20 June 2017

Group-IB protects tens of thousands of social media users against fraud

Group-IB blocks fraudulent websites offering social network users ’free tickets’ masquerading as Aeroflot and other major airlines

Group-IB, one of the global leaders in providing high-grade Threat Intelligence and best in class anti-fraud solutions vendor, has helped to protect tens of thousands of people from criminals using recognized airlines’ logos for fraudulent schemes. Existing and future customers of airline companies were saved from potential implications of the attack by the joint effort of the information security service at Aeroflot and Group-IB’s Brand Protection team.

The first posts abusing the airlines’ logos appeared on social media on Sunday, June 4. Aeroflot was one of the 19 brands compromised as part of this global fraud scheme. The affected brands include major international airline companies, luxury brands and several chain stores offering online sale services: Virgin America, Delta Air Lines, Lufthansa Rolex, Spar, Tesco and others. Obviously, the attack was targeted at Western users — this can be inferred from the list of compromised brands, and from the fact that the Russian translation on the fake websites was done unprofessionally showing incorrect language usage.

Once the first few phishing websites were identified, Aeroflot alerted its customers in a statement and via posts on various social networks. CERT-GIB specialists blocked the fraudulent websites their side eliminating the threat to users by the evening of June 6.

A preliminary investigation was conducted into the incident, and all participants in the fraudulent scheme will be identified shortly. It is already clear that they used intellectual property of other owners to misdirect both customers of the airline companies and other well-known brands to third-party websites to generate advertising traffic. The attackers used a partner program, and some of the websites where users were redirected to contained malicious software.

«Incidents where fraudsters use a company’s brand, logos and brand colors, or even completely replicate its website are unfortunately, not uncommon. The company’s reputation may suffer irreparable damage as a result. Our Brand Protection service enables promptly response to criminal activities as we follow many discussions on fraudulent schemes, sale of advertisements for counterfeit products and databases, information collected and searched for insiders in the company in the dark web,» says Dmitry Rusakov, Head of Brand Protection at Group-IB.

The Group-IB Brand Protection service leverages 14 years of experience in combating cybercrime and unique Threat Intelligence. A high-tech monitoring system dedicated to mapping cybercriminals’ infrastructure and interrelations, which allows Group-IB to track websites, mobile applications and ads misusing a company’s brand as well as associated promo tools, i.e. e-mail distributions, contextual advertising, SEO manipulations and bot activities to increase search output. A criminal’s attempts to resume activities are be exposed at domain registration and hosting stage.

Find more info about Group-IB Brand Protection service

Group-IB — один из ведущих разработчиков решений для детектирования и предотвращения кибератак, выявления фрода и защиты интеллектуальной собственности в сети. Система сбора данных о киберугрозах Group-IB Threat Intelligence & Attribution признана одной из лучших в мире по версии Gartner, Forrester, IDC.

В основе технологического лидерства компании – 18-летний опыт расследования киберпреступлений по всему миру и более 65 000 часов реагирования на инциденты ИБ, аккумулированные в крупнейшей в Восточной Европе Лаборатории компьютерной криминалистики и круглосуточном центре оперативного реагирования CERT-GIB.

Group-IB — партнер Interpol и Europol, поставщик решений в сфере кибербезопасности, рекомендованный SWIFT и ОБСЕ. Group-IB – компания-участник Всемирного экономического форума.


Сообщить об инциденте

Центр круглосуточного реагирования на инциденты
информационной безопасности +7 495 984-33-64

Отправляя форму, даю согласие на обработку своих персональных данных в соответствии с Федеральным законом «О персональных данных» от 27.07.2006 № 152-ФЗ
Спасибо, мы свяжемся с Вами в самое ближайшее время
Сообщить об инциденте