Cybercriminals have learned to bypass two-factor authentication to confirm payments on the Internet. First, the victim is sent a fake offer to pay for the CMTPL policy on a phishing site. Then, after the criminals receive the card details, the user is prompted to enter the code from the SMS to confirm the payment, but in reality, the cybercriminals initiate the money transfer.
The new scheme was revealed at Kaspersky Lab. The scheme of deception begins with the fact that the victim is sent a message with a proposal to extend the MTPL. It contains information about the car, including the license plate, and when you click on the link, the amount of insurance and another link for payment are shown.
After clicking on the link and entering the card data, the victim is shown a page with the inscription “An SMS code is being generated”, which is displayed for about 30 seconds, and then transferred to the code entry form. At this moment, the client receives an SMS from the credit institution.
“At this stage, they have everything they need to translate, except for the verification code. At this moment, the user is on the waiting page “Forming SMS”. During this time, a message comes to him. It seems to the user that this is an SMS for payment, although it is an SMS to confirm the money transfer initiated by the attackers, ” explained Alexei Marchenko, head of the content filtering methods development department at Kaspersky Lab.
When the user enters the SMS code on the page that appeared after waiting, the attackers complete the attack by confirming the money transfer. This is a combination of scam and phishing, emphasized Marchenko.
The fraudulent scheme, which combines a fake offer to pay for an insurance policy, the use of a person’s car number, a series of web pages waiting to receive first card data, and then a verification code, and others, was recently recorded and is quite rare, the expert noted.
This fraud scheme is already known in RESO-Garantia, Rosbank, Gazprombank, and VTB, as well as in Digital Security and Zecurion. Scammers are actively using fake online store sites and classified sites in this scheme. Also, in this way, you can not only steal money but also access important portals, said Digital Security.