Cross-Border B2B Fraud: The “Atoms.dev” Phishing Wave

Posted byAnti-phishing Leave a comment on Cross-Border B2B Fraud: The “Atoms.dev” Phishing Wave

HIGH RISK / SCAM

A sophisticated phishing campaign originated in Algeria, targeting the French business sector. Scammers used Google Share links to bypass email security filters, redirecting victims to a temporary Atoms.dev deployment. The site impersonated a fake Spanish trade entity, “Pro Lite Stock,” offering fraudulent import/export services for premium Algerian products.

Threat Intel: This spoofed page was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the hostile origin link has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Cross-Border B2B Fraud: The “Atoms.dev” Phishing Wave" phishing interface captured during link moderation on our platform.
Figure 1: Actual screenshot of the ongoing fraudulent campaign intercepted by our security systems.

Technical Breakdown

  • Vector: Google Share Redirects (share.google)
  • Hosting: Atoms.dev (Serverless Phishing)
  • Identity Theft: Fake Spanish entity “Pro Lite Stock” (Non-existent in Spanish Mercantil Registry).
  • Goal: B2B Credential Harvesting and Invoice Fraud.

Key Facts Table

  • Attacker Origin: Algeria (DZ)
  • Traffic Target: France (FR)
  • Infrastructure: Obfuscated deployment on atoms.dev
  • Status: Neutralized (Domain and IP Cluster Blacklisted)

Expert Advice for French Businesses (Conseil aux Entreprises)

Scammers often impersonate European entities to gain trust. Before interacting with any “Trade Offer” or “Logistics Portal,” take these three steps:

  1. Verify NIF/CIF (Spain) or SIRET/SIREN (France): Any legitimate European company must display its official registration number. The “Pro Lite Stock” entity failed to provide a valid CIF (Código de Identificación Fiscal). You can verify Spanish companies for free via the Registro Mercantil Central.
  2. Inspect the Hosting Infrastructure: No established international trade firm hosts its official portal on developer subdomains like *.atoms.dev or *.vercel.app. These are red flags for temporary, throwaway infrastructure.
  3. Cross-Check the Domain History: Use tools like WHOIS to check the domain age. If a company claims to be a “Trusted Global Partner” but their website was created 14 days ago, it is 100% a scam.

Leave a comment

Your email address will not be published. Required fields are marked *