The e-mail he received at noon on July 12 did not arouse his suspicions. In addition, civil engineer Antonis Anipsitakis was actually waiting for a package from the USA at that time. “Unfortunately, the delivery was delayed due to lack of information. Your parcel will be held at the Athens sorting center until you confirm your details,” read the text of the alleged ELTA sender. He thought that his name could be written with mistake that the package was indeed stuck somewhere on its long journey to Sitia.He provided his card details to pay the €2.84 storage fee, unaware that he was opening the door to cybercriminals.“They changed the daily trading limit and screwed up with my bills,” he says.

The card he entered was linked to one account, but the attackers managed to break into three more, in which he was the sole beneficiary or co-owner. The total loss reached 5,674 euros as a result of four transactions that were carried out consecutively within two hours. The money appears to have been spent on purchases from a Tripadvisor-owned company and possibly a Spanish hotel search website.

The scammers made two more attempts at transactions, but the bank blocked them in time. One of them was worth 140 euros. paradox, how Mr. Anipsitakis points to “K”.that the bank did not stop the transaction in the amount of 2062 euros, despite the fact that it was made at a later time than the other, which was blocked. He emphasizes that he learned about the fraud and notified the bank on the morning of July 13 so that transactions could be questioned and “frozen”. However, this move did not work either. He filed a lawsuit against strangers, hoping that at some point he would be exonerated.

“They changed the daily transaction limit and hacked into my accounts,” says one of the victims of the hackers.

He was not the only one who fell victim to misleading messages sent with the ELTA logo. In February, a Rhodes resident entered her credit card details on a credit card page and later discovered that two transactions worth €799 and €207 had been made without her knowledge to Revolut digital bank and an electronic games store.

OUR “K” tried to dissect this digital scam. focusing on three similar misleading messages sent to Greek internet users in July and August. The first one was published on July 24th. “Dear customer, we must inform you that the package you are waiting for has been returned to our warehouse,” the message says. “Please note that from tomorrow we will charge a storage fee of one euro per day,” he warned. The sender used .

On August 14, a new, almost identical message was sent via email. [email protected] Its aesthetic, as well as the chosen logo, gave it a more professional feel. There was even a tracking number for the package with an active hyperlink, which nevertheless pointed to the genuine General Post page and showed the path of the package sent from Ilion Attica. On August 23, a new message, again believed to be from ELTA, was sent in bulk to Greek recipients via email. [email protected] This time the wording has changed. It indicates August 19 as the day of unsuccessful delivery and the weight of the package is 1.7 kg. “We may charge you for storage,” the message read. In all three cases, there was a link prompting recipients to click on it to correct their address.

The hyperlinks in three messages led to identical payment sites with different domain names: elta-tracking.web.app, hellenic-post.web.app and gr-elta.web.app. It is possible that they had the same creator. It is not uncommon for cybercriminals to create more than one fake website so that they have alternatives if one is discovered and blocked. However, all three remained active until the first week of September.

Haste is a bad adviser

OUR Andreas Venirisinformation systems security manager checked for “K” three deceptive websites and found that no malware was stored that could infect the victim’s computer, which is common in such cases. The main concern of their creator was the interception of bank card data. “It takes a lot of attention and preparation to be suspicious, not to give anyone information about your card,” says Mr. Venieris. In July, digital evidence analysts at v4ensics discovered that a similar scam was linked via email to a Facebook page with a Tunisian phone number. “The fact that the different pages used in individual phishing campaigns are identical in appearance and functionality means that the attackers are using the same phishing kit, which could have been made by the attackers themselves or by third parties who sold it to them.

Typically, attackers buy the appropriate phishing kit from an underground forum and use it to target unsuspecting victims.” refers to “K” one of the company’s analysts. If one were to look closely at the misleading messages sent to Greek users, one would find flaws. The email addresses, although containing ELTA-related words, turned out to be fake. Despite careful syntax, some words were misspelled, had no accent, or were roughly translated into Greek. Phishing scams focus on psychology, they try to stress the victims. Mr. Venieris emphasizes that haste is a bad adviser. When an organization appears to be asking for money and there are doubts about the veracity of a report, even a phone call to agency headquarters for cross-checking can reduce the risk.