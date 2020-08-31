IT companies in August record a sharp increase in the appearance of phishing fraudulent ticket sales sites. Group-IB told Izvestia that their number has almost tripled over the last month of summer. Since June, more than 130 Russian-language fake resources have been found in Kaspersky Lab. Experts say that the promotion of fraudulent sites has a pronounced seasonal focus, and this year their activity will increase with the resumption of mass events.

Migration to the Network

In August, a sharp increase in the creation of phishing and fraudulent resources was recorded, Group-IB told Izvestia. During the summer, the company discovered more than 100 fake websites offering supposedly cheap flights. Most of them are already blocked.

– At the end of July, there were three dozen such resources, in mid-August – already about a hundred. Most of them are aimed specifically at selling air tickets, but now you can face fraud in everything related to travel: hotel reservations, car rental. To mislead people, online scammers often use brands from well-known carriers and aggregators. Some of the resources were created even before the quarantine, but because of the pandemic, they were activated only when the borders began to open, ” says Yakov Kravtsov, head of the anti-counterfeiting department of the intellectual protection department of Group-IB.

The company, citing data from the Ministry of Internal Affairs, noted that in the first half of 2020, with a decrease in the number of “classic crimes” – street robberies (by 23.6%), robberies (by 20.7%), thefts (by 19.6 %), car thefts (by 28.7%) – the number of IT crimes increased by 91.7% compared to the same period in 2019.

During the summer, Kaspersky Lab found more than 130 Russian-language fake resources offering to buy tickets, the company told Izvestia.

Photo: Izvestia / Dmitry Korotaev

Over the three summer months, the ticket aggregator Tutu.ru identified seven fraudulent sites, which they carefully mimicked the design of the service. Employees of the company found more than 10 posts in social networks and instant messengers, where it was offered to purchase tickets with a 40% discount on the Tutu.ru website and other services. Izvestia was told that when such twin sites are found, they promptly take measures to block them.

Aviasales noted that over the past year, together with partners from Brand Security, they have blocked about 500 fraudulent websites offering fake flights.

“Monitoring of fake pages is an ongoing process, but during the peak season (summer, May and New Year holidays), the number of such“ resources ”increases,” the company says.

A number of resources imitating official ticket sales sites have a pronounced seasonality, says Andrey Arsenyev, head of analytics and special projects at InfoWatch. For example, doppelgangers selling tickets for performances are usually most actively promoted at the end of summer, before the start of a new theater season. Many fake sites are tied to certain major events: concerts of world stars, shows, decisive football matches.

– Most likely, in the near future the shaft of such fraud will only grow. Surely, fake pages have already been prepared for the sale of tickets to concerts – the attackers are just waiting for the authorities to allow mass events in closed rooms, the analyst said.

The exploitation of the topic of tourism by scammers during the high season is quite a traditional phenomenon, Alexei Pavlov, head of the Solar JSOC services promotion at Rostelecom, also believes. Perhaps this year, fraud in this area has gained traction, as people are tired of isolation, lack of money, uncertainty in the future and want to switch and rest. Against this background, many people forget or neglect the basic rules of cybersecurity, which cybercriminals are actively using, the expert added.

Izvestia sent a request to Roskomnadzor and the Prosecutor General’s Office.

Precautions

In order not to fall for the tricks of scammers, Group-IB recommends buying tickets only on official sites and be sure to check the domain name of the resource. If the resource was created no more than a couple of months ago, it is highly likely that it is fraudulent, the company says.

Aviasales reported that, together with BrandSecurity and Roskachestvo, they launched the Real Ticket.rf project, in which you can enter the address of the site being checked. The data is analyzed in real time, and fake resources are blocked for several hours.

The ticket sales site must be protected by data encryption protocol (https) and be on the official list of ticket distributors approved by the organizers of the event, noted Andrey Arseniev. Also, you should not buy tickets remotely through electronic trading platforms from individuals – there is a high risk that, having received money, the seller will not send a ticket, stop communicating, or sell the same ticket to several people.

Photo: TASS / Vladimir Smirnov

– If a link to a suspicious resource came to the mail or in a message, then first you need to make sure that the sender is reliable. This should be a trusted source or source familiar to you, for example, a tour operator whose services you use regularly. You can also check the hidden link by copying its address into Notepad, without clicking on the link itself, – says Alexey Pavlov.

If the web address does not match the text of the letter, then it is not recommended to click on it. For example, the message suggests looking at the list of tours on the travel agency’s website, but the real address is long, complex and with a different domain. You can also click through a link or attachment through an online virus checking service, such as VirusTotal, or simply search for the name of the site on the Internet – perhaps you will find reviews from those who have already encountered scammers, Aleksey Pavlov noted.

Tatiana Sidorina, a leading content analyst at Kaspersky Lab, recommends that you be skeptical about any extremely generous online offer. It’s a good idea to install a reliable security solution: it will warn if a user tries to go to a phishing site. For online purchases, you can get a separate card, for example a virtual one. You can keep a small amount on it, and you can also set daily withdrawal limits on it, the analyst concluded.