Mutt
Professional
- Messages
- 1,458
- Reaction score
- 1,070
- Points
- 113
Contents
Card fraud has already become so widespread that it will no longer be possible to dismiss it, referring to isolated cases of theft of funds from the card. The number of fraudulent methods (already known - old and new, gaining popularity in a fraudulent environment) and the number of defrauded bank card holders is constantly growing. And in order not to become a victim of deception, you must, as they say, know your enemy in person. This review will show popular and rare schemes of fraud with bank cards, which will be constantly updated, including with the help of visitors to the Finance for People website (we are counting on this). We will also pay attention to the reasons that lead to the theft of the cards themselves or money from them, as a rule,
How do card fraudsters work? And how can we prevent this?
Before introducing you to various types of modern plastic card fraud, I would like to say a few words about how this happens and why is all this possible? In total, there are two types of criminal actions that lead to the theft of money from our card accounts. The first option is without our participation, when data about our cards (their details) are stolen en masse from the servers of banks, online stores, online services, etc. This is rarely done by lone hackers, as a rule, organized criminal groups (OCGs) or cybercriminals are involved. The card details are then sold on the “black markets” on the Internet, and the money is cashed (“laundered”) at the expense of, for example, bays on the card (we will talk about this later).
The second option is with our, so to speak, direct "help". The initiators here are lone scammers. Usually they use very effective methods of social engineering (a method of managing human actions based on the use of the weaknesses of the human factor), i.e. due to various tricks or gimmicks, they affect the "weak" points in the human psyche. There is no need to hack something (use technical means), since a competently processed person will give the information necessary to the offender himself, and even thank you for it.
Why do people fall for such tricks? This is due to the catastrophically low level of financial literacy (but, thank God, they began to deal with it at the state level), ignoring the rules for the safe use of bank cards when paying with them in ordinary stores, on the Internet, or when withdrawing funds from them at ATMs, etc. We, in the bulk, are very irresponsible towards such a modern banking product as a plastic card, and we ourselves get caught up in it.
If someone found out (stole) the data from your card, or your bank suspects such actions, then the card is considered compromised, and the bank may well block it. You should not worry in this case, because, thus, the bank is trying to protect your own money, although sometimes it overdoes it too much.
How else do banks and the state, represented by the main financial regulator - the Central Bank, take care of our safety. For example, various brochures and articles are produced to promote the “correct” use of card products. And one of the most effective measures was taken by the Central Bank, when all banks were prohibited from issuing cards without a chip, only with a magnetic stripe. As you know, the latter are much less secure than chip cards, allowing attackers to read information from the magnetic stripe (skimming) and use it to steal funds from the account. Bank, for example, has been issuing only chip cards since 2013, which greatly complicates the life of Internet thieves.
There is also a great offer from banks in conjunction with international payment systems Visa and MasterCard - this is the PayWave / PayPass contactless payment technology. Cards equipped with this technology allow you to pay for goods and services without entering a pin code (up to some money) and contacting the card with a payment terminal, which is much safer than conventional plastic. Many banks already offer such cards - pay attention to them. The future, in general, belongs to such contactless technologies, now you can pay for purchases in this way from smartphones with built-in NFC chips (by analogy with a card).
Cardholders are advised to use a number of recommendations to protect a bank card from fraudsters and adhere to the basic rules when paying with a card via the Internet.
Methods (types) of fraud with bank cards
Theft of bank cards
There have always been scammers who have stolen and will steal valuables in such a banal way. Your wallet was stolen, and there are several of your cards in it, including credit cards. Well, if all the cards are with a chip, then the offender will need to find out the pin code (we hope that it is not written on the card itself or on a piece of paper that is carefully put into the wallet), without which you cannot pay for the goods in the store, and the money at the ATM is not take off. But if there is an old-style card (with a magnetic stripe), then nothing can be done, it can be cashed in a store by buying any product.
