
Attack on the complainer. Let’s say you ordered a product or service from some organization (marketplace, online store, service center – it doesn’t matter) and something went wrong. It’s quite natural to find the official community of this organization on a social network and write a complaint. Communication with the support team is good, but with some public stimulation it’s even better, right?
Only since the complaint is public, it can be read not only by the organization’s employees, but also by attackers. They can write to you in a private message, posing as a representative of the organization, and promise to resolve all issues.
You just need to go to the website (a phishing one
)
fill out the form (with personal and card data
)
enter SMS code (2FA from Government Services website
)
download and run the “helper application” (malware
)
There can be many attack scenarios. And there is only one way to resist them – vigilance.

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.