A sophisticated phishing campaign is targeting Greek mobile users with fraudulent text messages falsely promising fuel subsidies, investigators have found.
The scam messages tell recipients they are entitled to financial assistance through a fictitious “Fuel Pass III” program, urging them to click a link and enter personal and banking details. The messages are well-written and grammatically correct, exploiting a real government program to appear credible.
Andreas Venieris, an information systems security officer, traced the operation to a Frankfurt server belonging to Tencent, the Chinese cloud computing service, with 50 near-identical fake government domains registered at the same address.
“The attacker is not in Germany – they simply rented a server there,” Venieris said. “The use of the Chinese service suggests a possible connection with China or Southeast Asia, but even that is not certain.
“The redundancy is deliberate,” he added. “If one domain gets blocked, the remaining 49 continue operating.”
Victims who click the link are walked through a convincing replica of Greece’s official benefits portal, eventually surrendering bank card details. When their bank sends a one-time password, the fake site captures it — completing the theft.
Venieris described the scheme as “a complete Phishing-as-a-Service kit” that can also impersonate courier companies, banks, and online retailers, suggesting an organized group selling criminal infrastructure to other bad actors.
Public authorities, officials stressed, never request bank details by text message.