By the way, if the card supports PayPass or PayWave instant payment technology, then a purchase worth up to some money can be made without problems (more than - only with the introduction of a pin code). Still, the card is not money, but just a piece of plastic, which is the "key" to your money, and it can be quickly blocked. How to act if your card is stolen and how to prevent this, read the corresponding article.
This method also includes theft of data from bank cards from the servers of banks, shops, etc., which we have already talked about, but, unfortunately, nothing depends on us here. The only way to counteract this is to insure the risks of theft of the card and its data (risks of its compromise).
Technical tricks
Fraudsters have come up with many tricks that are based on the use of various technical gadgets: the simplest and very complex, but quite effective.
Skimming
The classic method of deception, which is gradually becoming a thing of the past with the advent of cards with a chip, but nevertheless it is still relevant. Attackers use special devices to steal data - skimmers, which are discreetly attached to the ATM card reader and copy data from the magnetic stripe of the card when the card is inserted into the card reader slot. An ATM machine with a sticky skimmer is difficult for a layman to distinguish from original equipment - the same relief and color. The scammers' arsenal includes an overhead keyboard or a miniature camera required to read / spy on the entered pin code. The copied data is "uploaded" to a blank card, from which any amount is withdrawn from the card using the peeped pin-code (within the available limits, of course). Details about skimming and how to recognize it can be found in our article .
Shimming is a technically advanced form of skimming. In this case, the thinnest flexible board ("shim") is inserted into the card collector using a special carrier card. A thin "shim" the size of a human hair connects to the pins that read data from the card's magnetic stripe. After removing the carrier card, the fraudulent device remains in the ATM and begins its "work" to read data from the cards inserted into the ATM card reader. Further actions for criminals are the same as in the case of classic shimming.
Skimming in shops and restaurants
This type of fraud is a variant of the previous one, the only difference is that the seller or the waiter rolls your card on a special miniature manual skimmer. A pin code or other card details are easily recorded on a video camera, after which a clone of your card is also made and money is withdrawn from it. Read the rest of the details and how to protect yourself from skimming in stores.
Repeated (double) debiting from the card
Not so often, but it still happens when you pay twice for a purchase you made with your card. It's good if you have a service connected SMS-informing (it is not that expensive, but extremely useful and informative), and they learned about it in a timely manner and began to take appropriate measures. Otherwise, you just donate your money to the store (do you have extra money?). Such a problem may arise due to a technical problem on the side of the store (a problem with the terminal or a human factor - a seller's mistake), an acquiring bank serving the store, or a payment system (an error in the processing center). This may also be a deliberate action by the seller, although he is unlikely to receive anything from this, the payments are non-cash. Most likely, these are accidental actions due to inexperience or inattention, the very human factor. How to protect yourself from repeated write-offs and get your money back, read in this article.
Sniffering (sniffing and intercepting data)
Fraudsters practice data interception in crowded places (restaurants, cafes, train stations, etc.) using a network traffic analyzer (sniffer, from the English word to sniff) - a special computer program for intercepting packet data , their decoding and analysis. Free and public Wi-Fi is the perfect place to fall prey to an intruder. Fraudsters can intercept any of your data, including passwords for payment accounts and payment details of your card, if you suddenly decide to pay with it in an online store, and the connection was not properly protected. How to protect yourself from such a misfortune?
ATM tape method
Cheap but effective. A person approaches an ATM, wanting to withdraw money from his card, inserts the card into the card reader and types a pin code on the keyboard. From the side of the dispenser (a device for issuing money) a characteristic rustle is heard, but for some reason the money is not visible. The person “writes off” this to a malfunction of the ATM, shrugs his shoulders, takes out his card and goes to another ATM. What's the bottom line? The money was actually withdrawn from the card and even the ATM issued it, but in reality it stuck to the double-sided tape stuck in the dispenser by a fraudster who will take out the money for you. If something like this happened to you, and besides, the ATM gave you a check, then do not rush to leave it. See what to do in such cases in this article.
