Source They use the classic scheme of following a link and transmitting a PIN. Although this is the first time such method has been applied to marketplaces. Sergei Ilyasov, head of a shop on Ozon called First Supplier, contacted Business FM’s editorial office. He says that he not only lost access to his personal account on the marketplace but also transferred 50,000 roubles to fraudsters.
Sergei says that he was not the only one who suffered:
Head of the online shop “First Supplier”
“Sellers started receiving letters from the support service saying that Ozon had seen some manipulation with the personal account and temporarily blocked access to the shop. Accordingly, there was a suspension of the sale of goods. The letter said that in order to re-verify the account, it was necessary to write to Ozon’s official Telegram channel. It’s called “Ozon Seller Support”. An employee quickly replied and said that there were indeed hacking attempts, so it was necessary to verify remotely and at short notice. It was necessary to specify the phone number and email linked to the account, which we did. Allegedly tech support wrote that access had been restored, keep working. But the access was lost. We write to the same support, and from there we get beautiful smiley faces and a caption: “I stole it. Will you buy it back, won’t you?” That’s half a day’s worth of correspondence.
The scheme from the technical side looks like this: fraudsters create a phishing telegram helpdesk channel with a name very similar to the real one, they process the victim through this channel, extract all the data down to PIN codes and numbers from SMS, and then they change the phone number and e-mail linked to the ID, taking over control of the personal account. Typical social engineering, cybersecurity expert Vadim Podolnyi points out:
“The first element of social engineering is that there are obviously insiders inside Ozon who have access to the personal account infrastructure. They have information about who the sellers are, who they can defraud. The second element: the person himself agrees to go to Telegram, to talk to someone about something, which should never be done. As for the result, namely that people become indebted due to fraud, that’s a separate conversation altogether, it’s all contested in court. I don’t see a problem with restoring the status quo.”
Once the scammer has gained access to a personal account, he can put up more expensive products – mainly appliances and mobile devices. Ozon advertises for future sales, and because the goods are expensive, the cost of advertising can be as high as 5,000 roubles per day per item. While proceedings and accounts are being blocked, the sellers are accumulating debts for advertising to the marketplace: some have accumulated 600,000 roubles, while others have accumulated 6 million roubles. However, the only profit from this kind of fraud is to get a ransom, as it was with Sergei’s victim. Artem Sokolov, the president of the Association of Internet Trading Companies, is sure that this method will not work for anything else:
– I have never encountered problems of this kind before. Moreover, I do not understand what the economic basis of this fraud is. The only thing is to piss off a particular seller. Maybe it is a competitive struggle. Everything else here makes absolutely no sense to me. The seller sets the prices of goods, but if you set a high price, no one will buy them from you. Moreover, once the goods have been purchased, in the process, while they are being delivered, you cannot change the price – it is a violation of the Consumer Protection Act. Now it looks like this is a manifestation of a particular struggle.
– Victims write that under the sale of expensive goods, Ozon “credits” advertisements at very high prices, up to 5 thousand roubles per day per item.
– There is no connection here with specific fraud, this is the usual functionality of any seller who is placed on the site, namely the functionality of promoting their goods and ranking them in the top. Indeed, this service is chargeable.
Business FM reached out to Ozon for a comment. The marketplace noted: it regularly reminds sellers not to share the code with third parties. If something suddenly happens, a genuine tech support service should be contacted. Ozon is aware of complaints about fraudsters, in such cases it blocks the account and helps restore access to the owner. The process usually takes 15 minutes, Ozon noted.