Fraudsters have tried to use the eSignature Mobile to connect to the Site Shop.Banknote.lv / Day

During the holidays, there was an attempt to obtain user data and possibly make unauthorized purchases in the online store « shop.Banknote.lv » using identity with « Epsigner Mobile ». Citizens received requests from smartphones to confirm the identity with « eSignature Mobile » so that fraudsters connect to the online store.

Current research shows that fraudsters have tried to connect to the « shop.Banknote.lv » with « eSignature Mobile » for at least two days using randomly generated personal codes or user numbers.

The LVRTC informed the portal holders on May 4, as well as the company « Dokobit », which provides the authentication solution to the portals involved, and asked for disabling the « eSignature Mobile » authentication capabilities.

Currently, the incident is still analyzed by both the LVRTC and the portal holders, who can provide more information on whether fraudsters have been able to carry out any activities on the portals involved.

Meanwhile, in order to ensure the safety of customer transactions, « shop.Banknote.lv » has temporarily disabled the possibility of authorization and transactions at « Shop.Banknote.lv », as well as « www.banknote.lv » and « www.vizia.lv » using the app « Epista Mobile ».

Currently, the LVRTC does not have information on the fact that one of the portals has been leaked.

It has already been reported that several portals have been attempted by fraudsters to obtain data from « eSignature » users. The LVRTC noted that on May 4, it was found that an attempt to obtain data from « eSignature » users had taken place on several portals using the electronic identification of the integrated and secured by « Dokobit » with the « eSignature Mobile ».

The LVRTC explains that, in specific cases, users of « eSignature Mobile » received an invitation in their smart devices to confirm their identity with the « eSignature Mobile », although they had not made such requests.

The LVRTC has also informed the IT Security Incident Prevention Authority « CERT.LV », but after receiving additional information from the parties to the parties involved will also assess the need to inform the Data Inspectorate.

Currently, the LVRTC does not have information on the fact that one of the portals has a personal data leak, the center points out.

LETA has already announced that on Sunday afternoon, LVRTC distributed warnings that cybercriminals were trying to access users of « Dokobit.com » users and carry out the operating portal and app « Epsigner Mobile » users.

Citizens have received a request to approve the identity with « eSignature Mobile » to connect to « Dokobit.com », the LVRTC warned.

« Dokobit.com » works in the Baltic and Scandinavian countries. The portal is provided by the Norwegian electronic identity service provider Signicat, which purchased Dokobit from Lithuania in 2021.

Delfingroup works with brands « Banknote » and « Vizia ». Delfingroup’s revenue last year, according to preliminary data, was 63 million euros, which is 25% more than in 2023, while the Group’s profit increased by 12% to EUR 7.4 million.

The company « Delfingroup » was registered in 2009. By the end of June 2012, the company worked under the name « Lombards24.lv », but then changed its name to « ExpressCredit ». On the other hand, Delfingroup turned into early February 2020.

Delfingroup shareholders are Aigar Kesenfeld’s Alppes Capital (18.35%), Agrim Evertovsky’s SIA « EC Finance » (18.81%) and SIA « AE Consulting » (8.9%), Linda Kesenfeldei  » Investment « (4.9%). The Kesenfeld Family Ltd. « L24 Finance » owns another 0.26% share of Delfingroup. The company’s shares in the official list of Nasdaq Riga.