Lebanese loop
The same simplest method as the previous one, but only in this case the card is captured, not the money. An attacker places a so-called "Lebanese loop", a film trap in the form of a pocket or an envelope, into the ATM card reader in advance. When a person inserts a card into an ATM, then in reality he inserts it into a pre-prepared "envelope" made of film, in which it gets stuck. The fraudster, after the person leaves the ATM in bewilderment, takes out the envelope along with the card. For details of the device of this method and how to protect yourself from it, see its similar description.
Phantom ATM
Not such a popular method of card fraud due to its "scale" and high cost. Instead of a real ATM, fraudsters can build a plastic frame with a skimmer built into it. From the inserted card into the card reader, all the necessary information can be read for its subsequent cashing (see about skimming) and at the same time the attackers will find out your PIN-code typed on the "pseudo-keyboard". Alternatively, the ATM may swallow and not return the card at all. Read more about the phantom ATM here, there are also tips on how not to get into such a scam.
Data theft using viruses (trojans)
A very dangerous type of technically perfect fraud, when a smartphone or computer is "infected" with a virus program, for example, a Trojan. This is such a clever "digital pest" that it can not only spoil the data on your computer or "steal" valuable information, but also act on behalf of the owner of the phone (or else there will be!).
For example, you installed a free program with GooglePlay on your android, and along with it, a virus entered your smartphone. Your phone number is linked to the card, i.e. the mobile bank service is connected to your phone. So, a Trojan that you accidentally installed can, using SMS banking commands, find out your balance, send an SMS command to transfer from your card to another, and independently respond by SMS to a message confirming the operation. Moreover, the owner of the smartphone may not see any signs of activity, the virus will simply hide them from him, or he will see them, but it will be too late.
Many clients of bank (and not only him) have come across such fraud, I am glad that the maximum daily transfer limit through the Sberbank mobile bank is 8 thousand rubles, otherwise the virus would have removed all savings.
Alternatively, the virus can transfer money from your card account to the account of a certain cell number, and then the scammers will cash out this account. How to protect yourself from such problems, study the material on the above link.
Duplicate SIM card
Knowing your card number in order to withdraw money from it is not enough (is it really so?), Usually any operation is accompanied by additional identification of the cardholder (3-D Secure), when the bank sends a one-time password to the phone number attached to the card, and the cardholder must confirm this password by entering it in the appropriate form. Thus, any operation with a card (on the Internet or through a mobile bank) is impossible without access to the phone associated with it.
What are the attackers doing? They go to a cellular salon and make a duplicate SIM card. Just like that, without the passport of the owner of the SIM card, a duplicate cannot be made, therefore there is a criminal conspiracy of fraudsters and sellers of a cellular salon. After creating a duplicate, access to the "attacked" card is blocked.
To steal money from a card through the commands of a mobile bank, it is not even necessary to know the card number, see, for example, with which commands you can pay for cellular communications from bank cards. And if the criminal already knows the card details (for example, he peeped them), then having made a duplicate, he can transfer a large amount of funds to his accounts via the Internet bank and look for the wind in the field. Do not forget that with the help of your cellular phone, an attacker will be able to gain access to mail accounts, and they are also payment accounts.
This is a very insidious fraud, so it is better to adhere to certain recommendations so as not to fall for it, follow the same link for a more detailed description of the fraud.
Methods of influencing the psyche and the human factor (social engineering)
The main protection against the following methods of card fraud is knowledge (including financial literacy), personal experience and the experience of other people who have fallen into such divorces. We are helped by numerous cases of deception, which are described in a huge number of reviews on the Internet, as well as many articles that reveal the tricks of small bandits. It is better if we learn not from our own, but from someone else's, albeit bitter, experience.
