Blizzard / Facebook, Олександр Соколовський
Attackers are increasingly using the services of well-known companies for cybercrime. This time, Blizzard was used to steal money from the cards of Ukrainian users.
On Gamedev.dou noticed posts by Ukrainian users about apparently fraudulent debits from bank cards in favor of gaming companies, including Blizzard. In at least one of the cases, the victim was informed of the hack and received a refund.
Oksana Torop, BBC News Ukrainian journalist, said on Facebok about such a write-off on Monday, March 3. According to her, the bank’s response was only a standard excuse: that the user could have passed confidential account information, passwords, etc. to someone else. The cyber police opened a case, but advised not to expect too much of a refund, despite the search efforts.
«On Monday, hackers emptied my account. It all happened at night — more than 60 transactions to transfer funds», — writes Oksana Torop.
But the journalist found an effective way to get the money back. She studied the situation on the Internet, in particular, to which companies’ accounts the debits were made. It turned out that these were «the accounts of major international video game developers». Then she wrote and sent letters to the headquarters of the unnamed company, to its subsidiaries in different countries, and «even to merchandisers». the result was not long in coming:
«A few hours later, I receive an email from game master Zunar from California, expressing regret for the hacking of my bank account and assuring me that the money will be returned. Today, the money is already in my account. … My own investigation lasted three days, I got my money back».
Oleksandr Sokolovskyi, head of the All-Ukrainian Association of Light Industry Employers, also wrote about fraudulent transactions on Facebook. He indicated that the money was allegedly transferred to Blizzard and provided a screenshot, which can be seen above. The entrepreneur noted that he had never paid Blizzard before, and he had heard about similar debits of tens of thousands of hryvnias from other victims.
«Suddenly I saw that 10 payments of 300 UAH each were debited from my account. First, I received 10 zero push notifications as an account verification, and immediately after that — 10 write-off transactions of 300 UAH each. All transactions were in favor of Blizzard», — says Alexander Sokolovsky.
The entrepreneur’s banking package included fraud insurance, which was not too expensive. As a result, he received his money back the very next day after submitting an application to the insurance company. Sokolovskyi advises bank account holders to set a limit on online payments, sign a fraud insurance contract, and monitor card activity and bank notifications.
The use of genuine services of well-known companies to commit fraud has become widespread recently. Recently, ITC.ua wrote about use of the phone and Google subdomain in an attempt to steal data. There were also reports of phishing on behalf of PayPal using a real email address technical support.