Scammers create fake websites of state bodies and Internet companies

Attackers copied the websites of state companies and organizations, where they were asked to register for a small fee.
Group-IB reported the discovery of a new fraudulent scheme on the Internet. To create it hackers registered about 20 sites, including similar to the web resources of Russian and Ukrainian government agencies, whose visitors were asked to pass polls, having received a large sum of money for it. Transfers of funds were made through the Ukrainian payment system E-Pay, whose employees the Security Service of Ukraine suspected of assisting the People's Republic of China and the People's Republic of China.

In the network appeared scammers who create fake government websites and promotions of browsers, including Chrome, Safari, Opera, told Kommersant in Group-IB. The network was identified after a complaint was filed with Group-IB in one of them. According to the company, scammers work in Russia, Belarus, Ukraine and Kazakhstan. Links to fraudulent sites were distributed through spam mailing and advertising. The company found 19 such sites; they appeared in April, and during this time they were visited by more than 300 thousand people. Calculate the total damage from the fraudulent scheme is difficult, they say in Group-IB. Some sites are still active, but new ones appear on the site of blocked ones.

One of the most visited fake gossays was the resource "Development of Regions". On such sites they offered to pass a survey on reforms in housing and communal services, health care and education. For example, respondents were asked to answer how they relate to having their region selected as a testing ground for the abolition of the USE. After passing the survey, the visitor found out that he had won a large sum, which was offered to be transferred to his bank account or to an electronic wallet. Later it was found out that in order to receive the funds it is necessary to register the "Active citizen" account, paying 170 rubles. Then the visitor was asked to make new actions to receive a cash prize. Among them - "payment of transfer insurance", "activation of digital signature", "reconciliation of transfer with security services", etc. There were ten such steps, their cost consistently increased and at the last stage - "connection of the encrypted communication line" - reached already 1730 rubles.

On fake browser sites, visitors were informed that their browser was updated, and they themselves had a chance to win $ 50 to $ 3 thousand from the marketing budget of $ 1.5 million. Visitors were asked to specify the amount of the winnings, after which they were informed about the need to pay a "commission" for conversion of US dollars into rubles. As explained by Group-IB, the money was offered to pay through the platform - E-Pay, it was also used when paying for the account "Active citizen".

The interlocutor of Kommersant in E-Pay said that the company was previously contacted by the Security Service of Ukraine (SBU), who received complaints from citizens on fraud on the Internet; there were complaints from the payers themselves E-Pay. "We are not involved in this, there are a lot of scammers, I can not answer for this," Kommersant's interlocutor said. The E-Pay office is located in the Dnieper. In 2016, Ukrainian media wrote that the SBU suspected the company's employees in the aid of the People's Republic of China and the People's Republic of Germany. This was the reason for the arrest of E-Pay accounts in the All-Ukrainian Development Bank, which was owned by the son of ex-president of Ukraine, Alexander Yanukovych. The interlocutor of Kommersant in E-Pay claims that these charges were dropped in early 2017. "The rivals organized such a struggle with the help of law enforcement agencies," he said.

This site "Active citizen" is supported by the Department of Information Technologies (DIT) of Moscow. In his press service, Kommersant was informed that he was "aware of the existing problem". Hacking of this site, leaks and loss of personal information did not occur, stressed in the DIT. The representative of Google declined to comment, the press service of "Yandex" did not respond to the request of "b".

Attackers regularly copy sites of companies and state organizations, there is even a special software that automates the creation of such sites, says the head of the security center Positive Technologies Alexei Novikov. But before that, the main purpose of cybercriminals was bank customers. "Creating phishing copies of government websites is a pretty new idea for Russia. Users do not expect a dirty trick and come across a trick, "says Solar JSOC security expert Alexei Pavlov. In general, scammers often disguise their schemes for stocks, lotteries, questionnaires, profitable investments, charitable and insurance payments allegedly on behalf of well-known brands or government organizations, Nadezhda Demidova, a leading content analyst at Kaspersky Lab, said: in the autumn of last year, scammers acted allegedly on behalf of the Pension Fund of Russia.