Cyber fraudsters have improved the scheme of stealing money using fake online stores. Now it has become even more difficult to recognize that money is going to them.
The criminals have improved the interface that mimics the operation of banking technology 3-D Secure, which is designed to strengthen the protection of payments. They lure victims to fake stores (usually “selling” popular goods at very low prices), and after clicking on the buy button, a page that completely imitates 3-D Secure opens. If the victim enters the card number, its expiration date and the security code, these data instantly go to the fraudsters. An improvement in the fraudulent scheme consists in the fact that a fake form also asks to enter a code from an SMS message to confirm a payment - and this code is also seen by fraudsters.
The user can receive a notification or SMS about the write-off, as well as a message about a successful purchase. This will lull her vigilance, while the money actually went to scammers who will cash it out through dummies (and perhaps not even in Russia).
According to Group-IB, over the past few months, at least 400 million rubles have been stolen under this scheme. And since it is relatively recent, and the general public (who only recently realized that they should not trust calls from the "bank security service") is still unknown about it, the peak of such fraud has not yet been reached.
Information security experts advise banking organizations and shops to refuse SMS and switch to biometric methods of confirming payments. It is also worth refusing to manually enter sensitive data on sites and storing information about cards in secure payment systems like Google Pay (they do not transmit card numbers to sites in clear text, but confirm the withdrawal using encrypted tokens).
The criminals have improved the interface that mimics the operation of banking technology 3-D Secure, which is designed to strengthen the protection of payments. They lure victims to fake stores (usually “selling” popular goods at very low prices), and after clicking on the buy button, a page that completely imitates 3-D Secure opens. If the victim enters the card number, its expiration date and the security code, these data instantly go to the fraudsters. An improvement in the fraudulent scheme consists in the fact that a fake form also asks to enter a code from an SMS message to confirm a payment - and this code is also seen by fraudsters.
The user can receive a notification or SMS about the write-off, as well as a message about a successful purchase. This will lull her vigilance, while the money actually went to scammers who will cash it out through dummies (and perhaps not even in Russia).
According to Group-IB, over the past few months, at least 400 million rubles have been stolen under this scheme. And since it is relatively recent, and the general public (who only recently realized that they should not trust calls from the "bank security service") is still unknown about it, the peak of such fraud has not yet been reached.
Information security experts advise banking organizations and shops to refuse SMS and switch to biometric methods of confirming payments. It is also worth refusing to manually enter sensitive data on sites and storing information about cards in secure payment systems like Google Pay (they do not transmit card numbers to sites in clear text, but confirm the withdrawal using encrypted tokens).
