News

Ministry of Internal Affairs and FACCT eliminated the fraudulent group Jewelry Team

Security Parrot Editorial Team

Jewelry Team Scam Group Busted by Experts

Experts have identified and detained a group of scammers known as the Jewelry Team who have been stealing money from Russians who use the popular online ride-sharing service for a year and a half.

How the Scam Worked

Since September 2021, members of the group have been posting fake ads on behalf of drivers on the online ride-sharing service. Those who responded were offered to continue communication not on the site, but in the messenger. The victim was then given a link to a phishing resource (for example, blablacari[.]com) and asked to transfer an advance payment in order to reserve a seat in the car.
The scammers received not only a “deposit” in the amount of 500 to 1,500 rubles, but also the details of a person’s bank card, and could themselves write off the money from the victim’s account. It is reported that 30,000 rubles were stolen from the card of an unnamed resident of Saratov, and they tried to withdraw more than 3 million rubles from a deceived citizen of Kirov, but the transfer was blocked by the bank in time.

Investigation and Findings

In August 2022, at the request of the police, FACST experts analyzed the correspondence of one of the group’s workers with the Telegram bot and traced the history of the group’s development, examined its infrastructure, and identified its member.
The Jewelry Team was created in January 2021. Its founders most likely came from the old HAUNTED FAMILY scam team. According to another version, the Jewelry Team could be an independent division of this large team, as evidenced by the “partner” advertising in the group.
Although the Jewelry Team mentioned only four “beautiful working domains”, experts, using the Threat Intelligence network infrastructure graph, found three dozen domain names that at different times the attackers used as phishing sites to receive advance payments.
In total, according to researchers, in 2021 in Russia, competent organizations blocked 655 phishing domains masquerading as an online service for joint trips (the service was used by more than more popular in the regions, which is what the scammers decided to take advantage of).
It is noted that some of the brightest and most euphonious domain names were “reanimated” by scammers, that is, they were registered again after their blocking period had expired. Experts have identified the owner of two such “resurrected” domain names used by the Jewelry Team. It turned out that he was previously one of the administrators of the Diamond Team scammer group. This group was formed almost a year before the Jewelry Team, but at the time of the investigation, it no longer actually existed.

Arrest of the Scammers

In the fall of 2022, during a joint investigation, police officers and specialists from the High-Tech Crimes Research Department identified and detained an 18-year-old resident of Izhevsk, who admitted to creating a phishing site. Before the trial, he was given a preventive measure in the form of a written undertaking.
The Jewelry Team scam group has been operating for over a year and a half, stealing money from unsuspecting Russians who use the popular online ride-sharing service. The group posted fake ads on behalf of drivers on the online ride-sharing service and asked victims to transfer an advance payment in order to reserve a seat in the car.
The scammers received not only a “deposit” in the amount of 500 to 1,500 rubles, but also the details of a person’s bank card, and could themselves write off the money from the victim’s account. It is reported that 30,000 rubles were stolen from the card of an unnamed resident of Saratov, and they tried to withdraw more than 3 million rubles from a deceived citizen of Kirov, but the transfer was blocked by the bank in time.
In August 2022, at the request of the police, FACST experts analyzed the correspondence of one of the group’s workers with the Telegram bot and traced the history of the group’s development, examined its infrastructure, and identified its member.
The Jewelry Team was created in January 2021 and its founders most likely came from the old HAUNTED FAMILY scam team. According to another version, the Jewelry Team could be an independent division of this large team, as evidenced by the “partner” advertising in the group.
Using the Threat Intelligence network infrastructure graph, experts found three dozen domain names that at different times the attackers used as phishing sites to receive advance payments. In total, in 2021 in Russia, competent organizations blocked 655 phishing domains masquerading as an online service for joint trips.
Some of the brightest and most euphonious domain names were “reanimated” by scammers, that is, they were registered again after their blocking period had expired. Experts have identified the owner of two such “resurrected” domain names used by the Jewelry Team. It turned out that he was previously one of the administrators of the Diamond Team scammer group.
In the fall of 2022, during a joint investigation, police officers and specialists from the High-Tech Crimes Research Department identified and detained an 18-year-old resident of Izhevsk, who admitted to creating a phishing site. Before the trial, he was given a preventive measure in the form of a written undertaking.
The Jewelry Team scam has been a major issue for many Russians who use the popular online ride-sharing service. The group has been operating for over a year and a half, stealing money from unsuspecting victims. It is important to be aware of such scams and to take the necessary precautions to protect yourself from becoming a victim.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?