Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 967
- Points
- 113
What carding methods are the most popular, what to do if scammers find out your bank card details, how to protect yourself from theft and what are the chances of getting your funds back - in the Kommersant material.
The most common methods of stealing funds from bank cards (carding) are based on psychological methods of persuasion, deception or intimidation of clients. According to the Russian Central Bank, among all attacks, more than 80% are related to social engineering. Telephone phishing is the most popular among scammers - this is the name given to the process of luring out personal data from banking clients.
According to statistics, about a quarter of cardholders are willing to disclose to strangers their three-digit security code, as well as the card’s expiration date and the code from an SMS message (3DSecure), which cannot be disclosed.
In 2024, the Central Bank initiated blocking of more than 756 thousand scammers’ phones - more than four times more than in 2021.
Another popular method of fraud is related to sales on classifieds sites , where the buyer uses a fake link to enter data to pay for a non-existent product.
On social networks, scammers send mailings to a list of friends from a hacked account with a request to transfer money to a card. Such information should always be double-checked through other communication channels.
Important! There is no need to follow links from suspicious emails or download unknown programs. Beware of paying for purchases on suspicious sites; do not transfer money if you are not sure of the recipient. Monitor all account transactions and use anti-virus programs.
In 2022, the Central Bank allocated over 15 thousand resources for blocking. Among which were pages on social networks, mobile applications and others.
Important! No need to remove other people's cards from ATMs. If the card has already been removed and threats are received, it is recommended to call the police.
The Central Bank estimates the average volume of one transaction in 2022 at 15.32 thousand rubles.
What to do if fraudsters have received your data and withdrawn money from your card
1. Call the bank, block the card, reporting unauthorized use of funds
2. At the bank office, draw up a document of disagreement with the operation
3. File a police report about the theft of money from your card
Comment from expert Denis Kalemberg, founder and CEO of SafeTech:
“If card details become known to fraudsters, then in most cases they use them to transfer “drops” to cards issued on fake or other people’s passports. Typically, “droppers” withdraw the stolen funds within a few minutes after the transfer. Also, purchases of equipment in online stores with subsequent resale are often used for theft.
It is impossible to make a purchase or transfer knowing only the card number, but this does not mean that it can be shared with anyone, because this number is often used to restore access to mobile banking. For payment, at least the validity period and the name of the owner are requested. But in this case, the purchase can be disputed and the money returned if the 3DSecure code was not used (usually sent via SMS to confirm payment). Responsibility for accepting payments without confirmation lies with the online store.”
“If fraudsters steal all the card data, plus find out the 3DSecure code, then getting the money back will be extremely problematic. The rules of payment systems in this case place responsibility on the client. If the payment went through without confirmation with a code, then there are definitely chances. Also recently, insurance services against theft from a bank card have become widespread.
In order to minimize the risk of losing money, it is better not to tell anyone over the phone card details and SMS codes, not to enter card data on sites that you do not trust 100%, not to download mobile applications from unverified sources and to use an antivirus. But the best thing is to never keep an amount on a plastic card that is more than what you don’t mind parting with,” advises Denis Kalemberg.
(c) Mikhail Malaev, group "Direct Speech"
The most common methods of stealing funds from bank cards (carding) are based on psychological methods of persuasion, deception or intimidation of clients. According to the Russian Central Bank, among all attacks, more than 80% are related to social engineering. Telephone phishing is the most popular among scammers - this is the name given to the process of luring out personal data from banking clients.
How carders work
- Posing as bank employees (“security service” or “financial monitoring service”), they report suspicious activity and offer to dictate card details so that the bank takes measures to protect funds.
- They convince you to transfer money to a separate account, supposedly for their protection; this can be done online or by withdrawing money from an ATM - in this case, the client can even be ordered a taxi to him.
- They ask you to install special software to “protect funds,” with which fraudsters can steal card data and apply for a pre-approved loan, after which they can withdraw funds.
- Since the beginning of the pandemic, scammers have been actively exploiting the topic of coronavirus , be it “free” diagnostics, medical care, benefits, compensation, refunds for air tickets and other pretexts, the ultimate goal of which is to transfer money.
- They inform older people about their due payments on behalf of the Pension Fund employees; in this case, they need to find out the bank card number and other data, supposedly to transfer money. In some cases, criminals offer to transfer money to a third-party account to pay state fees for future compensation.
