In the second half of last year, attackers began to actively use instant messengers for calling. And now the risks remain high. Experts estimate that for all of 2022, sensitive data was compromised in 64% of attacks on individuals. In addition, a certain proportion of users suffered financially: gullibility played against them. IT experts warn that Telegram is set to see an unequivocal rise in fraud in 2023, as its audience has grown significantly. Details – in the material “Izvestia”.
mobile parasitism
In the last year, users have been increasingly attacked through messengers. In the fourth quarter of 2022, almost every sixth attack using social engineering against individuals was carried out precisely through messengers, calculated in Positive Technologies. As a rule, attackers use popular channels of social engineering. Every year, the influx of messenger users is increasing, and scammers do not stand aside.
Users of the most common instant messengers are most susceptible to attacks: Telegram, WhatsApp, Viber. For example, in 2022, after the mass transition of the audience to Telegram, many faced attacks aimed at stealing accounts and subsequent “hijacking” of accounts.
Photo: Global Look Press/ilas Stein
One of the key reasons for the increase in the number of attacks is the creation by companies of official accounts in social networks and instant messengers, the provision of services or consulting through them. Attackers take advantage of this and choose clients of well-known organizations as victims, communicating with the audience supposedly on behalf of the company – for example, a support service employee.
“Fraud episodes in instant messengers are difficult to track, since many attacks do not go beyond personal messages,” notes Sergey Zolotukhin, Group-IB information security specialist. – In current fraudulent schemes – for example, “Mammoth”, false dates or the distribution of malicious and phishing links – attackers are increasingly using Telegram. Fraudsters use the capabilities of the messenger to coordinate within the group, attract new members, distribute manuals and bots, evaluate results, and directly attack users.
So, to date, the activity of at least 1 thousand groups has been recorded, the actions of which, according to the Mammoth scheme, were coordinated through Telegram, the specialist notes.
For vishing (calling fraud), attackers increasingly prefer various instant messengers to a traditional phone call. Scammers take advantage of the fact that the victims do not always pay attention to the fact that they are answering the call in the messenger. In addition, in Telegram, criminals use number spoofing services that do not require the installation of special programs.
Often the target of attackers can be the Telegram account itself.
“We have been observing such attacks for several months,” says Sergei Zolotukhin. – Victims received a message asking them to support in a children’s drawing contest, vote for the “author” of the message, or receive a gift. Messages with a phishing link, as a rule, were sent to the address books of hacked accounts and publics where their owners were members. Also, under the guise of terms of reference for advertising placement, criminals send a file with a malicious program to the owners of Telegram channels.
Traps of Virtue
Usually, attackers adhere to classic schemes and goals – they call allegedly on behalf of bank employees and law enforcement agencies and try to lure out confidential data, Vladimir Grigoriev, an analyst at Kaspersky Who Calls, notes.
“However, there are other legends: for example, under the guise of sellers from ad sites, they call and, under various pretexts, encourage users to follow the link in the messenger,” the expert says. — In this case, a person runs the risk of encountering phishing. Unlike classic calls, these incoming calls today cannot be blocked or monitored centrally.
According to the CEO of the Octopussy web integrator Mikhail Shraibman, in 2022 the audience of messengers grew by 15%. Recently, the messenger is turning into a freer space with the possibility of deception. Without a mobile number, checking a message is much more difficult. Last year, social networks and applications began to be actively used to steal money. However, since February 2022, the Bank of Russia began to block such resources. As a result, almost 2,000 pages on social networks and several dozen mobile applications were stopped working. The total number of resources allocated for blocking exceeded 15 thousand, the expert shared.
Photo: RIA Novosti / Kirill Kallinikov
“Viber is most often used for fraudulent purposes, since the majority of the audience of this messenger is the older generation,” says Mikhail Shraibman. – It is more vulnerable to the influence of social engineering and less savvy in terms of standard digital skills to detect the fraudulent nature of a call or message.
