview with K, the bank did not stop the transaction in the amount of 2,062 euros, although it was made at a later time than the other, which was blocked. He emphasizes that he learned about the fraud and notified the bank on the morning of July 13 so that the transactions were questioned and “frozen”. However, this action did not help either. He filed a lawsuit against unidentified persons, hoping that someday his money would be returned.
“They changed the daily transaction limit and got into my accounts,” says one of the victims of the hackers.
He was not the only one who fell victim to misleading messages sent with the ELTA logo. In February, a Rhodes resident entered her credit card details on a similar page and later discovered that two transactions totaling €799 and €207 had been made to Revolut digital bank and a computer games store.
The hyperlinks in three messages led to identical payment sites with different domain names: elta-tracking.web.app, hellenic-post.web.app and gr-elta.web.app. It is possible that they have the same author. It is not uncommon for cybercriminals to create more than one scam site in order to have alternative options in case one of them is detected and blocked. However, all three remained active until the first week of September.
Andreas Venieris, an information systems security specialist, studied three deceptive websites and found that they did not contain malware that could infect the victim’s computer, which is usually the case in such cases. The main task of their creator was the theft of bank card data. “It takes a lot of caution and preparation to be suspicious, not to give your card details anywhere,” he said. In July, digital evidence analysts at v4ensics determined that a similar scam was linked via email to a Facebook page that had a Tunisian phone number attached to it. “The fact that the various pages used in individual phishing campaigns are identical in appearance and functionality means that the attackers are using the same phishing kit, which may have been created by the attackers themselves or by third parties who sold it.
Usually attackers buy a phishing kit from an underground forum and use it to attack unsuspecting victims,” one of the company’s analysts said. If you carefully examine the misleading messages sent to Greek users, you can find some errors. Email addresses, although and contained ELTA-related words turned out to be fake.Despite careful syntax, some words were misspelled, missing an accent, or roughly translated into Greek.Phishing scams focus on psychology in an attempt to stress the victim.Mr. Venieris emphasizes that haste is a bad adviser If an organization seems to be asking for money and there is doubt about the veracity of the report, even a phone call to the agency’s headquarters to double-check can reduce the risk.