The Ukrainian CyberPolice have arrested a group of phishing threat actors that managed to steal payment card data from over 70,000 people. The group lured their victims to fake mobile service sites by using marketing and advertising to spread their links. The threat group then used the stolen data to empty the bank accounts of victims and steal their money. The group used over forty different fake websites and took advantage of the lack of vetting done by social media sites to share their fake advertisements.
Analyst Notes
Just because the threat group was arrested does not mean the victims of the scams are able to recover their stolen funds. Anyone who believes they were a victim of this attack should contact their bank. Social media websites are known for having poor vetting procedures when it comes to advertisements, and threat actors have taken advantage of this for years. Social media users should never trust ads they see shared and should always do their own research on a product or company they plan on buying from. Likewise, credit cards should be used for online shopping instead of debit cards. It is also advised to look into one time use credit cards to use on these websites to avoid credit card numbers from being exposed in situations like this.
https://www.bleepingcomputer.com/news/security/police-bust-phishing-group-that-used-40-sites-to-steal-credit-cards/