Fraudsters have launched a new scheme to deceive Russians, posing as a corporate New Year's gift delivery service. Cybersecurity specialists from ESA PRO shared details on how the attackers operate.
An employee of the company receives an SMS, supposedly from a delivery service, notifying them that one of the clients has decided to send a gift. The message claims that the courier could not contact the recipient. They are invited to call the number provided. The fraudsters' method creates a semblance of trust.
Once contact is established, criminals can extract the victim's personal data, as well as inform them of the need to pay various fees or redirect them to a phishing site that mimics the sender's site. Such incidents are an example of brand spoofing attacks, where attackers masquerade as real companies to deceive citizens.
Experts emphasize that such schemes pose a significant threat during the New Year period, damaging the reputation of companies.