Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,221
- Points
- 113
Users of the social network have become the target of scammers with clever methods of disguise.
In April, Recorded Future discovered a network of 608 fraudulent websites that forged well-known brands in order to steal users personal and financial data. The sites were organized as part of the ERIAKOS campaign and are only accessible via mobile devices. Sites were distributed through decoy ads that helped bypass automated crawlers.
The campaign targeted mobile users of Facebook, as access to the sites was only possible via smartphones, which significantly reduced the likelihood of fraud detection. Payment on the sites was made through the main payment systems (including Chinese ones), which added even more complexity in identifying and eliminating the criminal network.
Examples of fraudulent ads
The consequences of this and other similar campaigns are that financial institutions are exposed to the risk of financial losses, including chargeback disputes and non-recoverable losses. Fake brands also suffer reputational losses among deceived customers. Recorded Future recommends that organizations block suspicious trading accounts and carefully monitor customer transactions.
Technical analysis
Recorded Future identified four key indicators linking 608 domains to the ERIAKOS campaign:
Indicators, combined with trading account data, allowed Recorded Future to map the entire fraud network. The use of advanced screening techniques to evade detection indicates a possible trend in fraudster tactics. If the methods used become more widespread, current detection technologies may have difficulties in detecting and mitigating such threats, which will lead to an increase in the lifetime of fraud and an increase in the number of victims.
Also in their report, experts cited mitigation strategies for financial institutions and for ordinary users.
Source
In April, Recorded Future discovered a network of 608 fraudulent websites that forged well-known brands in order to steal users personal and financial data. The sites were organized as part of the ERIAKOS campaign and are only accessible via mobile devices. Sites were distributed through decoy ads that helped bypass automated crawlers.
The campaign targeted mobile users of Facebook, as access to the sites was only possible via smartphones, which significantly reduced the likelihood of fraud detection. Payment on the sites was made through the main payment systems (including Chinese ones), which added even more complexity in identifying and eliminating the criminal network.
Examples of fraudulent ads
The consequences of this and other similar campaigns are that financial institutions are exposed to the risk of financial losses, including chargeback disputes and non-recoverable losses. Fake brands also suffer reputational losses among deceived customers. Recorded Future recommends that organizations block suspicious trading accounts and carefully monitor customer transactions.
Technical analysis
Recorded Future identified four key indicators linking 608 domains to the ERIAKOS campaign:
- All fraudulent sites used the CDN "oss [.] eriakos[.]com";
- The domain names were registered through Alibaba Cloud Computing Ltd;
- Two specific IP addresses were used (47[.]251[.]129[.]84 and 47[.]251[.]50[.]19);
- Specific configuration errors were found in domains between the main domains and www subdomains.
Indicators, combined with trading account data, allowed Recorded Future to map the entire fraud network. The use of advanced screening techniques to evade detection indicates a possible trend in fraudster tactics. If the methods used become more widespread, current detection technologies may have difficulties in detecting and mitigating such threats, which will lead to an increase in the lifetime of fraud and an increase in the number of victims.
Also in their report, experts cited mitigation strategies for financial institutions and for ordinary users.
Source
