A large-scale phishing campaign on Instagram is targeting Russian users, offering them a lump-sum payment to start their own business.
Security researchers from Russian antivirus company Doctor Web are warning users about the launch of a large-scale phishing campaign on Instagram, whereby threat actors inform users about a “social contracts program.”
Under the so-called program, financial aid is offered to Russian citizens allegedly from a “nonexistent” presidential decree No. 1122B, dated February, 11 2020.
To ensure the program is believable, threat actors “provide information as extracts from news releases, using relevant fragments from real broadcasts.”
Threat actors rely on targeting advertising accounts impersonating Russian federal TV channels like Channel One Russia, Russia-1 and Russia 24. Each of the posts are accompanied by fake comments from users who allegedly received the payment.
Researchers found two phishing websites that are utilised by the attackers, both with valid digital certificates and presented as official resources of the Russian Ministry of Economic Development.
To check if a user is entitled to receive the money, users are invited to enter their full name and date of birth. The page then generates a random sum of money, whereby the user is requested to pay a fee no larger than 300 rubles for registering the electronic application in order to receive the money.
The check-out page asks for more details including payment card information and phone number. Upon payment, the victim loses the registration free and all the entered data goes straight to the threat actors.
The post #Privacy: Phishing campaign targets Russian Instagram users appeared first on PrivSec Report.