- They call 10-15 minutes after receiving the card and offer to activate it. Although the user himself carries out this process. This is how scammers try to find out your card details.
According to statistics, about a quarter of cardholders are willing to disclose to strangers their three-digit security code, as well as the card’s expiration date and the code from an SMS message (3DSecure), which cannot be disclosed.
In 2024, the Central Bank initiated blocking of more than 756 thousand scammers’ phones - more than four times more than in 2021.
Email phishing, social networks and fake websites
The letters sent by scammers may contain links to fake websites that imitate the pages of online stores with big discounts, as well as hotels, airline ticket sales services, insurance companies, and various departments. Letters also arrive under the guise of receipts for payment of utility bills or in the form of official notices from banks and other organizations.Another popular method of fraud is related to sales on classifieds sites , where the buyer uses a fake link to enter data to pay for a non-existent product.
On social networks, scammers send mailings to a list of friends from a hacked account with a request to transfer money to a card. Such information should always be double-checked through other communication channels.
Important! There is no need to follow links from suspicious emails or download unknown programs. Beware of paying for purchases on suspicious sites; do not transfer money if you are not sure of the recipient. Monitor all account transactions and use anti-virus programs.
In 2022, the Central Bank allocated over 15 thousand resources for blocking. Among which were pages on social networks, mobile applications and others.
ATM fraud
Thefts using special reading devices (skimmers) and overlays on ATM pin pads are becoming less and less due to improved technical equipment of banks. They are being replaced by modeling situations with elements of social engineering. In one scenario, a fraudster (usually an elderly person) “forgets” a card in an ATM and then asks a person nearby to retrieve it. Having received the card back, the attacker and his accomplices check the account balance and claim that the money is missing, after which they demand it back.Important! No need to remove other people's cards from ATMs. If the card has already been removed and threats are received, it is recommended to call the police.
How much money did the scammers steal?
According to the Central Bank, in 2022, fraudsters carried out about 876.59 thousand unauthorized transactions , and about 14.165 billion rubles were stolen from clients .The Central Bank estimates the average volume of one transaction in 2022 at 15.32 thousand rubles.
What to do if fraudsters have received your data and withdrawn money from your card
1. Call the bank, block the card, reporting unauthorized use of funds
2. At the bank office, draw up a document of disagreement with the operation
3. File a police report about the theft of money from your card
Comment from expert Denis Kalemberg, founder and CEO of SafeTech:
“If card details become known to fraudsters, then in most cases they use them to transfer “drops” to cards issued on fake or other people’s passports. Typically, “droppers” withdraw the stolen funds within a few minutes after the transfer. Also, purchases of equipment in online stores with subsequent resale are often used for theft.
It is impossible to make a purchase or transfer knowing only the card number, but this does not mean that it can be shared with anyone, because this number is often used to restore access to mobile banking. For payment, at least the validity period and the name of the owner are requested. But in this case, the purchase can be disputed and the money returned if the 3DSecure code was not used (usually sent via SMS to confirm payment). Responsibility for accepting payments without confirmation lies with the online store.”
Is it possible to return stolen funds?
Since 2024, the law “On the National Payment System” has been in force in Russia. According to it, the bank is obliged to return the stolen money, but subject to a number of conditions on the part of the client. First of all, the client must report the operation no later than 24 hours from the date of receipt of the notification. By law, the bank must return the money if the data was compromised through no fault of the client, that is, he complied with the following conditions:- did not provide card details to fraudsters;
- did not store the PIN code with the card / did not write it down on the card itself;
- didn't allow me to take pictures of my card, etc.
“If fraudsters steal all the card data, plus find out the 3DSecure code, then getting the money back will be extremely problematic. The rules of payment systems in this case place responsibility on the client. If the payment went through without confirmation with a code, then there are definitely chances. Also recently, insurance services against theft from a bank card have become widespread.
In order to minimize the risk of losing money, it is better not to tell anyone over the phone card details and SMS codes, not to enter card data on sites that you do not trust 100%, not to download mobile applications from unverified sources and to use an antivirus. But the best thing is to never keep an amount on a plastic card that is more than what you don’t mind parting with,” advises Denis Kalemberg.
(c) Mikhail Malaev, group "Direct Speech"
