HIGH RISK / SCAM
A sophisticated phishing campaign originated in Algeria, targeting the French business sector. Scammers used Google Share links to bypass email security filters, redirecting victims to a temporary Atoms.dev deployment. The site impersonated a fake Spanish trade entity, “Pro Lite Stock,” offering fraudulent import/export services for premium Algerian products.
Technical Breakdown
- Vector: Google Share Redirects (share.google)
- Hosting: Atoms.dev (Serverless Phishing)
- Identity Theft: Fake Spanish entity “Pro Lite Stock” (Non-existent in Spanish Mercantil Registry).
- Goal: B2B Credential Harvesting and Invoice Fraud.
Key Facts Table
- Attacker Origin: Algeria (DZ)
- Traffic Target: France (FR)
- Infrastructure: Obfuscated deployment on atoms.dev
- Status: Neutralized (Domain and IP Cluster Blacklisted)
π‘οΈ Expert Advice for French Businesses (Conseil aux Entreprises)
Scammers often impersonate European entities to gain trust. Before interacting with any “Trade Offer” or “Logistics Portal,” take these three steps:
- Verify NIF/CIF (Spain) or SIRET/SIREN (France): Any legitimate European company must display its official registration number. The “Pro Lite Stock” entity failed to provide a valid CIF (CΓ³digo de IdentificaciΓ³n Fiscal). You can verify Spanish companies for free via the Registro Mercantil Central.
- Inspect the Hosting Infrastructure: No established international trade firm hosts its official portal on developer subdomains like *.atoms.dev or *.vercel.app. These are red flags for temporary, throwaway infrastructure.
- Cross-Check the Domain History: Use tools like WHOIS to check the domain age. If a company claims to be a “Trusted Global Partner” but their website was created 14 days ago, it is 100% a scam.