6.18 Promotion of the "Wool Party" Focusing on Coupons, Black and Gray Production, Reappearing "Fake Customer Service" Scam

  Can't get the coupon?

You have been "preempted" by black and gray products.

  With the "June 18" promotion approaching, the majority of "hands-offs" are already gearing up for shopping.

At the same time, the e-commerce promotion has also become a peak period for black-and-ash producers of "wool" and various types of fraud against online shopping users.

  A reporter from Beijing News Shell Finance and Economics found that there are several common "routines" for setting up scams against online shopping users in the name of "fake customer service" and "fake express".

Consumers still need to be vigilant.

  Coupons are swept away as soon as they are out?

  "Wool Party" has many professional equipments

  "During the big promotion period, there are so many coupons, but I have never grabbed one for more than 5 yuan. If you squat by the mobile phone on time, it will be lost." Consumers who often participate in "6.18" and "Double Eleven" Ms. Li complained.

  Why are coupons and red envelopes often "swept away" when they are just released?

It is understood that this may be related to the "wool party" of the black and gray products that professionally grab coupons.

  “Wool parties often start intensive preparations several months in advance, just to make a big'pump' in the shopping festival.” A security expert from Shumei Technology told the Beijing News Shell Finance and Economics reporter, based on the current “mid-June 18th”. "Shopping Festival" as an example, platforms and merchants have launched various novel marketing methods such as cross-store full reduction, super red envelopes, open treasure boxes, etc. However, in large shopping festivals, these black products are often waiting for opportunities, using batch accounts and automated software. , Bypassing the restriction rules set by the platform, hoarding a large amount of red envelopes and coupons, and then putting these red envelopes and coupons on the black market for re-realization in different ways.

  "A few months before large-scale e-commerce activities, the black companies were already ready to move. They will monitor various platforms through crawler software or other means: Which e-commerce platforms will release coupons at what time? Which platforms have potential vulnerabilities? This information is in the hands of the black products of the intelligence layer." A number of security experts in the United States said, "Because a single IP and a single device can gather very limited wool, and it can be detected through simple rules, the black production gangs Large-scale profit, generally prepares a batch of equipment, IP, mobile phone number, account number and other resources in advance. Here, there are hundreds of thousands or millions of more "robots" that grab coupons with real users. The probability of users grabbing coupons manually has dropped exponentially."

  "Since May 24, the e-commerce platform has launched a pre-sale activity for the 6.18 Shopping Festival, and black production has become active. On the platform of Sumei Technology, the number of black production accounts intercepted since May 24 has doubled than usual. It reached its peak on May 31, when 27.08 million black production accounts were intercepted that day.” A security expert from SUMEI told the Beijing News Shell Finance reporter that the ultimate goal of grabbing red envelopes and coupons is to realize arbitrage. “At this level, Some people will recycle the red envelopes and coupons that the wool parties have gathered for realizing them in order to make a final profit."

  On June 15th, a reporter from Shell Finance and Economics searched on a second-hand platform with related keywords and found that many sellers claim to be able to help users place orders and get "in-depth" discounts.

The reporter found that one of the 600 yuan coupons was priced at 50 yuan.

"I will place an order for you. For example, Jingdong can let your WeChat friends pay. I will fill in your delivery address and send the link to you after placing the order. You can pay directly." The seller told reporters.

  According to the clues that Sumei Technology provided to Shell Finance and Economics reporters on June 15 that it found in a certain black-produced "wool group", in a certain discount event during June 18 this year, real people can receive coupons for 3500 yuan to purchase a certain 4000 yuan. After purchasing the mobile phone, send it to the uniform location where the black product is given. The black product is collected for 3850 yuan, and the ticket grabber can get a 350 yuan benefit.

  It should be noted that the "wool wool" is suspected of crimes. For example, the Haidian District People’s Procuratorate once disclosed a case in which the defendant Huang Xiaotian (a pseudonym) used technical means to falsely register accounts in batches for the preferential activities of a certain maternal and infant App. Using these accounts to "wrap the wool", he was eventually sentenced to three years and six months in prison on suspicion of providing intrusion and illegal control of computer information system programs.

  Zhu Wei, deputy director of the Communication Law Research Center of China University of Political Science and Law, said that when the wool party attacks and the cause is unknown, there are two types of situations:

  First, if it does not involve system damage, but only exploits loopholes, if this kind of situation is serious, it involves crimes of theft and infringement of intellectual property rights in practice. If it is not serious, the obtained coupons are improper gains and should be returned. The circumstances are serious. Or a large amount may violate the criminal law; second, if a bug is involved in the destruction of a computer system, it belongs to the crime of destroying a computer information system in the Criminal Law, and the circumstances are particularly serious and have a sentence of more than five years; third, the possibility of disseminating such information The accomplices involved in the preceding crimes can also separately constitute the crime of imparting criminal methods, or constitute administrative punishments for disrupting market order.

