A gift for you: scammers steal Russians' money under the guise of distributing training courses

The scammers started stealing Russians' money by offering free training courses. They can be offered in messengers or on fake websites that mimic educational platforms. Izvestia found out what schemes cybercriminals use and how to protect themselves from them.

Deception under the guise of a gift: why you can't download files from unknown authors

Scammers began to deceive Russians by offering free courses. This was warned in the Department for the Organization of the fight against the Illegal use of information and Communication Technologies of the Ministry of Internal Affairs of Russia.

They told about a recent case when a girl subscribed to a popular psychology channel on Telegram. After some time, she received a message from the author of the channel thanking her for subscribing and offering to receive the course as a gift. The "courses.apk" file was attached to it.

The girl downloaded a file that turned out to be malware. The criminals gained access to applications on the phone, including bank ones, and all funds were debited from the accounts of the Russian woman.

The Interior Ministry clarifies that the scammers in this case could not even be the authors of the channel: criminals can create a fake account and write to subscribers under a false name. As a rule, they offer free materials or good discounts, hiding dangerous programs behind it.

How do such schemes work?

As Dmitry Kalinin, a Kaspersky Lab cybersecurity expert, explains to Izvestia, such schemes have been known for a long time. One of the first is the Mamont banking Trojan, which requests access to SMS and push notifications on Android devices and steals funds through SMS banking. Some modifications of Mamont have "learned" how to steal accounts in messengers, intercepting confirmation codes in a similar way.

— There are many ways to spread the virus. For example, we recently discovered websites of non-existent wholesale stores with products at extremely attractive prices. If a person placed an order, they were contacted in a messenger and informed that the product had been shipped, and to track it, you need to download a tracker application, says Kalinin. According to the legend of the attackers, this had to be done via a link in the correspondence, but under the guise of a tracker, the person downloaded the same Mamont.

In another example of an expert, the attackers distributed Mamont under the guise of a remote courier application.

— Such schemes are often associated with seasonal activities. For example, on New Year's Eve they can send out tickets for the "Christmas tree", on the eve of Defender of the Fatherland Day — discounts on men's gifts and the like. The main "hook" is extremely profitable offers that force you to go to dangerous sites or download higher professional education," adds Alexey Korobchenko, head of the Information security department at the Security Code company.

Schemes where Mamont is sent out under the guise of photos and videos and the question "is it really you?" do not lose popularity. If a user downloads an attachment out of curiosity, they also infect the phone.

How else do they cheat on education?

Scammers often use the topic of online education, especially in September, when the new academic year begins. Supposedly profitable offers can be sent by mail, messengers and social networks: these can be courses or imaginary investment training, says Alla Khrapunova, an expert at the Popular Front project For Borrowers' Rights and curator of the Moshelovka platform.

— Criminals can even discreetly activate automatic daily debit of money from the card, and then the exchange rate for 1 ruble or as a gift will become truly "golden". There have been stories when bank data was stolen when clicking on payment links, or an allegedly free course required payment and an installment plan was issued for a substantial amount," the expert explains.

At the same time, the installment plan was activated imperceptibly, with a few confirmation clicks on topics that were distracted from payment.

In addition, Moshelovka received complaints when money was debited, and the course either did not go (did not open), or had no value.

Recently, stories of hacking accounts of famous bloggers or "stealing" subscribers into a clone of a real chat have become more frequent, recalls Alla Khrapunova. After a short time, subscribers began to receive thanks from a "famous" person for subscribing and an offer to download a course or guide, ostensibly as a gift or on special terms - as happened with the injured Russian woman.

Buying online courses not through official ropes and communities is a risky undertaking, everything requires careful verification. Free training always has its benefits for the seller, and you need to understand what they are: it may be advertising in order to get a loyal customer and further sell products, or it may be the idea of scammers.

— Now we see that criminals are increasingly forcing victims to install malware on their phones, because through it you can get remote access to the contents of the phone and not invent complicated legends, forcing you to transfer money or perform other actions, — the expert concludes.

How is it safe to buy courses?

In order to safely buy online courses and training programs, Marina Probets, an Internet analyst and expert at Gazinformservice, advises choosing well-known platforms with a good reputation, carefully studying reviews from other users on independent resources, reading the terms of return and guarantees, using reliable payment systems and never entering bank card information on questionable ones. websites or suspicious links.

— Before entering data on the site, pay attention: if the domain name differs even by one letter, this is a reason to be wary. It is important to use a security solution — it recognizes the threat in time and will not allow you to install malware on your device, switch to a phishing or scam resource," adds Dmitry Kalinin.

He also urges you not to download files from questionable conversations with strangers, and pay attention to the file extension (which is indicated after the name) if, in particular, there are characters .apk or .An exe is a malicious program, not, for example, a photo, video, or text document.

— In order not to become a victim of such stories, you can simply set in the messenger settings a ban on inclusion in groups by unknown contacts and without the consent of the subscriber, - says Alla Khrapunova.

In turn, Alexey Korobchenko, head of the information security department at the Security Code company, advises you to take care of technical security tools: an antivirus that warns you about accessing a malicious site, as well as checks downloaded files. In addition, you can install or use an online sandbox locally, an isolated environment in which you can open all downloaded files without risking the main operating system.