The KZ-CERT Computer Incident Response Service of the State Technical Service of the National Security Committee of the Republic of Kazakhstan warns of the discovery of a fraudulent online resource makesuran.ru.
Attackers, through mobile messengers and e-mail, sent out an invitation to take a survey on the Internet resource makesuran.ru, for a cash consideration with subsequent payments to the survey participant.
To receive guaranteed money, the survey participant must pay a commission of 162 rubles or 825 tenge. After agreeing with the terms of the survey, the participant is redirected to the online payment service SimplePay to fill in the payment card data.
After the transfer of funds to the account of intruders, guaranteed money was not received.
Recommendations from KZ-CERT:
Bank clients are advised to comply with the basic rules of information security. During the holidays, due to the increase in the volume of purchases and promotional mailings, we urge you to be particularly vigilant and not to visit, do not go to suspicious pages.
We advise users to contact the call centers of banks when they discover any changes in the logic of the operations being performed. Please carefully and carefully use the devices (computer, laptop, tablet) from which you enter the Internet banking site, and also pay with your cards.
We advise you not to go to gaming, entertainment, unfamiliar resources, not to follow links and banners with "sensations" - often such sites and news are used to infect users with various malicious software.
Also, be attentive to the security of the phone, which SMS notifications and one-time codes come to.
For attempts to infect, attachments of such formats can be used that do not arouse suspicion of the user (for example, doc, pdf, xls). Please note that most common file formats (including popular office applications) can be used for infection.
We advise you to consider any suspicious letter (from an unknown addressee, on an unexpected topic, where you are offered (or you are trying to force) to perform a certain operation urgently, or in a short time) - as harmful.
We advise you to carefully check the sender's address - attackers can send you an email on behalf of your friend or trusted organization, changing one or two letters in the address.