Since 2016, a number of Azerbaijani hacking teams have been carrying out active operations against Armenian users. The targets are mainly Facebook, Instagram accounts and emails. The attacks are aimed simply at harming Armenians, based solely on Armenophobia and nationalist motives. Which means that any Armenian or person having an Armenian surname can be a target.
How are attacks carried out?
The attacks have been carried out using standard schemes for three years now, but they continue to find successful targets.
The attacks are legitimized by phishing methods. Basically, several scenarios work:
- People or pages are contacted in the comments under the latest post by a page with the word Facebook in its name. That is, the impression is created that the administration of the social network itself is contacting them. Usually, they either fear that the account in question is under attack. Or, the account has allegedly violated Facebook rules and is at risk of being blocked. In both cases, the user is offered to follow the provided link.
- A person receives a similar message from the administration of Facebook, Instagram, or their email, but this time by e-mail. And again, there is a link that offers a solution.
- The user receives an e-mail from Instagram or Facebook, where they are offered to get a blue badge (verification badge) by following the link.
Բոլոր դեպքերում հղումը տանում է դեպի էջեր, որոնք կրկնօրինակում են սոցցանցի կամ էլեկտրոնային փոստի մուտքային էջը, սակայն տեղադրված են այլ հասցեում։ Տվյալների մուտքագրումը բերում է դրնց կորզմանը հաքերների կողմից։
- People or pages are contacted in the comments under the latest post by a page with the word Facebook in its name. That is, the impression is created that the administration of the social network itself is contacting them. Usually, they either fear that the account in question is under attack. Or, the account has allegedly violated Facebook rules and is at risk of being blocked. In both cases, the user is offered to follow the provided link.
- A person receives a similar message from the administration of Facebook, Instagram, or their email, but this time by e-mail. And again, there is a link that offers a solution.
- The user receives an e-mail from Instagram or Facebook, where they are offered to get a blue badge (verification badge) by following the link.