Case Study

Hispasec and Google have neutralized a big campaign of international fraud

Hispasec has collaborated with Google Safe Browsing and Virustotal teams to block 946.120 websites and 3.379 domains used in an international fraud campaign. The attackers impersonate known brands, offering fake anniversary rewards.
alt text
As we announced some days ago, Hispasec discovered a new fraud infrastructure distributed by the social networks using social engineering techniques. This scam, named “Anniversary”, follows the procurement of personal data like the phone number, postal code or the bank account data. The scam is carried out through a simple survey and a random box selection game (the victim always wins), then the user is asked to share the promotion with relatives through Whatsapp as well as his/her own personal information in order to receive the award (which they never actually get). The final aim of the attackers goes further; this is just a first phase, which can continue with other fraud methods like the installation of malware, obtaining credit cards information or subscribing online users to Premium services once they provide their phone numbers..
The attackers are using multilayer infrastructure and multiple service providers are involved, in addition to having millions of different domains, with the aim of making the detection and the deactivation of the scam campaign more difficult. Hispasec used VirusTotal to investigate the fraud campaign and reported the results to Google Safe Browsing, giving them all the URLs and domains to protect over 4.000 millions of devices that use this service immediately.
Google Safe Browsing is used by multiple browsers like Chrome, Firefox, Safari, Vivaldi, Brave and GNOME Web, which are used in multiple platforms, including Windows, OSX, Linux, Chrome, Android, iOS and more. For practical purposes, it is a prevention system of web threats with great coverage worldwide.
With this new partnership, the Antifraud Hispasec service and its SOC 24x7 reinforce the mitigation of phishing attacks cases, scams, malware and digital vigilance, improving its countermeasures tools and minimizing the time of response to effectively prevent the threats.
Hispasec is still tracking this threat actor, which has started to deploy two new kits with similar features impersonating the ID of a lot of brands.
ALDI Einkauf SE & Co. oHG
Allianz SE Inc
Apple Inc
Argos Ltd
Arla Foods AmbA
Arpico Super Centre
ASDA Stores Ltd
AT&T Inc
Atacadão Distribuição Com Ind Ltd
Auchan Retail International SA
Audi AG
Banca Intesa SpA
Banco Santander SA
Barclays PLC
Bayerische Motoren Werke AG
BNP Paribas SA
BoA – Bank of America Co
Cadillac Motor Car Division
Canon Inc
Carrefour SA
Cartier International SNC
Cash App
Casino Guichard-Perrachon SA
Casio Computer Co Ltd
Čepro AS
Coca Cola Co
Compagnie Générale des Établissements Michelin SCA
Consorzio Nazionale Dettaglianti
Coop AmbA
Costco Wholesale Co
CVS Pharmacy Inc
Danone SA
Decathlon SA
Dedeman SRL
Delhaize Group SA
Deutsche Bank AG
Deutsche Telekom AG
E. Leclerc Coop
Edeka Group
El Corte Inglés SA
Emart SRO
Eni SpA
Facebook Inc
FamilyMart KG
Federation of Migros Coop
Gaisano Grand Malls
Galp Energia SGPS SA
Heineken NV
Honda Motor Co Ltd KG
HSBC Holdings PLC
ICA Gruppen AB (publ)
Intel Co
Inter Ikea Systems BV
Jerónimo Martins Polska SA
Jollibee Foods Co
Kentucky Fried Chicken Co
Klarna Bank AG
Koninklijke Philips NV
Lego Group AS
Lenovo Group Ltd
Lotte Holdings
Luis Vuitton Malletier SAS
MasterCard Inc
Mazda Motor Co KG
McDonald’s Co
Mercadona SA
Metro AG
Microsoft Co
National Bank of Kuwait
Nestlé SA
Netflix Inc
Netto (Les Mousquetaires Group)
Nike Inc
Nissan Motor Co Ltd KG
Ocado Group PLC
OMV Petrom SA
Online Príma Hungary Kft
Orange SA
Otto GmbH & Co KG
Ozon AG
Panasonic co KG
Panda Retail Co
PayPal Holdings Inc
Penny Market (REWE Group)
PepsiCo Inc
Phoenix Pharmahandel GmbH & Co KG
Pick n Pay Stores Ltd
Pizza Hut LLC
PKN Orlen SA
Poste Italiane SpA
Profi Supermarket SA
Publix Super Markets Inc
Puma SE
Qatar Airways Co QCSC
REWE Group
Rolex SA
Royal Bank of Scotland PLC
Royal Dutch Shell PLC
Safeway Inc
Samsung Group
Shoprite Group
Siemens AG
Sklavenitis Greek Supermarkets SA
Sony Group Co KG
Starbucks Co
Supermayorista Vital (Maycar SA)
Suzuki Motor Co KG
Target Co
Tata Group
Tesco PLC
The Kroger Co
TotalEnergies SE
Toyota Motor Co KG
TrueMoney International
Twitter Inc
Uber Technologies Inc
UBS Group AG
Uniqlo KG
United Parcel Service
Walmart Inc
Walt Disney Co
Woolworths Holdings Ltd
Yamaha Co KG
An extent report with more technical details is available for the affected brands. Please, contact to receive it and the latest information about the new campaigns which can affect you.
Do you have doubts?
In case of doubt, you can request more information through the following form.