  Sudden increase in users, active on the hour

  Merchants need to pay attention: "The wolf is coming"

  "The black industry will continue to test the vulnerabilities of the platform. These vulnerabilities are divided into two types: operational design vulnerabilities and risk control vulnerabilities." On June 15th, Guo Jianan, product director of Tencent Tianyu, told Shell Finance reporters.

  "The first type, regardless of whether there are loopholes in the platform, as long as the platform is targeted by the black and gray products, before the big e-commerce promotion such as 6.18, the black products will register a large number of accounts with the new mobile phone number, receive the platform's activity coupons, and concentrate Buy a certain product, and then look for loopholes in the coupon rules. For example, in the full reduction event,'full 100-20', the black and gray products will be returned in batches after they are purchased. Because a refund is generated, the platform can only return one that does not need to be full. The 20 yuan discount coupon was reduced, and the black product used the 20 yuan coupon to buy 21 yuan of goods. Therefore, in fact, the black product can buy the original 20 yuan for only one dollar, or he will buy it in batches. Sell ​​these coupons and earn profits."

  "Second, some merchants did a big turntable activity, but the preparation time was short and it was not well considered. A normal account can play three times a day, but the black and gray product discovered the logic behind the turntable. One person played more than 400,000 times. Take all the prizes away, this is the use of loopholes in the rules. If you find a sudden increase in registered users of your own platform, but these users have no further behavior, the active time is only one second, or only active on the hour, then this platform will Attention, this is a sign of'the wolf is coming'." Guo Jianan said.

  Dongpeng Special Drinks technical person in charge and Shenzhen Pengxun Yunshang Technology Co., Ltd. director Dong Wenbo once publicly stated that Dongpeng Special Drinks had done a "scan code to grab a red envelope" promotion, and some scan code users were greedy for cheap purchase of QR codes. The little wool that scans the code, the harm of the little wool is actually relatively low, because after all, he is still a real person there, but it is also the most difficult to track.

In the early days, the professional wool party would keep a lot of numbers and keep there, and then wait for the activities of the brand owners, and then use some technical means to use scripts to quickly brush them for profit.

  "In 2015, Dongpeng Special Drink started to scan code to send red envelopes and found that there were many abnormal code scanning behaviors. We internally estimated that 5% of them were lost by the wool party. Later, the technical team was introduced and found that in fact, the wool party About 8%-10% of the red envelopes dropped." Dong Wenbo said.

  A person familiar with the black and gray industry told the Shell Finance reporter that the truly top professional woolen party is to find the loopholes in the preferential activities to collect the wool operation. "This kind of professional woolen party calls itself a'project team', and the specific operation method is to find The loopholes in the newly released promotional activities (i.e.'projects') were then used to develop scripts specifically aimed at the activities, supplemented by thousands of devices controlled by the group, swarming up. They are often proficient in technology, It is a real black and gray product, and it is also a target for the risk control teams of various Internet companies to strictly guard against.

  The Shell Finance reporter found in a wool party discussion group that the black production team has launched different scripts for preferential activities in different regions, such as tools for modifying IP addresses, tools for automatically liking, and simulators for simulating new users, etc. These tools constitute a "weapon" for professional black and gray products to exploit loopholes to gather wool.

  A group control software seller told the Shell Finance reporter that the group control software is the standard configuration for account maintenance and scalping: “From WeChat maintenance, account maintenance to fully automatic drainage marketing, all functions only need to be installed after installing the group control software. One-click operation on the computer can be completed. 100 control and 200 control (you can use software to control 100 or 200 mobile phones) equipment priced between 1888 yuan and 2888 yuan. For example, now many apps can receive gold coins by watching the news. , If you hang hundreds of mobile phones overnight, you can earn hundreds of yuan if you don’t do anything."

  "Limited time purchase" "First order 0 yuan purchase"

  Preferential information hides "killing"

  "First order 0 yuan purchase", "download to receive red envelopes", "pre-cut prices"... During the e-commerce promotion period, such advertising information and links are often overwhelming, but there are often some hidden "fishing" settings. information".

  Some netizens said that he had received an e-commerce text message to promote price reductions. After clicking on the link to enter, he found that the prices of some products on the platform were 40% lower than those in physical stores, so he paid for it.

"But when making payments, I was always redirected to a third-party payment platform, which was very similar to Alipay's payment interface. I didn't care about it at the time. After payment, I felt something was wrong, and then I found out that I came across a phishing website."

