In a campaign to take advantage of the ongoing crisis, hundreds of phishing sites purported to offer financial aid to Ukrainian civilians. Nine members of a criminal gang were detained by the Cyber Police of Ukraine after they stole 100 million hryvnias from them.
According to a press release from the organization last week, “criminals established more than 400 phishing websites (See: How A Hacker Creates Phishing Pages) to get bank card information of residents and usurp money from their accounts.” The culprits could spend up to 15 years in prison.
Computer hardware, mobile phones, bank cards, and the illegally gained criminal gains were all seized as a result of the law enforcement operation.
Ross0.yolasite[.]com, foundationua[.]com, ua-compensation[.]buzz, www.bless12[.]store, help-compensation[.]xyz, newsukraine10.yolasite[.]com, and euro24dopomoga0.yolasite[.]com were a few of the rogue domains registered by the actors.
The opportunistic nature of the social engineering attack is highlighted by the fact that the malicious landing pages, which were created to steal people’s banking information, operated under the guise of surveys intended to fill out an application for payment of financial assistance from E.U. countries.
Once they had the bank account information, the threat actors entered the accounts without authorization and fraudulently withdrew more than 100 million hryvnias ($3.37 million) from more than 5,000 people.
The distribution vector used to propagate the links is not immediately clear, but it could have been achieved through different methods such as SMS phishing (aka smishing), spam emails, direct messages on social media apps, SEO poisoning, or seemingly benign ads.
The agency has also warned citizens to “obtain information about financial payments only from official sources, not to click on dubious links, and in no case to communicate confidential, in particular banking, information to third parties or to indicate such data on suspicious resources.”