Cybercriminals have developed a new method of deception — they have begun to use malicious attachments in the form of archives containing phishing links. According to the "Pochta Mail" email service, more than 880 thousand such letters were sent in a month and a half.
The topics of these letters are usually related to the end of the tax reporting period, which is one of the most active periods for phishing attacks. Last year, the share of such messages with links in email traffic increased by 25%. Among the most popular methods of deception, cybersecurity experts highlight the "prize draw".
Every day, "Pochta Mail" processes from 400 to 600 million letters, of which more than 22 million contain attachments.
According to experts, the most common formats for fraudulent files are ".7z", ".rar" and ".zip". However, malicious code is increasingly being found in ".cab" (cabinet) format files. This format is usually used for system archiving, but recently it has sometimes been used to transmit an electronic digital signature.
Attackers send malicious attachments, disguising them as financial documents. This happens during the period when companies are preparing to close the reporting tax period.
According to information from "Pochta Mail" specialists, such attachments may contain files with the names "Documents for signature", "Notification" or "Invoice".
Alexander Anashin, a pentester at RAD COP, confirms that the tax season is one of the most active periods for phishing.
Also under the gun are holiday sales, the end of the quarter or year, the holiday season — any event that can cause people to feel emotions or make them act quickly without thinking about the consequences.
During "Black Friday" on popular marketplaces, attackers can create a fake site that looks like a real one, and set up a mailing list with malicious links or attachments that are difficult to distinguish with the naked eye. This was stated by Alexey Kozlov, leading analyst of the information security monitoring department of the "Telecom Exchange".
In 2024, the number of phishing links in email traffic increased by 25%, as shown by research by Bi.Zone, an information security company. On average, malicious files were found in one in a hundred letters.
Last year, Bi.Zone noted an increase in the number of phishing emails that offer to participate in a prize draw. In the first half of 2024, only a few such letters were sent to the corporate mailboxes of Russian companies. However, since October, experts have begun to record an average of about 56 thousand such letters per month.
In March, in the first two weeks of the month, the company received 35 thousand such letters, Bi.Zone reports.
One of the most common schemes in such cases is to convince the victim to participate in a win-win lottery. If the victim agrees, they are promised a win. However, as it turns out later, to receive the prize, it is necessary to pay a commission of more than 1000 rubles. As a result, the victim loses money, and the scammers gain access to their payment details.
Card data can be used for further fraud or sold on the black market. Such scenarios are successful, including due to the mass character and cheapness of such mailings.
If at least one percent of users respond to the scheme, then the attackers in the last six months could have received an income of 3.5 million rubles only from "commissions", not counting the funds that can be stolen from users' cards.
Earlier, scammers came up with a new way to deceive Russians. They send a parcel allegedly by mistake, and then on behalf of the transport company and the recipient of the parcel they ask to pay the cost of the parcel or customs duty. In February, the number of such cases increased by almost 30% compared to January.
Read more on the topic:
Scammers attract Russians to Telegram with a free premium subscription
A new scheme to deceive Russians: scammers scare Telegram users with "dead" acquaintances
Hackers have begun attacking Russians through secret chats in Telegram