According to a group of Cyble Research and Intelligence Labs (Cril), attackers are looking for users who leave complaints on social networks, are associated with them, and then try to conduct a phishing attack, offering the victim to leave a complaint through a malicious application, a fake site or shape.
The attack scenario looks like this:
The user is associated with a person who impersons a representative of the company support service to whom the complaint was left;
After that, the attacker offers the victim to go to the harmful link in WhatsApp or leave his data on Google Forms;
Sometimes a cybercentor offers a victim download a malicious apk file that allows you to get information about a credit/debit card and even disposable codes used for two-factor authentication.
One of the phishing sites that Cril encountered was asked to introduce the victims, the mobile phone number and the text of the complaint, and then suggested that they enter confidential banking information. On the same site, the victim is proposed to establish a harmful application that allows stealing SMS messages.
As the researchers say, a group of financially motivated scammers, based in India, is behind the scheme. And let it have been active since the end of 2020, but only recently she began to hunt victims, leaving complaints in social networks.