- This phishing scheme targets Russian users with a message written in Russian that states ‘Money for you’.
- This scheme tricks victims into paying commission fee in order to win prize money.
What is the issue - Doctor Web analysts observed a phishing scheme where cybercriminals are using international companies’ official newsletter subscription forms to trick victims into making payments to attackers’ bank account.
Worth noting - This phishing scheme targets Russian users with a message written in Russian that states ‘Money for you’.
The big picture
Attackers are sending phishing emails that come from official email addresses from international companies such as Audi, Austrian Airlines, and S-Bahn Berlin to Russian users.
- These emails are written in English or German but it starts with a Russian message that says ‘Money for you’.
- These emails include a malicious link which redirects users to a dating website embedded with a malicious code.
- This website redirects users to several websites before landing them in a phishing page.
- The phishing page displays a message that says the user’s email address has been selected to participate in an international promo called ‘The lucky e-mail’.
- In order to win prize money of 10 - 3000 EUR, users must complete a survey.
- After completing a few survey questions, the phishing page displays details about the promo, prize money, and withdrawal conditions which includes a condition that states that the winner must pay a commission for exchanging EUR to RUB.
- In order to pay the commission fee, victims are redirected to a fake payment page which asks for their payment card details and urges them to make payment.
The bottom line - Victims do not receive any prize money even after paying the commission. These are mere phishing scams that steal payment card data and money from victims.
“What’s interesting is how the hackers send the phishing emails. They use official email newsletter signup forms on company websites. Special symbols are allowed in the forms, so it’s possible to send malicious links via official company newsletters,” researchers said in a blog.