CERT-RO, the government agency for cyber security, is warning all Romanians in the country about a new phishing campaign targeting Publi24 users, as happened with OLX users, and you should pay attention to what say.
"Attention: the online fraud attempt aimed at customers from the OLX Romania platform ended up targeting Publi24.ro users as well.
The CERT-RO team has updated the alert on the website dedicated to this #phishing attack that uses social engineering elements:
The scheme where platform users are lured by attackers into a trap to enter their card details works similar to that on OLX. Potential victims are usually people who post an ad on the platform with a specific product/service offered for sale. Shortly after publication, they are contacted off-platform on WhatsApp by attackers posing as customers interested in that ad.
After asking some general questions about the condition of the product, the attackers behind these messages agree to make the payment, including the delivery of the package, although on the Publi24 platform the shipping service is free!
The next step is to send in the conversation a link to a FAN Courier payment tool, which is actually a link to a phishing page, where the attackers collect the users' card details. In this case, in order to receive an amount of money in the account, it is NOT necessary to provide the card data, but the IBAN, which is the sequence of numbers and digits that identifies that account!
Attackers then attempt to withdraw amounts of money from that card in real time. Basically, we are talking about a real-time phishing attack, because the attackers will further ask the interlocutor on #WhatsApp, including possible codes sent via sms or through the internet banking application, to validate transactions.
To give that false sense of confidence to the potential victim, the attackers integrated into that phishing site a chat-like service, which is meant to help the user make the payment. In fact, in reality that conversation is also being held with the attackers."
