A report from Group-IB reveals a sophisticated social engineering scam targeting consumers in the Middle East, leveraging government portals and remote access software to steal sensitive data and money. The scheme exploits trust, impersonates government officials, and causes significant financial losses.
Fraudsters target individuals who submit commercial complaints through government services portals regarding unsatisfactory goods or services. Posing as government representatives, the scammers contact victims and offer assistance with refunds. The victims are instructed to install legitimate government applications and remote access tools, such as AnyDesk, which allow the scammers to gain unauthorized access to their devices.
“During this process, consumers unknowingly cooperate with the fraudsters, often following their instructions to install remote access software, which enables further exploitation,” the report explains.
Once remote access is established, the scammers instruct victims to upload photos of their credit cards. Simultaneously, they intercept One-Time Passwords (OTPs) displayed on the shared screen, enabling fraudulent transactions.
The report highlights the use of RedLine Stealer, a widely available malware that extracts sensitive data such as passwords, cookies, and cryptocurrency wallets from infected devices. “RedLine Stealer first emerged in 2020 and quickly gained popularity due to its affordability and ease of use, making it a go-to tool for cybercriminals,” Group-IB notes.
The scam is meticulously organized, requiring advanced operations, including script preparation, remote access exploitation, and cash-out strategies. Fraudsters use stolen data to make 3D-secured purchases or recharge e-wallets, sometimes causing losses exceeding $5,000 per victim.
The scam primarily targets female consumers with limited technical expertise. Victims, motivated by the prospect of refunds, are often unaware of the risks involved. The financial losses are staggering, with “the average loss per transaction is approximately US$1,300 for incidents where transactions were performed through online stores” and higher amounts when e-wallets are involved.
The report underscores vulnerabilities in government portals, which fraudsters exploit to gain initial access. “Government portals/websites, which are less protected against data breaches and hacking than banks, are used in the preparation phase of a social engineering attack,” the report states.
To combat such scams, Group-IB recommends:
- For government agencies: Strengthen portal security and implement fraud detection measures.
- For financial institutions: Enhance OTP protection and monitor suspicious transactions.
- For consumers: Avoid sharing sensitive information or installing remote access software without thorough verification.
Related Posts:
- Chinese Fraudsters Target India’s UPI: The Rise of Counterfeit Loan Apps
- Fraudsters to Impersonate YouTube Email address and Send Phishing Emails
- $9 Million Tether Seized in Romance Scam Crackdown
