Stable income without investments, or How Yandex began the hunt for fake earnings
It so happens that solving one problem, you reveal a completely different, much larger one. Today I will tell the story of how the desire to evaluate the effectiveness of anti-phishing cards led us to a stable income at home, the beginning of the struggle with the simplest but most common form of fraud.
Last year we launched a new version of Yandex Browser with bank card protection against phishing. Among other checks, this technology evaluates the availability of an SSL certificate. If the user enters the card number on the HTTP site, the browser warns him. The logic is simple: banks, payment systems and shops that care about user security have been working on HTTPS for a long time. This is not the only mechanism for identifying suspicious sites, but in the context of the post we will be interested in it.
')
When our team began to understand the anonymous protection logs, I expected to see there mostly phishers or strange sites that still do not understand why it is necessary to use encryption when working with confidential user data. But we saw there completely different sites.
Have you ever heard of internet security school? If you believe the description of the site, "white" hackers help to find vulnerabilities on sites and get paid for it from webmasters. But a lot of work, so they invite the most ordinary users to help with this. And a security researcher as ahacker is not at all difficult. It is enough to register and press the Play button in the black “console” window - the vulnerabilities with their accurate assessment will flow in the river themselves. Here it is, I understand the service! Not that all sorts of Bug Bounty , where you need to think.
In five minutes I managed to earn about 2000 rubles, and I, of course, hurried to withdraw them. I indicated my bank card details even during registration (despite the warning from the Browser), so there should have been no problems with the withdrawal. I was only asked to go to the second level of the account due to the difficult international situation.
And the transition is paid and costs 444 rubles. To pay, I was redirected to the site of a little-known payment aggregator, where I was offered to make a transfer to an ordinary wallet of an individual. And how it ended up in the end, you yourself understand. I am sure that the international situation is to blame for everything.
In order not to waste time in vain, I tried several dozens of similar proposals. For example, one large restaurant chain was looking for employees to make a reservation. It was necessary to simply copy the text from the left side of the page into the form on the right, and no one controlled the fact of filling, and I just clicked a few thousand rubles in ten seconds.
But with the withdrawal of money again difficult. Their database is arranged so that you need to pay all the same four hundred rubles for entering information about me. Unfortunately, the result is the same. It seems they saw through my scam with sending empty forms.
Lucky to work as a banker. All that is required here is to click on the "Approve" button next to each loan. Nothing to check at all is not necessary.
I also felt like an investor investing money in stocks. I recommend to look at the review of the international investment service, in which the author even explains what exactly the inscription “Reliable” means in the corner of the browser:
There are many more examples of such online work without experience and investments. There are more options for the curious behind the spoiler.
No matter how easy or well paid work is, there will always be those who do not want to work at all. And for them, too, there are suggestions. For example, craftsmen have developed a script that collects "free money" on the Internet to your account.
For those who have heard about Bitcoins, there is an innovative solution that can generate approximately 0.1 BTC in 5 minutes of the browser. And without any load on the system.
Although here it is necessary to do something, buy scripts, wait. For the most impatient, there are even simpler options. For example, the "housing committee of the Russian Federation" distributes all citizens 1 million rubles each.
Or here's another well-known American billionaire spends money.
And did you know that the Fed allows any of us to get a card with money?
In general, I tried many different ways, but, unfortunately, none of them was a success. There is no money on the Internet.
Now seriously. Many fans of light work for big money in the best case will pay from 200 to 500 rubles. I draw your attention to the fact that most of the sites that we and colleagues have reviewed have been working with such amounts. Why? It is not a pity to pay such an amount (in comparison with the potential earnings), and almost no one will write a statement to the police, and even if he writes, it does not pull for major damage.
You do remember about the logs of card protection, thanks to which we became interested in the problem? Formally, card numbers are asked to be entered at registration only in order to withdraw the money earned on them (that is, just to imitate the seriousness of intentions). But sometimes not only. Some time after active experiments with sites, someone tried to write off tens of thousands of rubles from a test bank card of our team. The lack of confirmation of the operation leaves a chance to challenge the operation through the bank, but in any case, someone will lose money.
Installing magic scripts on phones and computers can also lead to problems. Starting from the classic ransomware and ending with the display of advertising.
You should also not forget about registration with the name, e-mail address and other personal data. They can also be used. For example, for personal mailings with offers to return money for a commission.
I think many Habr's readers are perplexed, because tricks with a freebie come from the 90s, and it seems that now people have become more attentive, and the attackers have switched to more "smart" technologies, hacking networks, writing viruses, at least creating and spin their pyramids. We also thought so until we tried to assess the scale.
