Scam Alert: Digi Phishing Campaign Detected, Asking Credentials for a Prize

[harlan4096]

A different fake social accounts campaign also used Digi branding. Potential of electoral fraud in addition to financial fraud.

Summary: we discovered a Digi phishing campaign targeted at Romanian internet users. However, the campaign is displaying tailored content for each country, so its actual target pool is much larger. The malicious domains could be accessed from organic Google search results and led the user to a page with Digi branding elements.

Once there, the users were invited to go through some steps, ‘win’ a prize consisting of a new smartphone and then claim the ‘prize’ by submitting their personal details, including credit card information.

How Does the Digi Phishing Campaign Work?

Incidentally, we found these malicious websites while looking for Antivirus-related search words on Google. It’s pretty ironic if I think about it since people who are looking for cybersecurity software could be well enough prepared to recognize a phishing campaign. Of course, I suspect that this is not the only search that could lead to these malicious but organic results to be displayed.

The malicious link for the Digi phishing campaign only worked if accessed from Google. If we attempted to access them directly, the browser just entered a redirect loop and nothing was loaded.

Once we accessed the website, the page first asked for verification of humanity (the standard ‘Confirm you are not a robot’ checkbox). Oddly, this first screen was displayed in Spanish, although the next ones are in Romanian, based on the correct identification of our location.

After moving past the human confirmation screen, a page imitating the Digi brand is displayed. The page offers congratulations for being ‘one of the selected 100 users’ eligible to receive a smartphone gift. But before you can receive your gift, you need to answer 9 questions.

The questions are well crafted as to not arouse suspicion. All of them were about the devices you use, what other internet and cable providers have you had, that kind of stuff – it can seem like legitimate competitor research questions a brand can ask its users.

After moving through the questions, you get another confirmation that you answered all of them, that no duplicate IP entries were found and that you are indeed about to get the smartphone reward.
...

Continue Reading