A group of e-mails that appeared to come from a Nigerian e-commerce company appear to have originated from a third party, and many users have reported seeing suspicious activity from the same IP address, a security researcher says.
In fact, many of the e-mails appeared to originate from a Russian IP address and appear to be sending the same e-payments to the same customers.
A Nigerian company called Tricorp Promocoupons claims it is the rightful owner of the email addresses.
The e-malware attack appeared to be directed at the Nigerian ecommerce market, according to researcher Jefri Ziyaya.
Ziyayas researchers have found more than 100 fraudulent e-money scams, with some originating from Nigeria.
The latest batch of e,money scams originated from the Russian IP.
The emails appear to originate with a Russian e-bay website, the Cybersecurity Alerts Blog, which is owned by a Russian company called Vkontakte, which owns PayPal and is one of the largest e-payment networks in the world.
According to Ziyya, the email address for the ebay website is a domain name registered in Russia.
“This domain name has been registered by Vk.com, a company that owns PayPal.
Vk is a Russian corporation, and the Russian company is Vkotak.com,” the company wrote on its website.
“We have detected and traced the email originators from this domain name to a Russian email address.
The email address has been used to send thousands of fraudulent payments to a large number of victims, including some Nigerian individuals,” the site said.
Zeya, a cybersecurity expert and co-founder of the research group Cybersecurity Intelligence Center, said the email spam appears to have been designed to trick people into sending money via the site.
“I don’t know of any malware that could impersonate the user’s real name, and I do not know of a malware that can impersonate a legitimate payment address,” Ziyayanas said.
The scammer appears to be using the same domain name as PayPal, and that appears to make the attack similar to the phishing attacks, which are typically targeted at email addresses and have a link to download the malware, Ziyanyas said in a press conference.
Zanyas team of researchers discovered the fraudsters used the same DNS lookup server, IP address for a Russian domain, and a Russian login to the site, all of which make it easy for the scammer to spoof a legitimate PayPal account.
The spam email includes a message with a link for the download of a malicious software called “Adblock Plus.exe” which is used by the attackers to track the victim.
In the message, the author claims to be a “professional” e-businesser with a successful business.
“Please use the links provided in this email to download Adblock Plus for free,” the author said in the message.
“If you do not agree to this offer, please do not send money to this account.”
Ziyays team found that the scam email had been sent from a fake PayPal account, and Zanyaws team also discovered that the malware itself was not downloaded.
“When the ecommerce e-Payments were being sent to the eCommerce customer, the spam was sent from the domain registered to the Russian PayPal address,” said Ziyas.
The researchers said they were able to identify the spamster by using an e-scraper tool, but that it is still not clear how they obtained the email addresses or what the spammer did with them. “
As such, the frauds are similar to phishing attempts, as it is impossible for the victims to verify the identity of the phisher and also the payment method,” Zanyayas said, adding that the Russian spammer’s website does not appear to display a payment card payment link.
The researchers said they were able to identify the spamster by using an e-scraper tool, but that it is still not clear how they obtained the email addresses or what the spammer did with them.
Zuyayas team said they are working with PayPal and the fraudster to find out more information about how the scam was carried out and who is behind the fraud.
“The e-Mail is not real, and PayPal has not been able to verify its legitimacy,” Zayas wrote.
Zayayas also urged the public to use the best precautions and pay close attention to suspicious transactions.
“It is very important to avoid any transactions with a known or suspected scammer, especially those involving PayPal,” he said.
“Be very careful of any payments you receive from a scammer and monitor your bank accounts.”
The ePayment attack on the Nigerian market is the latest of several recent phishing campaigns in the country, and it is likely to add to pressure on Nigerian authorities to crack down on the eSolutions market.
Nigeria’s eSolution is one the largest global e-wallet providers, and several of