Security researchers at Kaspersky Lab have detected a notable increase in fraudulent emails posing as a well-known information service targeting Russian-speaking users. The phishing campaign initiates by offering potential victims a gift, with later stages inviting them to partake in a seemingly guaranteed lottery. According to the Kaspersky Lab's data, this campaign commenced in September and reached its peak by month-end. The malicious intent behind these emails is to lure individuals into disclosing their financial information and ultimately defrauding them.
In the initial stage, email recipients receive a message claiming they can receive a gift by clicking on a link provided in the email. The message conveys a sense of urgency, stating that the gift must be claimed within 48 hours, after which it will expire.
Clicking on the link redirects the user to a fraudulent website featuring a guaranteed lottery. The theme of these deceptive websites may vary, which can include short surveys or smartphone giveaways. To claim the gift, the user is required to click on one of several boxes displayed on the page, and multiple attempts are allowed. Subsequently, a message appears on the screen indicating that the user has won a cash prize of $3,000 USD. However, accessing the prize proves to be elusive, as users encounter an error message: "The operation failed because the recipient's bank could not process the transfer in US dollars."
To resolve the issue, the user is prompted to convert the dollars to Russian rubles directly on the website. This necessitates a fee of 500 rubles, which is promised to be refunded within 24 hours.
Upon agreeing to the conversion, users are redirected to a phishing website camouflaged as a payment service page. Here, they are prompted to enter their bank card details and email address, ostensibly to receive a check. Ultimately, participants do not receive any winnings, and their money and financial information are handed over to cybercriminals.
Phishing attacks, such as this campaign, emphasize the importance of remaining cautious and vigilant when responding to unsolicited emails, especially those claiming to offer rewards or gifts. Users are urged to double-check the authenticity of such offers to prevent falling victim to scams and protect their personal and financial information.