Fraudsters have devised an intricate social engineering scheme targeting bank clients in Middle Eastern countries. Masquerading as officials from government agencies, they employ remote access software to steal bank card details and one-time passwords (OTPs). Their primary victims are users who have filed complaints about goods or services through official government portals, exploiting the trust of individuals seeking refunds.
The scheme capitalizes on the credibility fostered by the fraudsters’ guise as representatives of state institutions. They offer assistance in processing complaints, request the installation of remote access applications like AnyDesk or TeamViewer, and gain control of the victims’ devices. With this access, the perpetrators collect banking information, intercept OTPs displayed on screens, and execute fraudulent transactions.
As awareness of conventional fraud tactics grows, criminals are adapting their methods. A recent analysis by Group-IB reveals that this scheme leverages vulnerabilities in e-commerce systems and the inadequate protection of government portals. A critical element of the attack is the use of victims’ real data, stolen via infostealer malware. One of the most commonly employed tools is RedLine Stealer, which has been actively used since 2020.
Victims are often individuals with limited technical knowledge, easily manipulated in their efforts to recover money for substandard goods or services. Women are most frequently targeted, as fraudsters exploit the trusting dynamics often present during these interactions. The average financial loss per transaction is approximately $1,300, while incidents involving digital wallets can result in losses as high as $5,000.
The organizers of this scheme operate a sophisticated infrastructure, involving the acquisition and sale of stolen data, the development of conversation scripts, and the creation of fraudulent accounts to launder stolen funds. Geographic analysis of IP addresses indicates that most attacks originate from regions in the Middle East, with perpetrators employing VPNs and other anonymization tools.
To mitigate such incidents, Group-IB experts have proposed recommendations for government agencies, financial institutions, and users. Government portals are urged to enhance account security measures and promptly notify users of potential data breaches.
Banks are advised to implement transaction and session monitoring systems and to respond swiftly to signs of suspicious activity. Meanwhile, users should maintain robust digital hygiene, refrain from downloading suspicious applications, and never share sensitive information over the phone.
Group-IB experts emphasize that only a comprehensive approach can effectively minimize the impact of such attacks and curtail their prevalence.
