Danger for the Romanian subscribers of the operator Digi Romania and who are persecuted by thieves. The National Cyber ​​Security Incident Response Center warns. The phishing / scam campaign has returned.

The CERT-RO team was recently notified of this malicious initiative, but due to the fact that some fraudulent pages were already suspended at the time of the investigation, we cannot verify what data the attackers are targeting or if one of their targets could be a possible infection with malware. It was specified on the institution’s Facebook page.

Romanians, online scammers lurking

Cybercriminals use compromised websites or web pages to host pop-ups in the online advertising model, where you are told that you can easily win a prize from Digi. The discarded bait is a random survey in which only 100 “lucky” users were selected “at random” for a chance to win a Samsung S20, S9 or iPhone 12 terminal.

“When you access that pop-up window, you are automatically redirected to a web page that uses the company’s visual identity (RDS). Simulate the presence of the potential victim on the original site. However, a simple address verification to the one we accessed shows that we are in no way on a Digi communication channel.

A key element that has been used before

The visited domain is Winnrs2021[.]click. As in previous campaigns, the attackers use different obfuscation techniques. To avoid the analysis of phishing campaigns. Also, the text is very well conceived in Romanian. The attackers are this time extremely attentive to details. “Cyberattack specialists also specified.

Another element of the previous scam campaigns found here is the insertion of images on the visited page. Looks like a series of legitimate Facebook comments about this “contest”. In order to provide a dose of truthfulness and confidence to the victims.