Fraudsters have learned to bypass two-factor authentication (using a code from SMS) to confirm payments on the Internet.
This is done by simultaneously carrying out a fake operation on a phishing site, stylized as an OSAGO payment, and a real money transfer initiated by an attacker, Izvestia newspaper reports with reference to Kaspersky Lab, as well as other cybersecurity companies.
The scheme of deception begins with the fact that the citizen is sent a message with a proposal to extend the OSAGO: it contains data about the car, including the license plate, and when clicking on the link, the amount of insurance and another link for payment is shown, the head of the development department of content filtering methods said in “ Kaspersky Labs “Alexey Marchenko.
Further, according to him, after clicking on the link and entering the card data, the user is shown a page with the inscription “An SMS code is being formed”, which is shown by a timer for about 30 seconds, and then transferred to the code entry form. At this moment, the client actually receives an SMS from the credit institution.
“Most likely, after the user indicates the card details on the resource, the attackers initiate not a payment, but a request to withdraw money from this card. At this stage, they have everything they need to translate, except for the verification code. At this moment, the user is on the waiting page “SMS is being generated”. During this time, a message comes to him. It seems to the user that this is an SMS for payment, although in fact it is an SMS to confirm the money transfer initiated by the attackers, ”the expert explained.
According to him, when the user enters the SMS code on the page that appeared after waiting, the attackers complete the attack by confirming the money transfer that they initiated on their side. This is a combination of scam and phishing, emphasized Marchenko.
The fraudulent scheme, which combines a fake offer to pay for an insurance policy, the use of a person’s car number, a series of web pages waiting to receive first card data, and then a verification code, and others, was recently recorded and is quite rare, the expert said.
Let us also remind that earlier Dmitry Bondar, director of the Solar inRights center of Rostelecom-Solar, warned that cyber fraudsters have activated a scheme with password substitution – they deceive Russians by sending letters demanding to change passwords from various accounts.
In this regard, the expert just advised setting up two-factor authentication for authorization.
Source: Rosbalt
Tristin is an accomplished author and journalist, known for his in-depth and engaging writing on sports. He currently works as a writer at 247 News Agency, where he has established himself as a respected voice in the sports industry.