A multiple increase in fraud in 2023 is to be expected in Telegram, as its audience has grown a lot. This is also due to the fact that most banking applications are currently removed from the App Store, in connection with which banks are actively adapting applications through Telegram bots.
The format of deception is chosen from expediency and efficiency. But the goal is the same – to lure out money, less often – to take possession of the user’s account (in order to then try to monetize it). Therefore, you should be wary of any contacts on the topic of payment, loans, fines, initiated not by you. Having received such a call or message, you should contact the addressee via an alternative communication channel. For example, if they introduce themselves as bank employees, call the bank via the official hotline. Even if a similar request comes from someone you know, you should call back and clarify whether there really was a request.
“The biggest risk of data loss occurs when your account is compromised,” says Alexei Drozd, head of the SearchInform information security department. – For example, the history of correspondence (with all the delicate details) can “pull up” or attackers export account data.
You can reduce the risks by setting the maximum privacy settings, the Izvestia interlocutor notes. To begin with, it is worth hiding information about yourself in your profile (from a nickname to a phone number) for outsiders and its availability when searching. Next, protect yourself from unauthorized login attempts: enable two-factor authentication, additional codes, passwords or biometric identification when authorizing in the application, if the functionality of the messenger allows it.
Don’t lose yourself
“Keep in mind that the risk of losing your personal data is very high, for example, during a conversation you yourself can, without realizing it, tell the scammer everything about yourself, starting with your full name, ending with passport data or a card number with CVV,” reminds the analyst of the analysis and assessment of digital threats Infosecurity (Softline Group) Maxim Gryazev. – As for protection against such calls, you can reduce the number of such cases by setting confidentiality in messengers by checking the box “Receive calls” – only from your contacts.
The only thing that prevents fraudsters is the growing awareness of their potential victims and protection from spam (specialized solutions from information security companies, all kinds of defenders from telecom operators and banks), says Lev Fisenko, executive director of Cross Technologies. Calls via messengers cannot yet become a replacement for classic scam calls, since, for example, privacy settings in Telegram allow you to limit the list of callers only to people who are in the user’s contacts, or to prohibit calls altogether for everyone. There are currently no automation tools for making calls via WhatsApp (only manual calls), and Viber has a small number of users.
Photo: Izvestia/Konstantin Kokoshkin
At the same time, Vladimir Ulyanov, head of the Zecurion analytical center, does not believe that the prevalence of instant messengers for making fraudulent calls will be high. Sufficiently effective methods of combating spam make malefactors’ accounts very vulnerable. With a mass call, numerous user complaints will promptly block such accounts. This is where the methods of struggle come from. The passive method is to ignore inboxes from strangers on messengers (and most people always do this). Active – block accounts and report spam. The more people complain, the sooner the account will be deleted or blocked.
The Russoft Association notes that today the messenger is quite expected to become one of the main working tools, because it is no secret that about 80% of work issues are resolved precisely in the “asynchronous communications” format, in personal and group chats. Public videoconferencing services suffer from a similar disease – the so-called zoombombing, when outsiders connect to online meetings, lectures and speeches in order to spoil the meeting or eavesdrop.
As a result, there are two unresolved problems in popular cloud messengers, they say in Russoft. The first is that it is impossible to verify the interlocutor “from the other side”. Outsiders can get into the work chat. The second is that there is no control over the links placed both in the description of the participants’ profiles and in chats. Fraudsters may send malicious files or use phishing links to steal data or gain remote access.
“From the point of view of the corporate segment, there is only one panacea,” the TrueConf press service says. — Business, state companies, industry, law enforcement agencies and others need to get used to working chats and dialogues in secure systems that are installed on servers within the company and are not controlled by IT vendors and providers. Such systems exclude the transfer of malware between participants, protect chats from the presence of unverified persons. In addition, given the experience of 2022, autonomous systems are protected from blocking and restrictions from foreign IT companies.
