It has long been known that money in someone else's pocket does not allow all sorts of dark personalities to sleep peacefully, but in recent years crime has increasingly moved into the world of digital technologies, and in pockets more and more often instead of cash there is only a bank plastic card. We talk about several ways to steal virtual money.
1. In first place we put the so-called skimming (from the English skim - skim off foam, degrease), a fairly old and very common method in which an attacker places additional equipment (skimmer) on a bank terminal, allowing him to record all actions performed with the card, including the entered PIN code. A portable video camera is often additionally used. The skimmer makes it possible to read data from the magnetic chip of a bank card. Then a copy of the plastic is made, and the money changes hands.
Advice: check that there are no all kinds of undocumented devices on the bank terminals. Do not use ATMs outside bank branches or large shopping and business centers.
2. In second place is theft of an ATM or the installation of fake equipment that looks like a real bank terminal. Of course, ATMs are rarely stolen, but not only cash is stored in it, but also data about client cards and all transactions with them. Fake ATMs have begun to appear much more frequently lately. The card inserted into the card reader is not returned until the PIN code is entered, and the information read from the chip allows you to make a copy and withdraw money in a real terminal. By the way, just recently another know-how appeared: craftsmen learned to install data exchange buses on ATMs. Upon gaining access to the controls, they issue a command to issue cash. To avoid getting into a bad situation, use the advice from point 1.
3. In places with large crowds of people, so-called POS terminals are often installed to pay for all kinds of goods and services. Clients do not know, but malicious software or the same skimmer may be installed on the equipment. In this way, data is stolen from thousands of bank cards, and it is extremely difficult to detect fraud.
4. Where do we often trust strangers with our bank card? Of course, in restaurants. The plastic handed over to an unscrupulous waiter is photographed on both sides and very valuable data is obtained, which you can even sell on special Internet resources or use yourself. By the way, this may not be news, but even such a large online store as AliExpress does not request an SMS with a confirmation code when paying for a purchase. Having information on both sides of the plastic at his disposal, the attacker can pay with someone else's money. An SMS is sent to the cardholder only if there is no money in the account. Also know that when paying with impersonal bank cards, you can indicate anything in the “Name” column.
Advice: never give your bank card into the wrong hands. If you are told that it is impossible to bring the terminal for payment, do not be lazy and go to it yourself. Also, remember and erase the CVV code from the card so that no one but you can use it.
5. Next, we would like to warn you against installing little-known applications for your smartphone. While an antivirus is usually installed on a personal computer, it is rarely installed on handheld gadgets. There are Trojans that can collect and transmit to an attacker your payment information, information about your movements and other personal data. Therefore, before installing an unfamiliar program, look for reviews about it online, and it's a good idea if the application version has several updates over time.
6. We have written about public Wi-Fi more than once, but it is still necessary to mention it. There is a ClientLogin protocol that stores a so-called authorization token (authToken) for two weeks, and this file is plain unencrypted text. When authenticating a smartphone on the network, data can be intercepted by a special program, so do not forget to use an encrypted VPN connection, which we discussed in detail in previous reviews about network security. And also do not log into the client bank through public networks.
7. Very often, scammers pretend to be someone you know who allegedly changed their SIM card and found themselves in a difficult situation. Many people have probably received similar SMS messages, and we will not give text variants; the imagination of these figures works well. There were also many cases of calls at night to parents of adult children who have a vehicle. A hysterical voice at two o'clock in the morning reports that he hit a man and hands the phone to a fake traffic cop to resolve the problem. Advice: never give in to emotions, calm down and contact your loved one yourself.
8. There is NFS technology that allows you to pay contactlessly by bringing your smartphone to the payment terminal. This radio communication has extremely low power and operates only at a distance of a couple of centimeters. However, in line at the checkout, there is a real opportunity to become a victim of scammers who, by bringing their device to your gadget, read your bank card details, except for the CVV code. However, not all Russian online stores still require the introduction of a security code. Tip: Take out your payment device immediately before paying.
9. Next we will talk about fake sites. We often receive SMS messages supposedly from banks or generally unfamiliar organizations with an offer to follow the link contained in the letter. Don't do this, and if you still can't resist, pay attention to the address on the Internet; as a rule, it differs from the original one, and also don't ignore the browser message about an unsecured connection. By the way, these letters are usually impersonal, that is, they do not contain in their text an address to the addressee by name and other specific information. So recently, many people began to receive messages from the short number 9000. Sberbank clients know that number 900 is the bank's number, and sometimes messages of an advertising or informational nature come from it, for example, about completed transfers. So, from number 9000 they tell you that you recently used the bank's service and ask you to rate it by sending a reply message. An inattentive person will send the requested letter and lose a certain amount of money from his telephone balance.
10. And the last thing is the so-called Vishing (English: Voice fishing). Calls with all kinds of requests to disclose your bank card details. An old and primitive method, but it still works. The call options are completely different, ranging from transferring “lottery winnings” to more sophisticated methods. For example, a fraudster finds your advertisement on the site for the sale of something. Over the phone they inform you of their ardent desire to transfer the deposit to your card and come later for the purchase. At the same time, they ask for all the information on the card, including the CVV code.
When we find out that one of our acquaintances has fallen for the bait of scammers, as a rule, we are surprised at the primitiveness of the trick and think that we ourselves would never succumb to such a deception. However, criminal businessmen usually exploit decent people in their schemes, who rarely encounter such swindlers in their daily lives. It remains to be desired to be careful and attentive to details; as a rule, the devil lies there.
