Cybercriminals have become active on the wave of popularity of Labubu monster toys. "Kaspersky Lab" has identified hundreds of fake websites and bots in Telegram. Attackers deceive users by offering toys, and as a result, people lose money and risk personal data leaks. Experts believe that Labubu attracted the attention of scammers due to high demand among parents and difficulties in finding them in official stores.
Attackers lure potential victims to fake resources with generous discounts, catalogs with allegedly original figurines, the opportunity to purchase rare collections and exclusive series of characters.
Experts demonstrated several examples of such sites. One of them says on the main page: "Original Labubu in Russia! Only genuine figurines, fast delivery, quality guarantee." However, this is a deception. If a user enters their bank details or transfers money directly to the resource owner, they may lose funds.
In addition to websites, fake Telegram bots have appeared. They promise easy earnings or the sale of Labubu. However, behind these tempting offers lies the requirement to subscribe to suspicious channels where dubious projects are advertised.
At the end of May, analysts at F6, which deals with protection against digital risks, identified Telegram bots using the popular toy as bait for phishing. Attackers were trying to steal user accounts.
Under the pretext of receiving a Labubu as a gift for a review, bots offer to share their contact, and then enter the received code from Telegram from a "unique user." In fact, this is an access code to the account. If the user enters it, they will lose access to their account.
This is classic social engineering. You don't have to be a professional hacker to do this, says AppSec Solutions. Attackers most often resort to phishing to lure people's logins, passwords and bank details.
The scheme is usually as follows: the scammer creates a channel, winds up a lot of fake subscribers there, buys advertising or agrees to placement in other channels so that everything looks plausible. Then he publishes an advertisement, for example, for the sale of a rare toy, and gives a link to a fake online store. People go, enter their data, pay for the goods - and lose money.
A malicious link can be hidden in applications that offer to install, the press service noted. Labubu toys attracted the attention of scammers for a reason. They aroused great interest among parents, and they are difficult to find in official stores.
When demand exceeds supply, scammers become active. They create fake websites, fake social media accounts and bots in Telegram, offering "last copies" and "special discounts," said Anna Vyatkina, an analyst at the research group of the information security analytics department at Positive Technologies.
This tactic works not only with children's products - scammers exploit the demand for other seasonal and fashionable goods in the same way. Their main trick is to play on the emotions of buyers who want to have time to buy a trendy thing.
In order not to fall into the trap of scammers, it is important to follow simple digital security rules: make purchases only in trusted places - large marketplaces, on official websites or from trusted sellers.
Before buying, be sure to study reviews not only on the site, but also on other platforms. Pay attention to the domain registration date. If the price seems suspiciously low, it could be a trap. Pay for orders in safe ways, or better - upon receipt.
AppSec Solutions experts recommend not clicking on links from suspicious emails and messages, even if they contain a personal discount offer. It is best to visit the site directly to avoid buying a fake. To do this, you can compare the assortment of a real store with what is offered in the "hot" offer.
Experts emphasized that users must enable two-factor authentication in social networks and messengers. This means that even if attackers gain access to your login, they will not be able to enter the account without a second factor of protection.
Earlier it became known that scammers have reached education and medicine: fake work chats are becoming a new threat. Cybercriminals create fake chats using the names of real companies. They feature accounts that pretend to be colleagues or even real employees who are unaware of the fake.
Read more on the topic:
Why victims call scammers themselves: a scam scheme revealed
Espionage and complex cyberattacks: how hacker attacks on industry and telecom have changed
Now on home
Герой России Гарнаев: никто из профессионалов о возобновлении производства на КАЗ всерьёз не говорит
Система отслеживает спутники на высотах до 50 000 км и ведёт за ними наблюдение
The armored vehicle is equipped with a KamAZ-740.35-400 diesel engine with a power of 400 hp.
Constant improvements in avionics, weapons and tactical capabilities will make the aircraft a flexible response to future challenges
The exterior of the KamAZ-54901 features fairings on the cab and chassis for fuel economy
Fighters are in demand both domestically and abroad
Tyazhpromexport and Venezuela Agree on Plant Revival
The company not only completed the state order, but also quickly mastered the production of AK-12K for special forces
Experts have developed a photogrammetric complex with a resolution of less than 1 cm
