Don’t be in a hurry to pay

Cybersecurity experts have discovered a phishing attack on customers of popular pizzerias. Fake sites began popping up this spring, with the number quadrupling in May from April. Unlike previous waves of similar attacks, such sites live longer, as attackers use new hosting, through which it is difficult to find the owners of the site. Ready-made tools for creating fake pizzeria sites on a turnkey basis have also become widespread.

Cybersecurity companies record an increase in the number of Russian-language fake sites of popular pizzerias. Group-IB found similar activity this spring. From May 1 to May 28, 3496 domains were registered, which include the word “pizza”, of which 879 were registered in the week from May 21 to May 28, said Evgeny Voloshin, director of the Bi.Zone expert services block. For the whole April, according to him, only 850 such domains were registered. Telegram channel @ In4security reported that more than 20 phishing pizza sites were identified and blocked in May.

All identified sites look as reliable as possible, it is not easy for an unprepared user to distinguish them from real ones, warns the Telegram channel @ In4security. It notes that in order to promote resources in search engines, cybercriminals use contextual advertising, ensuring that links to phishing resources are displayed at the very top of the page, before search results. Cybercriminals spread advertising about promotions on behalf of brands with a link to a phishing form in social networks and messengers, warns Deputy Head of Group-IB’s Special Projects Department Yakov Kravtsov. According to him, after the victims entered the card details, they went to the scammers.

Last year, Bi.Zone met fake sites Pizza Hut, Papa John’s, Dodo Pizza and other well-known pizza chains, noted Evgeny Voloshin.

“Single phishing sites of pizzerias began to appear last spring against the backdrop of a pandemic, then there was a surge at the end of last summer, but then we managed to quickly deal with the situation by blocking phishing resources and blocking the possibility of parsing data from official sites,” said the head of the special services unit Infosecurity a Softline Company Sergey Trukhachev. Phishing sites can usually be shut down within hours or days by interacting with domain registrars and hosting providers, he said, but scammers are looking for new ways to extend the life of their sites. So, in 2021, Infosecurity discovered a hosting company focused exclusively on network attackers.

Tools for creating phishing sites for pizzerias on a turnkey basis also became widespread – for example, a phishing kit for creating a fake Pizza Hut site and a script with similar functionality distributed on shadow forums for $ 70, says Trukhachev. But scammers do not always try to copy the official site of the pizzeria: among the domains registered in May with the word “pizza” there was a site whose design exploited the theme of one of the travel agencies, said one of the cybersecurity companies.

“Now we do not see a clear leader among phishing pizza brands, but last year there were cases, for example, with Dodo Pizza – the brand was conducting an active information campaign, which cybercriminals tried to use,” says a leading expert in the IT company’s information security area. Croc ”Alexander Chernykhov. In such cases, the scenario is simple: discounts on pizza, and the calculation is made on the user’s carelessness, he notes.

“The number of phishing sites that exploit our brand is growing,” the Dodo Pizza press service confirmed. They noted that these resources pose a significant threat to customers who, due to inattention, transfer their bank card data to fraudsters. “We are blocking them together with our partners,” they reassured at Dodo Pizza.

Yulia Stepanova