Ukraine’s cyberpolice force recently arrested nine members of a criminal group that operated over 400 phishing websites pretending to be legitimate EU portals offering financial assistance to Ukrainians. “The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control."
In total, this cybercrime operation stole approximately $3,360,000 from roughly 5,000 victimized citizens. While it is unclear how the victims ended up on these phishing sites, the cybercriminals could have used various means including SEO poisoning, direct messaging, email, and scam posts on social media platforms.
“The arrested individuals face up to 15 years in prison for multiple violations of Ukraine's Criminal Code, including Part 3 of Article 190 (fraud) and Part 5 of Article 361 (unauthorized interference in the work of computers and networks)."
Phishing is still a highly popular tactic that cybercriminals use to target victims. According to Kaspersky, 91% of all cyberattacks begin with a phishing email. Did you know that phishing techniques are involved in 32% of all successful data breaches? To help mitigate the threat, users should be careful not to click on malicious links or attachments in emails that come from unknown senders. In many cases, attackers will try to spoof their email address to make it seem like the email is coming from a legitimate source. Therefore, it is important to always verify the email sender’s address and ensure that the email is actually coming from the source they claim to be.