Calls about suspicious money transfers have been replaced by new schemes. We tell you how to protect yourself from deception.
In addition to vigilance, additional control measures over banking transactions will protect you. Similar options are sometimes provided in the account maintenance package. For example, VTB confirms payments using NFC. To approve the money transfer, after entering the details in the bank application, you need to touch your VTB card to the smartphone screen. In this case, people do not receive classic SMS with a confirmation code, and scammers cannot remotely withdraw money from their account.
This method of fraud has another variation. This usually happens at the airport: the attacker introduces himself as a bank employee and offers the passenger to get a credit card on favorable terms. But to do this, you need to update the banking application: supposedly the old version does not have such a promotion. You can download the new one using the link provided by the bank’s “representative”. But instead of mobile banking, the victim installs the same phishing software and gives scammers access to their account.
If you still need to update the application or download it again, if you have changed your smartphone, then look for instructions on the bank’s website. As a rule, all the necessary tips are there. This can also be done offline - at a bank branch with the help of an employee.
Even a short-term hack of an account at State Services is fraught with serious consequences. Criminals will have access to all personal data, including driver’s license numbers and SNILS. This data can be used to access a person's online services. After this, attackers can withdraw the victim’s pension savings, issue a loan in her name, or register an electronic wallet and use it for criminal purposes.
In addition to calls, you may also receive push notifications allegedly from a mobile operator with similar content. The message will contain a link that leads first to the operator’s website, and then to “Government Services” - both phishing resources. The user will be prompted to enter the login and password for their personal account.
In addition, if the interlocutor on the other end of the line says that he represents State Services, you can safely hang up: real service employees never call users. The service sends all notifications only in the form that you yourself specified in your personal account. When going to the portal, it is important to check its address: it should not contain additional characters. For example, if you see gosus1ugi in the search bar, there is something wrong.
Unlike Gosuslugi, mobile operators have the right to request subscribers to confirm personal information about them. But to do this, you don’t need to follow strange links from SMS - you can do this through the operator’s official application or in the communication salon.
If you ask your interlocutor to confirm that he is indeed an employee of a mobile operator, he can give his full name and your tariff. But you still don’t need to believe him: attackers know how to get this information from stolen databases. To re-sign the contract, the interlocutor will offer to go to State Services. During authorization, the user receives an SMS confirming that the password has been reset. He gives this code to the scammer and then loses access to the service.
You have the power to stop scammers from deceiving other people. For example, VTB has such an option. If you receive a suspicious call, you can report it to the bank’s contact center or VTB Online chatbot. The company’s smart system automatically records the data of criminals and transfers it to specialists from the Ministry of Digital Development and telecom operators so that they block the attackers. You can complain about strange calls even if you are not a VTB client.
Of course, for such voicemails to start coming on behalf of your friend, his account must be hacked. The scammers then use artificial intelligence to generate requests to transfer money based on actual audio messages. This recording is sent to all the user’s contacts, including chats in which he is a member. If you respond to such a message, you will be sent your bank card details. In the process of transferring money, there is a risk of compromising your own data.
It is also important to strengthen the protection of your own account so as not to lose access to it and not become a source of fake audio. Use two-factor authentication to sign in, create a complex password, and use public Wi-Fi connections with caution.
(c) https://lifehacker.ru/ulovki-moshennikov-v-2024-godu/
Trick 1. Letters from the “tax office”
In this fraud scheme, criminals send letters on behalf of the tax service and ask for an urgent return. They carefully attach to the messages a link to a form in which, among other things, you need to enter the full details of your bank card - including the three-digit code on the back. Supposedly this is necessary to identify the taxpayer. With so much personal information transferred, scammers easily gain access to the victim’s account and can withdraw funds within minutes.How to protect yourself
Remember that tax authorities do not write with an offer to pay off debt online. Data on how much taxes must be paid and within what time frame can be found independently in the taxpayer’s personal account on the website of the Federal Tax Service or on Gosuslugi.In addition to vigilance, additional control measures over banking transactions will protect you. Similar options are sometimes provided in the account maintenance package. For example, VTB confirms payments using NFC. To approve the money transfer, after entering the details in the bank application, you need to touch your VTB card to the smartphone screen. In this case, people do not receive classic SMS with a confirmation code, and scammers cannot remotely withdraw money from their account.
Trick 2: Update your banking app
Attackers take advantage of the fact that popular online stores no longer have applications from many Russian banks. They call victims and warn them to install the latest version using alternative instructions. As a rule, to do this you need to download a certain service. This is actually phishing software. You will need to register in it in order to create a supposedly secure personal account, but all mobile banking data will immediately leak into the hands of scammers.This method of fraud has another variation. This usually happens at the airport: the attacker introduces himself as a bank employee and offers the passenger to get a credit card on favorable terms. But to do this, you need to update the banking application: supposedly the old version does not have such a promotion. You can download the new one using the link provided by the bank’s “representative”. But instead of mobile banking, the victim installs the same phishing software and gives scammers access to their account.
