Apple’s iPhone X went on sale in 55 countries on Nov. 3, and there have been reports that some people in Moscow sold their place in line for over $150. This insane demand for the smart phone has inspired Russian cybercriminals to create over 500 fraudulent websites hoping to ensnare gullible users looking to buy the iPhone X.
More such fake sites are expected to appear in the next few months, said Andrey Busargin, Group-IB's director of brand protection. In general, the fraudsters are interested in making money off of any hot trend.
“Hundreds of suspicious online resources have appeared in the wake of the feverish demand and subsequent difficulties fulfilling orders (for iPhone X - RB)” Busargin said in a statement.
Buyer beware: A purchase from these websites could leave you with a fake phone or nothing at all. In the worst case, fraudsters steal your money and confidential data, and infect your device with malware.
One of the most widespread scamming schemes is based on a request for 100 percent pre-payment for the iPhone X at a bargain price. The new model can sell on fake websites for almost 30 percent lower than in the official store.
Fraudsters offer users to pay for the phone by sending payment via an online banking service or using e-wallets. After being tricked, some customers left comments on Yandex.Market claiming they were unable to contact the seller after paying for the order.
With the help of big data technologies, however, Group-IB detected links between nearly a dozen fraudulent websites. They were created by the same scammers, and registered this summer; the monthly audience of one such website amounts to about 6,000 users.
“When making a purchase on fraudulent websites, your bank account details can end up in hackers' databases. Money might temporarily remain in your account, but later, compromised bank cards can be sold in hackers' forums,” Group-IB warned in a statement.
Another popular scam uses websites with an iPhone X raffle. A gullible victim opens a link on a website to win the smartphone, and then they're automatically redirected to dozens of other websites. Finally, users end up on a page offering to install a malware program.
Busargin encourages users to think of “digital hygiene,” and to visit only a company's official website.
“Check the date when the website was created. Use free WHOIS services to find out registration dates, payment dates and information on domain owners,” Busargin said. “Don’t use your debit card on websites with an unsecure connection, and without an HTTPS certificate. Having this certificate in the address bar helps reduces fraud risk, though in some cases it could be forged.”
If using any of Russia Beyond's content, partly or in full, always provide an active hyperlink to the original material.