At the start, we had a database of sites where the protection of the cards reacted. But it was only part of the picture, because not all sites ask for bank cards, and if they do, not all users enter them. But we knew that among all such resources there is a common point. Payment aggregator / service. These are usually resources with a suspicious reputation, often even without HTTPS. We built a model that took little-known aggregators as a starting point and sped up their traffic sources. Found pages in the mass dealt with the same as the above examples.
The results of the excavations surprised us, to put it mildly. We have identified more than 4 thousand existing sites. Moreover, the top 100 of them account for 10 million visits per month. Even if we imagine that only every hundredth visitor wants to pay 400 rubles (and this is certainly a very low estimate), then this is already tens of millions of rubles a month. We compared the found sites with antiphishing card statistics, and it turned out that at least 12 thousand of our users enter bank card numbers on such sites per day . Warnings Yandeks.Brouzer partly stop them, but the fact!
Everyone knew about the existence of sites with the most primitive form of fraud, but few could imagine such a scale. We are fighting phishing , “tapping” traffic through certificate spoofing, encrypting data when working in open Wi-Fi networks, hiding DNS requests , we are able to warn about paid mobile services (the same wap-click), we are constantly at war with malware developers extensions, but there was a gap here. It would be possible to continue to do nothing, writing off everything on the gullibility of people, but each of us has relatives who do not always show due care. The highly specialized offers are especially frightening, aimed at retirees, mortgage payers and even single mothers (“Instant financial assistance to the needy!”). In addition, many users blame just the browser and Yandex for losing money. In general, it was necessary to do something.
And here we had the experience of dealing with other forms of malicious sites. We took already found sites with fraud and using machine learning we learned how to automatically detect new similar resources. Among other things, they used a text classifier, which allows us to compare the meanings of the texts of the analyzed site with samples of fraud, as well as our developments in the field of computer vision. The developers of such sites cannot quickly create a large number of absolutely unique pages and use templates, which makes it easier for us to identify them. Then the sites fall into our database SafeBrowsing and are taken into account in all services that use it. In particular, Yandex.Browser was the first browser that shows such a warning:
Search and Yandex Data is also used. Now I would not like to reveal the process of learning in more detail: we will not simplify the work of specialists on the other side.
It is too early to talk about victory, but I want to believe that this first solution will help to overcome the mass character of the problem, and subsequent measures will reduce it to a minimum. If you have additional information, ideas or experience in dealing with fraud, we would be happy to hear from them.
Last year we launched a new version of Yandex Browser with bank card protection against phishing. Among other checks, this technology evaluates the availability of an SSL certificate. If the user enters the card number on the HTTP site, the browser warns him. The logic is simple: banks, payment systems and shops that care about user security have been working on HTTPS for a long time. This is not the only mechanism for identifying suspicious sites, but in the context of the post we will be interested in it.
')
When our team began to understand the anonymous protection logs, I expected to see there mostly phishers or strange sites that still do not understand why it is necessary to use encryption when working with confidential user data. But we saw there completely different sites.
Stable income
Have you ever heard of internet security school? If you believe the description of the site, "white" hackers help to find vulnerabilities on sites and get paid for it from webmasters. But a lot of work, so they invite the most ordinary users to help with this. And a security researcher as a
In five minutes I managed to earn about 2000 rubles, and I, of course, hurried to withdraw them. I indicated my bank card details even during registration (despite the warning from the Browser), so there should have been no problems with the withdrawal. I was only asked to go to the second level of the account due to the difficult international situation.
And the transition is paid and costs 444 rubles. To pay, I was redirected to the site of a little-known payment aggregator, where I was offered to make a transfer to an ordinary wallet of an individual. And how it ended up in the end, you yourself understand. I am sure that the international situation is to blame for everything.
In order not to waste time in vain, I tried several dozens of similar proposals. For example, one large restaurant chain was looking for employees to make a reservation. It was necessary to simply copy the text from the left side of the page into the form on the right, and no one controlled the fact of filling, and I just clicked a few thousand rubles in ten seconds.
But with the withdrawal of money again difficult. Their database is arranged so that you need to pay all the same four hundred rubles for entering information about me. Unfortunately, the result is the same. It seems they saw through my scam with sending empty forms.
Lucky to work as a banker. All that is required here is to click on the "Approve" button next to each loan. Nothing to check at all is not necessary.
I also felt like an investor investing money in stocks. I recommend to look at the review of the international investment service, in which the author even explains what exactly the inscription “Reliable” means in the corner of the browser:
There are many more examples of such online work without experience and investments. There are more options for the curious behind the spoiler.