  "The criminals will use'pre-purchase','pre-sale','limited-time purchase','pre-price reduction', etc. as bait to send users SMS or WeChat messages containing Trojan horse links. After the user clicks, the Trojan horse virus is immediately implanted in the mobile phone Steal user information. In addition to online shopping links that are implanted with Trojan horses and phishing websites, there are also criminals who will make a fuss on the'pre-sale' activities to defraud buyers' deposits.' "Sale" is a marketing method commonly adopted by major online shopping platforms during the "Double Eleven" period in recent years. In order to seize the opportunity, many merchants will send pre-sale information of new products to old customers through SMS or WeChat in advance. And this link , It just provides a scam channel for scammers."

  In addition, there are platforms that "rebate new commissions" and use gimmicks such as "0 yuan to buy" to attract consumers to download related apps, but they actually have other purposes.

  On June 15th, a reporter from Beijing News Shell Finance and Economics saw an online shopping App advertisement in a "Welfare" QQ group with "newcomer free" and "0 yuan purchase free order". After QQ scanned the code, a pop-up popped up. "The webpage was complained by more than one person".

  After scanning the code through WeChat and downloading the App, a reporter from Shell Finance found that it had asked the user for multiple sensitive permissions including geographic location, camera, and audio.

After entering the App, although the interface includes information including "6.18 Hot Goods", "6.18 Interest-Free Purchase", "Pre-sale Interest-Free Benefits" and other information, there is no such information as "0 yuan purchase" and Information such as "free for newcomers" is replaced by "0.8 yuan for the next order, 1 yuan for the registration of 1 person", "blockchain ecosystem bidding for treasure" and other content involving "rebate for newcomers".

  "This kind of App is based on the purchase of 0 yuan, etc., but in fact it requires you to'pull your home'. It may be a kind of capital, and consumers need to be vigilant." A person familiar with black and gray products told reporters, "In addition, The App asks for multiple sensitive permissions and may upload personal information."

  Nantong Public Security Bureau stated that you should not trust your shopping text messages, click on unknown links, and install anti-virus software on your mobile phones as much as possible to provide a safe Internet environment.

  Disclosure of customer information

  Fake customer service and fake express delivery are hard to guard against

  "I once received a call claiming to be the customer service of an e-commerce platform. The other party told me that the items I bought before would be refunded to me because of quality problems. I did buy it, so I believed the other party’s identity and added her offer. WeChat." On June 14, Ms. Sun from Tianjin told a reporter from Shell Finance and Economics.

  Ms. Sun said that the other party sent a QR code through WeChat. After scanning the code, he needs to fill in information such as ID card and bank card number, and ask him to download an App. At this time, Ms. Sun found suspicious and did not proceed to the next step, but consulted. After checking the official customer service who purchased the item before, the customer service told Ms. Sun that she did not need a refund. Ms. Sun should have encountered a "fake customer service" fraud.

  In the case reported by the Xiamen police, Ms. Luo was "fake customer service" and asked her to cooperate with the bank to "release" the business on the grounds that "work errors were included in the customer agent list", and induced Ms. Luo to enter a string of so-called codes (Actually it is the receiving account) and click "Confirm", and finally scam 10,000 yuan.

  Regarding such scams, the Hangzhou Public Security Bureau publicly stated that scammers usually use refunds or returns as reasons to fake customer service and ask consumers to click on the links provided by the Trojan horse website or phishing website to defraud the cardholder’s bank card account number, password and dynamics. With verification codes, consumers need to be alert to such scams.

  The Nantong Public Security Bureau issued a reminder that in the process of communicating with the other party, if words such as "card order", "order adjustment" and "activation order" appear, netizens can basically conclude that it is a scam.

If you are not sure whether there is a problem with the order, you must consult the official hotline or customer service of the e-commerce platform, and then process after verification by multiple parties. Do not trust unidentified text messages or phone calls.

  It should be noted that in this type of case, the black and gray products are mostly fraudulent after they have mastered the information of online shopping customers.

Weng Qiankuan, deputy squadron of the Fourth Squadron of the Criminal Police Brigade of the Public Security Bureau of Sihong County, said in an interview with CCTV that in a fake fraud case, he found that there were more than 400 online shopping data in the phone of the fraudster, including the victim's.

  The Shell Finance reporter discovered that after accurately grasping user information, there is another type of "express delivery" scam that pretends to be a shipping merchant.

  For example, the netizen "Suddenlyo" stated that he received a courier delivery service, thinking it was a document of a partner company, and found out that it was a fraudulent express delivery after opening it, but the payment fee of 49 yuan had been paid.

In addition, there are even cases where scammers who have mastered the real logistics information of consumers rushed to send to the express delivery for fraud before the arrival of the real logistics.

  In this regard, the Hangzhou Public Security Bureau reminded that in such scams, scammers first use illegal channels to obtain citizens’ personal information and counterfeit the courier number to contact consumers first, and finally defraud money in the name of cash on delivery. Therefore, consumers must sign for the package before signing for the package. Follow the confirmed official website information to see if it is your own package.

  Luo Yidan, Shell Financial Reporter, Beijing News