Fake literacy: phishing sites with "unblocking Viber" appeared in the Network

After restricting access to Viber in Russia, cyberfraudsters have found a new method of deception - they offer users services to install a "safe version of the messenger" and also create fake sites in Runet with instructions on how to "bypass blocking". Clicking on such links is fraught with the loss of personal data, deletion of all information from the account and even theft of passwords. According to the RKN, in general, the number of blocked phishing resources this year increased by 558% compared to the same period in 2023.

How scammers use Viber

Scammers started creating phishing resources under the guise of Viber "blocking circumvention tools". This happened after Roskomnadzor restricted access to the messenger in Russia on December 13, Igor Bederov, head of the T.Hunter Investigations Department and SafeNet STI market expert, told Izvestia.

- Before the blocking, Viber was actively used as a means of spreading malware, extortion and threats. Now cybercriminals have adapted to the news agenda, we are already tracking cases of spreading Trojan viruses, as well as phishing under the guise of installing a "safe version of Viber" and deleting data from accounts," he said.

According to him, in the case of Viber, attackers most often use methods in the format of phone fraud. To do this, they register an account in the messenger on domestic numbers, after which they make calls to users in Russia. Already now there are banners on websites and in social networks about "bypassing blocking". Soon there may appear applications-doppelgangers of Viber in app stores, did not rule out the general director of Phishman Alexei Gorelkin.

- The popularity of Viber among fraudsters for attacks on users is explained not only by the wide coverage of potential victims, but also by the relative simplicity of account hijacking and initial registration. Attackers have learned to bypass security systems, which allows them to communicate with victims from the same account for long periods of time. One of the reasons is that in Viber it is more difficult to form a complaint about spam mailings and calls, - said Dmitry Dudkov, a specialist of F.A.C.C.T. company on counteraction to financial fraud.

Analysis of Viber mentions on shadow forums shows that it is most often used by attackers who do not occupy the highest place in the hierarchy of cybercrime - for example, providing spam call services. In the instructions that scammers distribute in their community, Viber is mentioned among the messengers that are not recommended for information transfer, the expert added.

- Blocking Viber in Russia narrows the range of possible cyberattacks on citizens. It is used by attackers for typical ways - fraudulent calls, including impersonation - when the attacker pretends to be a relative or manager of the victim, - said Roman Alabin, head of information security service of InfoWatch Group of Companies.

The main audience of Viber in Russia is people over 40 years old. They are more vulnerable to fraudulent schemes in Runet, which means it's easier for them to fall for false promises to regain access to a familiar messenger, said GG Tech expert Sergey Pomortsev.

- Despite the restrictions, fraudsters can send messages that look like official notifications from Viber or other services, asking to confirm personal data or follow a link. Such links often lead to fake websites where users enter their data," said Anton Meltsov, founder of AMsec24 Insurance Brokerage, a company called AMsec24.

Against the background of the news about the restriction of access to Viber, cybercriminals can use this information occasion for new large-scale attacks, believes leading analyst of the digital risk protection department of F.A.S.S.T.. Evgeny Egorov.

- Attackers can offer users to install a malicious version of the messenger that is "available in Russia" to replace it. Or create fraudulent sites, stylized as the official Viber resource, to steal users' money, as it happened in the early 2020s, but under a different pretext - for example, paying users some "compensation". Another typical scheme that fraudsters can use is to offer instructions on how to bypass the blocking of the messenger for money," he said.

Personal intrusion: fraud attacks on Telegram users increased 19 times

What tricks have attackers come up with before the New Year holidays and how to protect against them

How to protect your data on the Web

Roskomnadzor told Izvestia about the sharp jump in blocking phishing resources. In 2024, specialists of the RCN, the Center for Monitoring and Management of the Public Communications Network (CMU SUCN) together with the National Coordination Center for Computer Incidents (NCCI) identified and blocked 30.3 thousand phishing resources and 127 malware control centers. Compared to the data for the same period in 2023, the growth was 558% for phishing sites and 164% for malware control centers.

According to the results of the first three quarters of 2024, 89% of all successful attacks on individuals were carried out using social engineering methods, said Anna Golushko, senior analyst at Positive Technologies research group. At the same time, attackers most actively used phishing sites (58%). Social networks and messengers accounted for 15% and 12% respectively, she added.

- Fraudulent schemes to spread fake sites masquerading as official messenger resources remain effective. Such pages on the Internet offer to download applications under the guise of original and additionally equipped with various functions, ranging from bypassing blocking to free premium functions and additional features. In addition, through websites, social networks and other messengers, cybercriminals distribute instructions on how to use blocking circumvention tools. This leads to the risk of stealing personal data from users' devices, including saved passwords, payment card data and cookies," the expert reminded.

Roskomnadzor recommends to follow security measures to avoid becoming a victim of such attacks: do not click on suspicious links from SMS or messengers, check website addresses, download applications only from official sources and use trusted application stores, such as RuStore. Also, beware of mailings from unknown resources, and if the user has not ordered goods, you should ignore messages about tracking parcels. At the same time, the RCN advises to install reliable anti-virus software to protect against threats.

The main rule of safe communication when using any messenger is to provide a minimum of information about yourself and remain vigilant. Do not accept calls from unknown numbers, do not click on links received from unknown contacts, hide or do not specify personal information, including personal data and bank card details. These security measures should be observed for all messengers, summarized Evgeny Egorov.