Dark side of charity
From April 1 till May 1 Muslims around the world celebrate a big holiday of Ramadan. During this month, various good deeds and all kinds of charity are encouraged in every possible way. This can often be used by attackers by creating various phishing sites or other ways to steal money or personal data.
Kaspersky specialists have studied the situation and revealed various methods of fraud.
Specific types of scam
Since Muslims are now having a Ramadan holiday, scammers are taking advantage of the situation and trying to lure money from users focusing on charity. The example below shows that fraudsters, under the guise of food boxes, are trying to lure users to a phishing site. This is not an ordinary scam, when visitors are promised money or any gadgets like iPhone. For disguise, the attackers used the theme of the Ramadan to lull the audience’s vigilance.
Another example (below) is the greeting cards that users can send to each other on various occasions. Fraudsters can use such cards for several purposes. For example, to collect contacts, further send phishing content and increase the number of visits to the site.
“It is no surprise that criminals are trying to take advantage of Ramadan for their financial gain by tricking people who are eager to help and donate during the holy month. We’ve already seen several examples of how criminals use different tactics to steal their victim’s sensitive information or credit card details. While we encourage people to donate to the people in need, we also urge them to be extremely cautious and only donate to trusted sources”. Said Tatyana Shcherbakova, Security Expert at Kaspersky.
General types of fraud
However, in addition to themed postcards and Ramadan charity scams, Kaspersky experts have found more traditional forms of fraud. For example, below is a classic example of a scam where fraudsters promise users 100GB free if they follow the link and sign up. To make the page more credible, there are also some comments from already “registered users”. Another similar example is a fraudulent site on behalf of Amazon, where visitors only need to answer a couple of questions to receive a prize.
In such scam cases, fraudsters usually try to get personal or financial data as well as ask users to share the link with contacts in messengers. Besides, scammers can redirect users to other scam or phishing web sites, but with different content. So, users often have to go through the scheme several times: a survey – share contacts on different sites before they are asked to enter banking information.
In order to protect personal data and finances from phishing and scams, Kaspersky experts recommend the following simple steps:
It’s safe practice to enter a username and password only over a secure connection. Look for the HTTPS prefix before the site URL, indicating the connection to the site is secure.
Messages from official organizations, such as banks, tax agencies, online shops, travel agencies, airlines, and so on, also require scrutiny. Even internal messages from your own office. It’s not that hard to fabricate a fake letter that looks like a real one.
Install a trusted security solution and follow its recommendations. Then secure solutions will solve the majority of problems automatically and alert you if necessary.
Sometimes e-mails and websites look just like real ones. It depends on how well the criminals did their homework. But the hyperlinks, most likely, will be incorrect — with spelling mistakes, or they can redirect you to a different place.
In order to avoid phishing schemes on the web, it will be a safe tip to install Safe Browser Extension. Such an extension could block phishing websites, known to contain malicious downloads or stop downloading malware on the user’s computer.
Product promotion:
During the period from April 3rd to May 3rd, users in the Middle East can benefit from 30% discount on our flagship consumer products: Kaspersky Internet Security, Kaspersky Total Security and Kaspersky Security Cloud.