1. In first place we put the so-called skimming (from the English skim - skim off foam, degrease), a fairly old and very common method in which an attacker places additional equipment (skimmer) on a bank terminal, allowing him to record all actions performed with the card, including the entered PIN code. A portable video camera is often additionally used. The skimmer makes it possible to read data from the magnetic chip of a bank card. Then a copy of the plastic is made, and the money changes hands.
Advice: check that there are no all kinds of undocumented devices on the bank terminals. Do not use ATMs outside bank branches or large shopping and business centers.
2. In second place is theft of an ATM or the installation of fake equipment that looks like a real bank terminal. Of course, ATMs are rarely stolen, but not only cash is stored in it, but also data about client cards and all transactions with them. Fake ATMs have begun to appear much more frequently lately. The card inserted into the card reader is not returned until the PIN code is entered, and the information read from the chip allows you to make a copy and withdraw money in a real terminal. By the way, just recently another know-how appeared: craftsmen learned to install data exchange buses on ATMs. Upon gaining access to the controls, they issue a command to issue cash. To avoid getting into a bad situation, use the advice from point 1.
3. In places with large crowds of people, so-called POS terminals are often installed to pay for all kinds of goods and services. Clients do not know, but malicious software or the same skimmer may be installed on the equipment. In this way, data is stolen from thousands of bank cards, and it is extremely difficult to detect fraud.
4. Where do we often trust strangers with our bank card? Of course, in restaurants. The plastic handed over to an unscrupulous waiter is photographed on both sides and very valuable data is obtained, which you can even sell on special Internet resources or use yourself. By the way, this may not be news, but even such a large online store as AliExpress does not request an SMS with a confirmation code when paying for a purchase. Having information on both sides of the plastic at his disposal, the attacker can pay with someone else's money. An SMS is sent to the cardholder only if there is no money in the account. Also know that when paying with impersonal bank cards, you can indicate anything in the “Name” column.
Advice: never give your bank card into the wrong hands. If you are told that it is impossible to bring the terminal for payment, do not be lazy and go to it yourself. Also, remember and erase the CVV code from the card so that no one but you can use it.
5. Next, we would like to warn you against installing little-known applications for your smartphone. While an antivirus is usually installed on a personal computer, it is rarely installed on handheld gadgets. There are Trojans that can collect and transmit to an attacker your payment information, information about your movements and other personal data. Therefore, before installing an unfamiliar program, look for reviews about it online, and it's a good idea if the application version has several updates over time.
6. We have written about public Wi-Fi more than once, but it is still necessary to mention it. There is a ClientLogin protocol that stores a so-called authorization token (authToken) for two weeks, and this file is plain unencrypted text. When authenticating a smartphone on the network, data can be intercepted by a special program, so do not forget to use an encrypted VPN connection, which we discussed in detail in previous reviews about network security. And also do not log into the client bank through public networks.
7. Very often, scammers pretend to be someone you know who allegedly changed their SIM card and found themselves in a difficult situation. Many people have probably received similar SMS messages, and we will not give text variants; the imagination of these figures works well. There were also many cases of calls at night to parents of adult children who have a vehicle. A hysterical voice at two o'clock in the morning reports that he hit a man and hands the phone to a fake traffic cop to resolve the problem. Advice: never give in to emotions, calm down and contact your loved one yourself.
8. There is NFS technology that allows you to pay contactlessly by bringing your smartphone to the payment terminal. This radio communication has extremely low power and operates only at a distance of a couple of centimeters. However, in line at the checkout, there is a real opportunity to become a victim of scammers who, by bringing their device to your gadget, read your bank card details, except for the CVV code. However, not all Russian online stores still require the introduction of a security code. Tip: Take out your payment device immediately before paying.
9. Next we will talk about fake sites. We often receive SMS messages supposedly from banks or generally unfamiliar organizations with an offer to follow the link contained in the letter. Don't do this, and if you still can't resist, pay attention to the address on the Internet; as a rule, it differs from the original one, and also don't ignore the browser message about an unsecured connection. By the way, these letters are usually impersonal, that is, they do not contain in their text an address to the addressee by name and other specific information. So recently, many people began to receive messages from the short number 9000. Sberbank clients know that number 900 is the bank's number, and sometimes messages of an advertising or informational nature come from it, for example, about completed transfers. So, from number 9000 they tell you that you recently used the bank's service and ask you to rate it by sending a reply message. An inattentive person will send the requested letter and lose a certain amount of money from his telephone balance.
10. And the last thing is the so-called Vishing (English: Voice fishing). Calls with all kinds of requests to disclose your bank card details. An old and primitive method, but it still works. The call options are completely different, ranging from transferring “lottery winnings” to more sophisticated methods. For example, a fraudster finds your advertisement on the site for the sale of something. Over the phone they inform you of their ardent desire to transfer the deposit to your card and come later for the purchase. At the same time, they ask for all the information on the card, including the CVV code.
When we find out that one of our acquaintances has fallen for the bait of scammers, as a rule, we are surprised at the primitiveness of the trick and think that we ourselves would never succumb to such a deception. However, criminal businessmen usually exploit decent people in their schemes, who rarely encounter such swindlers in their daily lives. It remains to be desired to be careful and attentive to details; as a rule, the devil lies there.
