Fraudsters exploit online government complaint portals, impersonating officials to gain victims’ trust and by using remote access software, they manipulate victims into disclosing credit card details and OTPs, facilitating unauthorized transactions and causing substantial financial losses.
To bypass heightened security awareness, cybercriminals in the Middle East have transitioned from social engineering to more sophisticated techniques, likely involving malware, phishing, and SIM swapping to compromise user devices and intercept sensitive information, including OTPs.
They exploit a vulnerability in the e-commerce complaint system by impersonating government officials and gain victim trust to install remote access software that enables data exfiltration and further exploitation, likely through social engineering and unauthorized access to sensitive information.
They instructed victims to download legitimate government applications and the remote access tool AnyDesk that enabled unauthorized access to victim devices, leading to fraudulent transactions from their bank accounts.
Stolen consumer data obtained from compromised devices, specifically personal information submitted during the filing of commercial complaints on government portals, is used to impersonate government officials and initiate fraudulent refund schemes, exploiting consumer trust and targeting victims of legitimate complaints.
By exploiting stolen personal data, they build trust and initiate social engineering attacks, as they instruct victims to install remote access apps, enabling them to monitor device screens and intercept OTPs that allow scammers to steal credit card details and complete unauthorized transactions, facilitated by the widespread availability of data-stealing malware.
RedLine Stealer, a type of malware designed to steal sensitive data from compromised devices, is a prominent threat in the META region, as the data reveals its involvement in nearly 60% of government website breaches in the region.
Impersonation and remote access fraud disproportionately impact female consumers with limited technological proficiency. Driven by the desire to obtain refunds for unsatisfactory purchases, these individuals are more susceptible to social engineering tactics employed by fraudsters.
It is likely orchestrated by organized criminal groups in the Middle East and leverages Arabic-speaking actors and advanced techniques that involve data collection, social engineering, remote access tools, and money laundering through mule accounts and anonymization tools like VPNs and virtual machines.
By taking advantage of data breaches on government portals to facilitate social engineering attacks, fraudsters impersonate officials, exploit victim trust, and target card details and OTPs to escape banking security.
According to Group-IB Threat Intelligence, in order to conceal the identity of the ultimate recipient, funds are typically handled through local marketplaces or transferred to mules.
To mitigate financial losses from these schemes, financial institutions should implement robust anti-fraud processes that include proactive alerts, detection of compromised accounts, identification of social engineering attempts, and analysis of 3DS transactions for anomalies.
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Ransomware Group “Medusa” Targets Rent-2-Own in Latest Cyberattack")
