Bank fraud has become part of everyday life. Attackers methods are becoming more and more sophisticated: often the victim does not immediately understand what happened.
We've collected several publicly available stories from victims and looked at them from the perspective of attackers. We also found useful webself articles about how he fooled scammers by the nose. Details under the cut.
We will not discuss who exactly is involved in such matters, and we will leave aside the question of ethics. We are interested in the technical side of carders actions, as well as ways to protect against them.
The information is provided for informational purposes only. The author is not responsible for any harm that may occur after reading this article.
Where do attackers get data from potential victims? After all, this is not only your full name and phone number, but also a code word, the status of accounts and deposits, and recent transactions. There are shady sites on the darknet that specialize in obtaining and selling such data. This has been written about in detail before us.
Having received the information of potential victims, scammers must create a legitimate cover. Here they have at least two options: choose a number very similar to the bank’s number, or replace their number with the bank’s number.
The second method is much more dangerous, since the victim, after Googling, will be convinced that the number belongs to the bank and continue the conversation.
Obviously, number substitution is a shadow service that is provided by dozens of services. Typically, this is done using SIP telephony, a subtype of IP telephony. The servers, of course, are located outside our country, so law enforcement agencies will not investigate their activities.
Having reached the victim, the scammer begins a social engineering session, the goal of which is to get the maximum possible amount of money. If we omit the nuances, we can divide all the cases into several groups:
Typically, scammers operate according to a script that branches depending on what the victim says. This speaks to the level of training of carders and their determination
We tried to systematize the most common actions of scammers. The diagram below shows the results.
That's all for now. Be careful.
(c) https://habr.com/ru/companies/dsec/articles/472940/
We've collected several publicly available stories from victims and looked at them from the perspective of attackers. We also found useful webself articles about how he fooled scammers by the nose. Details under the cut.
What's happening?
Many stories are similar to each other: the victim receives a call from a bank number (or a very similar one) and is asked to confirm a transaction that, of course, no one made. If the victim has questions, scammers skillfully ingratiate themselves by providing financial details that, in an ideal world, would only be known to the bank and the victim. Money from the victim’s accounts goes to a third party’s account, from where it will be withdrawn later. Attackers always have backup options in case the victim encounters difficulties or asks too many questions.We will not discuss who exactly is involved in such matters, and we will leave aside the question of ethics. We are interested in the technical side of carders actions, as well as ways to protect against them.
The information is provided for informational purposes only. The author is not responsible for any harm that may occur after reading this article.
Where do attackers get data from potential victims? After all, this is not only your full name and phone number, but also a code word, the status of accounts and deposits, and recent transactions. There are shady sites on the darknet that specialize in obtaining and selling such data. This has been written about in detail before us.
Having received the information of potential victims, scammers must create a legitimate cover. Here they have at least two options: choose a number very similar to the bank’s number, or replace their number with the bank’s number.
The second method is much more dangerous, since the victim, after Googling, will be convinced that the number belongs to the bank and continue the conversation.
Obviously, number substitution is a shadow service that is provided by dozens of services. Typically, this is done using SIP telephony, a subtype of IP telephony. The servers, of course, are located outside our country, so law enforcement agencies will not investigate their activities.
Having reached the victim, the scammer begins a social engineering session, the goal of which is to get the maximum possible amount of money. If we omit the nuances, we can divide all the cases into several groups:
- the attacker directs the victim's actions, forcing her to go to an ATM, withdraw money and transfer it to a “safe” account belonging to a third party, who, most likely, does not suspect anything;
- the attacker extracts as much information as possible from the victim, with which you can gain access to your personal account (numbers from the back of the card, codes from SMS, etc.);
- The attacker, in order to make his task easier, offers the victim to install TeamViewer or its equivalent under the guise of helping the client. The victim may not need to take any other action - everything will happen before her eyes, but without her participation.
Typically, scammers operate according to a script that branches depending on what the victim says. This speaks to the level of training of carders and their determination
We tried to systematize the most common actions of scammers. The diagram below shows the results.
What to do?
Now we will talk about several methods of protection. They may seem obvious to some, but the constant success of scammers is a good reason to repeat what has been said many times.- If you receive a call from a number similar to or identical to a bank number, or a “left” number, but the caller persistently introduces himself as a bank employee, you should refuse the conversation. Then you can independently call the numbers indicated on your bank card and find out whether the bank called you, whether funds were actually transferred from your accounts, etc. Or you can go to online banking to view transactions on the card and status of accounts and deposits. As a last resort, go to a bank branch if they have them.
- There are many applications that determine whether an incoming call is a source of spam or a scam. But it may also be that the number from which they are calling you has only recently been used, so it will not be identified as unwanted.
- You should always remember that bank employees do not offer to perform any transactions with money, such as transfers to bank “employee” accounts, withdrawing money from ATMs and then depositing it into someone else’s account, installing additional programs and applications on a smartphone. Those who offer this are 100% scammers. Bank employees will not ask you to install an application like TeamViewer. They don't need it.
- A lot has been said about SMS from banks not only by the banks themselves, but also by everyone who is not too lazy. We will also say: do not tell anyone the sequence of numbers from SMS, even to “robots” with whom scammers offer to talk, citing the fact that the robot is not a person, and therefore “nobody”.
- Call centers of different banks are in no way connected with each other. If they introduced themselves to you as bank X, and you said that you use bank Y, and they immediately want to transfer you to the line of this bank, be wary. Better yet, hang up immediately.
That's all for now. Be careful.
(c) https://habr.com/ru/companies/dsec/articles/472940/