How to protect yourself:
Under no circumstances should you download anything from suspicious sources. If your banking app is working properly, it probably doesn't need an update. Moreover, it will inform itself about the need for any modifications.If you still need to update the application or download it again, if you have changed your smartphone, then look for instructions on the bank’s website. As a rule, all the necessary tips are there. This can also be done offline - at a bank branch with the help of an employee.
Trick 3. Confirmation of passport data on “State Services”
This is another scheme that involves phishing services. Fraudsters call and say that you urgently need to confirm your passport details on the portal. But the link leads to a phishing counterpart of State Services: if you enter your login and password, they will leak into the hands of criminals.Even a short-term hack of an account at State Services is fraught with serious consequences. Criminals will have access to all personal data, including driver’s license numbers and SNILS. This data can be used to access a person's online services. After this, attackers can withdraw the victim’s pension savings, issue a loan in her name, or register an electronic wallet and use it for criminal purposes.
In addition to calls, you may also receive push notifications allegedly from a mobile operator with similar content. The message will contain a link that leads first to the operator’s website, and then to “Government Services” - both phishing resources. The user will be prompted to enter the login and password for their personal account.
How to protect yourself
When communicating with an unfamiliar interlocutor who asks you to do something “urgently,” follow the main rule: do not be fooled by persuasion. Hang up and take a break to think. You can check the information on the State Services website.In addition, if the interlocutor on the other end of the line says that he represents State Services, you can safely hang up: real service employees never call users. The service sends all notifications only in the form that you yourself specified in your personal account. When going to the portal, it is important to check its address: it should not contain additional characters. For example, if you see gosus1ugi in the search bar, there is something wrong.
Unlike Gosuslugi, mobile operators have the right to request subscribers to confirm personal information about them. But to do this, you don’t need to follow strange links from SMS - you can do this through the operator’s official application or in the communication salon.
Trick 4. Renewing your contract with a mobile operator
In this case, the target of the criminals is still the same account on State Services, but they are accessing from the other side. The victim receives a call during which she is asked to urgently renew the contract with the telecom operator - supposedly it is about to expire. This offer sounds quite strange, but the scammers don’t let you come to your senses - you have to hurry, the phone number is about to be given to another user.If you ask your interlocutor to confirm that he is indeed an employee of a mobile operator, he can give his full name and your tariff. But you still don’t need to believe him: attackers know how to get this information from stolen databases. To re-sign the contract, the interlocutor will offer to go to State Services. During authorization, the user receives an SMS confirming that the password has been reset. He gives this code to the scammer and then loses access to the service.
How to protect yourself
If the interlocutor introduces himself as an employee of a telecom operator, interrupt the conversation and call back the official call center of the company. In addition, under no circumstances do not give logins, passwords or SMS codes to anyone to confirm login from your accounts - this applies to State Services and other services.You have the power to stop scammers from deceiving other people. For example, VTB has such an option. If you receive a suspicious call, you can report it to the bank’s contact center or VTB Online chatbot. The company’s smart system automatically records the data of criminals and transfers it to specialists from the Ministry of Digital Development and telecom operators so that they block the attackers. You can complain about strange calls even if you are not a VTB client.
Trick 5: Spoofing voice messages
If a text message on a social network or instant messenger from a friend with a request to urgently borrow a large sum looks suspicious, then it may not be so easy to notice something wrong in the case of a voice message. Using neural networks, scammers have learned to create audio recordings that imitate the voice of a real person. A victim who sincerely believes that an acquaintance is communicating with her may believe that he really needs money.Of course, for such voicemails to start coming on behalf of your friend, his account must be hacked. The scammers then use artificial intelligence to generate requests to transfer money based on actual audio messages. This recording is sent to all the user’s contacts, including chats in which he is a member. If you respond to such a message, you will be sent your bank card details. In the process of transferring money, there is a risk of compromising your own data.
How to protect yourself
So far, a similar fraud scheme is found in Telegram. If you receive a voicemail from a friend asking you to urgently help with money, then call him and find out what’s going on. You should not write to him in other instant messengers or social networks: perhaps these accounts have already been taken over by scammers.It is also important to strengthen the protection of your own account so as not to lose access to it and not become a source of fake audio. Use two-factor authentication to sign in, create a complex password, and use public Wi-Fi connections with caution.
(c) https://lifehacker.ru/ulovki-moshennikov-v-2024-godu/
