Roskatchestvo Digital Expertise Center experts have detected a phishing cyber attack on accounts of VKontakte users. The attack is aimed at stealing the user’s password in order to hack into the social network and use it to send fraud and spam. Together with the social network VKontakte we analyze this scheme and tell you how to avoid this trap and continue to safely use your favorite social network.
Vkontakte social network allows users to upload all the data collected by the network for the duration of the user account. The archive provided by VKontakte contains a large amount of information, including all of the user’s conversations. Only user who is logged in to his account can order delivery of archive, and it cannot be done from outside. This is an attacker who tries to imitate an attack to gain access to a user’s profile, playing on the victim’s fear that their communications will end up in the wrong hands if left unchecked.
An attack occurs in the following way: a user who has an account in VKontakte receives by e-mail, push-notifications or private message a message like “an archive of all your conversations will be created in 24 hours and sent to e-mail XXX. As the mailbox is not obviously belonging to the user, such as artem*****@mail. What follows is a classic phishing scheme: the user is prompted to log in to his account to cancel the creation and transfer of the archive, as well as to change the password at the link. Except that this link which leads every time to different sites having vk in the name is a phishing, although its form is very similar to the real one – the design of the phishing resource is maximally similar to the site of the social network.
For example, we noticed the site vkarchives.com, which at the time of this writing has been removed, and clicking on this link has been blocked by VKontakte security agents to protect its users. If a user enters his password in a fake site form, he gives his account right into the hands of a hacker, as they say, warmly. Changing the password is certainly a useful thing, but not on a fraudulent site, but on the original site of a social network!
Ilya Loevsky, deputy head of Roskatchestvo.
“An attacker who hijacks your social network profile can actually order an archive upload, and this is potentially dangerous. The archive contains not only the public information of your profile, but also, for example, documents uploaded by the user, phone number references, payment history, and a list of bank cards used. All of this can be used by an intruder to his advantage and, of course, can cost a user a lot. You should be careful when using social networks to recognize hacking attempts.”
In order to avoid becoming a victim of scammers through this scheme, the following rules should be observed:
Do not click on links from messages, especially those playing on emotions both negative “you were hacked” and positive “you won” .
Type the address of a social network only manually in a browser, or better yet, use the social networking application. Never enter your passwords or logins on unauthorized sites. Even if the site looks like
your favorite social network, always check in the address bar where you are.
In case you are not sure about the security of your social network account, change your password, read the official FAQ and contact technical support – do not take any rash actions that you are not sure about.
Use two-factor authentication 2FA .
If you’ve used such links, please change your password to secure your profile. And better – do it right now as a preventive measure, without waiting for hacks, because some cases of your questionable transitions you may have forgotten about. This is a recommendation from VKontakte support agent.
Alexander Shvets, director of VKontakte user privacy protection, commented on this type of fraud and methods to combat it: “Attackers can create phishing sites and send spam emails masquerading as popular resources. In this case, of course, no one is breaking into our servers, no one is accessing our databases. People themselves unintentionally give their profiles to crooks, gullibly clicking on unverified links. On average we send about 10 thousand warnings about password change per day. We promptly block clicks from VKontakte to malicious sites. In addition, we recommend that you do not use malicious programs that ask for personal information to receive features that are not in VKontakte: view other people’s hidden photos or “guests of the page”, unlimited gifts or free votes”.
Vkontakte specifically emphasizes that it is impossible to download personal archive with profile data without confirmation from the device connected to the account, and that a unique download link cannot be opened from another profile. In addition, the archive itself can be encrypted with a personal OpenPGP key.
Take care of your social networking pages, because they are your online identity. Its loss can be a huge problem for many!
