Attackers have evolved a sophisticated social engineering scheme to target Middle Eastern banking consumers by posing as government officials and utilizing remote access software to obtain OTP numbers and credit card information.
The fraud primarily targets those who have previously filed commercial complaints with the government services portal, either via its website or mobile app, over products or services purchased from online merchants.
The scammers take advantage of the victims’ eagerness to cooperate and follow their instructions, hoping to gain reimbursements for their unsatisfactory purchases.
This method has a substantial financial impact because it is simple to implement and allows the fraudsters to do multiple fraudulent transactions from carefully chosen merchants in a single fake support session.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
How The Attack Was Executed?
According to Group-IB, victims were tricked by a phone call and asked to download AnyDesk and an official government app. The money was later withdrawn from both the current account and credit card.
.webp)
When a consumer files a commercial complaint, they must provide their contact details and personal information. This makes the account credentials public on the dark web since the personal computer was y infected with a particular stealer program.
Under the pretense of filing a complaint, the scammers urge the victim to download both an official application and a remote access software.
“Once screen sharing is established, the scammers request that the victim upload a photo of their credit card to the complaints app.
While the victim does so, the scammers steal the credit card details, preparing to make fraudulent online transactions”, researchers said.
One-time passwords (OTPs) are displayed on the shared screen as text notifications during this process. These OTPs are then intercepted by the scammer, who uses them to finish the fraudulent transactions.
Since the scammers use the technique of calling victims and posing as government officials, it is likely that they are native Arabic speakers who are fluent in the local accent.
“The breaches of government websites in the META region in almost 60% of cases are associated with the use of RedLine Stealer”, researchers said.
.webp)
In this case, fraudsters often cash out their victims’ money by purchasing 3D-secured merchandise or gift cards from local e-commerce stores, as well as recharging local e-wallets (payment to mule accounts).
Thus, monitoring leaks, alerting users, and implementing account protection against ATO (Account Takeover) attacks is recommended.
Strong anti-fraud procedures should be put in place by financial institutions, together with effective customer service and timely and accurate processing of verified fraud cases.
Users should refrain from downloading unverified software and files, and they should never give their card information or account passwords to the so-called “employees” over the phone.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!