Cybercriminals have developed a new way to deceive - they began to use malicious attachments in the form of archives containing phishing links. According to the "Pochta Mail" email service, more than 880 thousand such letters were sent in a month and a half.
The topics of these letters are usually related to the end of the tax reporting period, which is one of the most active periods for phishing attacks. Last year, the share of such messages with links in email traffic increased by 25%. Among the most popular methods of deception, cybersecurity experts highlight the "prize draw".
Every day, "Pochta Mail" processes from 400 to 600 million letters, of which more than 22 million contain attachments.
According to experts, the most common formats of fraudulent files are ".7z", ".rar" and ".zip". However, malicious code is increasingly being found in ".cab" (cabinet) files. This format is usually used for system archiving, but recently it has sometimes been used to transmit an electronic digital signature.
Attackers send malicious attachments, disguising them as financial documents. This happens during the period when companies are preparing to close the reporting tax period.
According to experts from "Pochta Mail", such attachments may contain files with the names "Documents for signature", "Notification" or "Invoice".
Alexander Anashin, a pentester at RAD COP, confirms that the tax season is one of the most active periods for phishing.
Also under the gun are holiday sales, the end of the quarter or year, the holiday season - any event that can cause people to feel emotions or make them act quickly, without thinking about the consequences.
During "Black Friday" on popular marketplaces, attackers can create a fake website that looks like the real one, and set up a mailing list with malicious links or attachments that are difficult to distinguish with the naked eye. This was stated by Alexey Kozlov, leading analyst of the information security monitoring department of the "Telecom Exchange".
In 2024, the number of phishing links in email traffic increased by 25%, as shown by research by Bi.Zone, an information security company. On average, malicious files were found in one in a hundred letters.
Last year, Bi.Zone noted an increase in the number of phishing emails that offer to take part in a prize draw. In the first half of 2024, only a few such letters were sent to the corporate mailboxes of Russian companies. However, since October, experts have begun to record an average of about 56 thousand such letters per month.
In March, the company received 35 thousand such letters in the first two weeks of the month, Bi.Zone reports.
One of the most common schemes in such cases is to convince the victim to take part in a win-win lottery. If the victim agrees, they are promised a prize. However, as it turns out later, to receive the prize, it is necessary to pay a commission of more than 1000 rubles. As a result, the victim loses money, and the scammers gain access to his payment details.
Card data can be used for further fraud or sold on the black market. Such scenarios are successful, including due to the mass character and cheapness of such mailings.
If at least one percent of users respond to the scheme, then the attackers over the past six months could have received an income of 3.5 million rubles only from "commissions", not counting the funds that can be stolen from users' cards.
Earlier, scammers came up with a new way to deceive Russians. They send a parcel allegedly by mistake, and then on behalf of the transport company and the recipient of the parcel ask to pay the cost of the parcel or customs duty. In February, the number of such cases increased by almost 30% compared to January.
Read more on the topic:
Scammers attract Russians to Telegram with a free premium subscription
A new scheme to deceive Russians: scammers scare Telegram users with "dead" acquaintances
Hackers have started attacking Russians through secret chats in Telegram