More money
No matter how easy or well paid work is, there will always be those who do not want to work at all. And for them, too, there are suggestions. For example, craftsmen have developed a script that collects "free money" on the Internet to your account.
For those who have heard about Bitcoins, there is an innovative solution that can generate approximately 0.1 BTC in 5 minutes of the browser. And without any load on the system.
Although here it is necessary to do something, buy scripts, wait. For the most impatient, there are even simpler options. For example, the "housing committee of the Russian Federation" distributes all citizens 1 million rubles each.
Or here's another well-known American billionaire spends money.
And did you know that the Fed allows any of us to get a card with money?
In general, I tried many different ways, but, unfortunately, none of them was a success. There is no money on the Internet.
No investment?
Now seriously. Many fans of light work for big money in the best case will pay from 200 to 500 rubles. I draw your attention to the fact that most of the sites that we and colleagues have reviewed have been working with such amounts. Why? It is not a pity to pay such an amount (in comparison with the potential earnings), and almost no one will write a statement to the police, and even if he writes, it does not pull for major damage.
You do remember about the logs of card protection, thanks to which we became interested in the problem? Formally, card numbers are asked to be entered at registration only in order to withdraw the money earned on them (that is, just to imitate the seriousness of intentions). But sometimes not only. Some time after active experiments with sites, someone tried to write off tens of thousands of rubles from a test bank card of our team. The lack of confirmation of the operation leaves a chance to challenge the operation through the bank, but in any case, someone will lose money.
Installing magic scripts on phones and computers can also lead to problems. Starting from the classic ransomware and ending with the display of advertising.
You should also not forget about registration with the name, e-mail address and other personal data. They can also be used. For example, for personal mailings with offers to return money for a commission.
And someone believes in it?
I think many Habr's readers are perplexed, because tricks with a freebie come from the 90s, and it seems that now people have become more attentive, and the attackers have switched to more "smart" technologies, hacking networks, writing viruses, at least creating and spin their pyramids. We also thought so until we tried to assess the scale.
At the start, we had a database of sites where the protection of the cards reacted. But it was only part of the picture, because not all sites ask for bank cards, and if they do, not all users enter them. But we knew that among all such resources there is a common point. Payment aggregator / service. These are usually resources with a suspicious reputation, often even without HTTPS. We built a model that took little-known aggregators as a starting point and sped up their traffic sources. Found pages in the mass dealt with the same as the above examples.
The results of the excavations surprised us, to put it mildly. We have identified more than 4 thousand existing sites. Moreover, the top 100 of them account for 10 million visits per month. Even if we imagine that only every hundredth visitor wants to pay 400 rubles (and this is certainly a very low estimate), then this is already tens of millions of rubles a month. We compared the found sites with antiphishing card statistics, and it turned out that at least 12 thousand of our users enter bank card numbers on such sites per day . Warnings Yandeks.Brouzer partly stop them, but the fact!
Everyone knew about the existence of sites with the most primitive form of fraud, but few could imagine such a scale. We are fighting phishing , “tapping” traffic through certificate spoofing, encrypting data when working in open Wi-Fi networks, hiding DNS requests , we are able to warn about paid mobile services (the same wap-click), we are constantly at war with malware developers extensions, but there was a gap here. It would be possible to continue to do nothing, writing off everything on the gullibility of people, but each of us has relatives who do not always show due care. The highly specialized offers are especially frightening, aimed at retirees, mortgage payers and even single mothers (“Instant financial assistance to the needy!”). In addition, many users blame just the browser and Yandex for losing money. In general, it was necessary to do something.
And here we had the experience of dealing with other forms of malicious sites. We took already found sites with fraud and using machine learning we learned how to automatically detect new similar resources. Among other things, they used a text classifier, which allows us to compare the meanings of the texts of the analyzed site with samples of fraud, as well as our developments in the field of computer vision. The developers of such sites cannot quickly create a large number of absolutely unique pages and use templates, which makes it easier for us to identify them. Then the sites fall into our database SafeBrowsing and are taken into account in all services that use it. In particular, Yandex.Browser was the first browser that shows such a warning:
Search and Yandex Data is also used. Now I would not like to reveal the process of learning in more detail: we will not simplify the work of specialists on the other side.
It is too early to talk about victory, but I want to believe that this first solution will help to overcome the mass character of the problem, and subsequent measures will reduce it to a minimum. If you have additional information, ideas or experience in dealing with fraud, we would be happy to hear from them.
Source: https://habr.com/ru/post/328706/
All Articles