The phishing campaign was discovered by analysts from the CERT-F.A.C.C.T. team.
The scammers offered to create licenses not only for driving a car, but also a motorcycle, a truck and a sailboat.
F.A.C.C.T. specialists identified 203 fraudulent resources, a quarter of these pages were registered at the beginning of 2024.
“The attackers also promised to solve the problems of persons deprived of their rights with the help of duplicates, documents with errors, mirror and fake IDs. On the site, the victim encountered social engineering and marketing techniques. On the websites of fake organizations there are articles “Why only 5% succeed in passing the license the first time” or “Why getting a license yourself through a driving school is a painful process,” and then they explained to the user how to buy a license quickly and with a guarantee.”
— Ivan Lebedev, head of the phishing protection group at F.A.C.C.T.
How the circuit works
Phishing sites. The victim ends up on a website that looks like a reputable company offering assistance in obtaining a driver’s license.
Social engineering. Websites post articles convincing users that it is extremely difficult to obtain a license through a driving school. An alternative is the service of “legal” rights in a short time.
Collection of personal data. Victims fill out an application indicating their full name, phone number and upload a photo and a copy of their passport. This data can be used for further fraudulent schemes. After submitting the application, information appears that the user will be contacted soon, but there are no guarantees.
The phishing campaign is aimed at residents of large cities: Moscow, St. Petersburg, Kazan, Rostov-on-Don, Yaroslavl, Voronezh. State departments of the State Traffic Safety Inspectorate, Rospotrebnadzor (with a typo), as well as automakers (for example BMW) and large insurance companies are indicated as partners.
Resources are located mainly in the domain zone .site, as well as .com. Specialists of CERT-F.A.C.C.T. initiated the process of blocking them.
The scammers offered to create licenses not only for driving a car, but also a motorcycle, a truck and a sailboat.
F.A.C.C.T. specialists identified 203 fraudulent resources, a quarter of these pages were registered at the beginning of 2024.“The attackers also promised to solve the problems of persons deprived of their rights with the help of duplicates, documents with errors, mirror and fake IDs. On the site, the victim encountered social engineering and marketing techniques. On the websites of fake organizations there are articles “Why only 5% succeed in passing the license the first time” or “Why getting a license yourself through a driving school is a painful process,” and then they explained to the user how to buy a license quickly and with a guarantee.”
— Ivan Lebedev, head of the phishing protection group at F.A.C.C.T.
How the circuit worksPhishing sites. The victim ends up on a website that looks like a reputable company offering assistance in obtaining a driver’s license.Social engineering. Websites post articles convincing users that it is extremely difficult to obtain a license through a driving school. An alternative is the service of “legal” rights in a short time.Collection of personal data. Victims fill out an application indicating their full name, phone number and upload a photo and a copy of their passport. This data can be used for further fraudulent schemes. After submitting the application, information appears that the user will be contacted soon, but there are no guarantees.The phishing campaign is aimed at residents of large cities: Moscow, St. Petersburg, Kazan, Rostov-on-Don, Yaroslavl, Voronezh. State departments of the State Traffic Safety Inspectorate, Rospotrebnadzor (with a typo), as well as automakers (for example BMW) and large insurance companies are indicated as partners. Resources are located mainly in the domain zone .site, as well as .com. Specialists of CERT-F.A.C.C.T. initiated the process of blocking them.
