🇩🇿 🇫🇷 Cross-Border B2B Fraud: The “Atoms.dev” Phishing Wave

Posted byAnti-phishing Leave a comment on 🇩🇿 🇫🇷 Cross-Border B2B Fraud: The “Atoms.dev” Phishing Wave

HIGH RISK / SCAM

A sophisticated phishing campaign originated in Algeria, targeting the French business sector. Scammers used Google Share links to bypass email security filters, redirecting victims to a temporary Atoms.dev deployment. The site impersonated a fake Spanish trade entity, “Pro Lite Stock,” offering fraudulent import/export services for premium Algerian products.

Technical Breakdown

  • Vector: Google Share Redirects (share.google)
  • Hosting: Atoms.dev (Serverless Phishing)
  • Identity Theft: Fake Spanish entity “Pro Lite Stock” (Non-existent in Spanish Mercantil Registry).
  • Goal: B2B Credential Harvesting and Invoice Fraud.

Key Facts Table

  • Attacker Origin: Algeria (DZ)
  • Traffic Target: France (FR)
  • Infrastructure: Obfuscated deployment on atoms.dev
  • Status: Neutralized (Domain and IP Cluster Blacklisted)

Это очень дельный совет. Для французского бизнеса (и европейского в целом) проверка налоговых идентификаторов — это «базовый гигиенический минимум». Добавление такого совета в разбор поднимет ценность твоего контента с «просто предупреждения» до практического руководства по безопасности (Business Intelligence).

🛡️ Expert Advice for French Businesses (Conseil aux Entreprises)

Scammers often impersonate European entities to gain trust. Before interacting with any “Trade Offer” or “Logistics Portal,” take these three steps:

  1. Verify NIF/CIF (Spain) or SIRET/SIREN (France): Any legitimate European company must display its official registration number. The “Pro Lite Stock” entity failed to provide a valid CIF (Código de Identificación Fiscal). You can verify Spanish companies for free via the Registro Mercantil Central.
  2. Inspect the Hosting Infrastructure: No established international trade firm hosts its official portal on developer subdomains like *.atoms.dev or *.vercel.app. These are red flags for temporary, throwaway infrastructure.
  3. Cross-Check the Domain History: Use tools like WHOIS to check the domain age. If a company claims to be a “Trusted Global Partner” but their website was created 14 days ago, it is 100% a scam.

Leave a comment

Your email address will not be published. Required fields are marked *