SMS fraud
A typical example of SMS fraud is receiving an SMS message from an alleged bank number about the blocking of funds on your card due to an attempt to unauthorized access to them, with a recommendation to call the number given in this message. By phone, you will be informed that to unblock the money on the card account, you must transfer its details: card number, full name, expiration date and a three-digit secret code on the back of the plastic (CVV / CVC). Thus, the unlucky cardholder, in order to save his money, transfers all important data - he is not given time to think and analyze the situation, which is the calculation of cunning intruders. Moreover, the scammers will also ask to dictate to them the password that came to the victim's cell phone (and this is the same one-time password, which they need to confirm the operation of transferring money from the attacked card). If a person is not blind, then in the received SMS he will see a phrase about the inadmissibility of transferring a one-time password to an unauthorized person. But he will read it only later, when he realizes that a decent amount has been taken from his card account (well, if not all).
Usually, after such cases, people begin to figure out what's what, but it happens that they repeatedly fall for the same divorce.
What other tricks do dishonest people go to in order to lure money from cardholders with the help of SMS messages, and how to prevent this.
Phishing
A very common type of fraud, when, for example, an Internet user is “shoved” a pseudo-site of his Internet bank, which is very similar to the original, on which they will try to extract (catch) his card data in every way. Hence the name of this method of fraud, translated from English. "Fishing" is fishing.
In the form of an attachment, the same methods of social engineering are used as in the previous method, the main thing is that the person goes to a fake site and believes that he is on the original resource. A link to such fake sites may contain, for example, an e-mail from a fraudster, made in a typical bank form (colors, logo, etc.), and the text will encourage you to follow it, scaring you with possible problems with money on your card accounts.
At the same time, the names of such sites are outwardly similar, but still slightly differ. Find, for example, the differences between the original name of the site sberbank.ru and the pseudo site sbepbank.ru. As you can see, the differences are not so easy for the "inexperienced" eye to notice.
Find out more about this scam and how to avoid being caught by internet thieves (phishers).
Firstly, he violates the law, and if he is caught, and this will not be too much for the relevant labor authorities, then you can get a real term of up to 7 years.
Secondly, he runs the risk of getting caught by a pseudo-filler who will fraudulently lure an advance payment from the victim and hide with the money received. Basically, advertisements about the gulf are put on the map by just pseudo-fillers, and the real representatives of this illegal business are silent like a fish, and work only with trusted people. That is why so often people are caught in the hope of making decent money by providing their card for the bay and closing their financial holes, but in reality they are deprived of their last money.
To have a complete understanding of bank card transfers, check out our article detailing this cheating method. There is also information about the measures that must be taken if you are dragged into this adventure.
Fraudulent buyers and fraudulent sellers on message boards (including eBay)
Fraudulent sellers act quite simply - they ask to transfer the advance payment to their card, and this is where the contact with the seller ends. It evaporates without a trace. Keep in mind that it will no longer be possible to return the money transferred by you through the bank, since you transferred it of your own free will.
But the fraudulent buyer is already a more cunning beast. Such people offer to transfer an advance payment for the goods and beg from an unsuspecting victim for all the card details (although only its number is sufficient for the transfer). Moreover, they have the audacity to call again and ask for the one-time password that comes to the victim's phone, which suggests that the fraudsters are already halfway to their goal of stealing money from the card account. We've covered several deception scenarios in our roundup of this common deception and how to protect yourself from such phantom buyers. Read on and don't fall for these scams.
You may be aware of other types of card fraud. Therefore, write about them in the comments, and together we will try to collect as many cases of card fraud as possible. Forewarned is forearmed!
- 1. How do card fraudsters work? And how can we prevent this?
- 2. Methods (types) of fraud with bank cards
- 2.1 Theft of bank cards
- 3. Technical tricks
- 3.1 Skimming
- 3.2 Skimming in shops and restaurants
- 3.3 Repeated (double) debit from the card
- 3.4 Sniffering (sniffing and intercepting data)
- 3.5 ATM tape method
- 3.6 Lebanese loop
- 3.7 Phantom ATM
- 3.8 Data theft using viruses (Trojans)
- 3.9 Creating a duplicate SIM card
- 4 Methods of influencing the psyche and the human factor (social engineering)
- 4.1 SMS fraud
- 4.2 Phishing
- 4.3 Transfer on the card
- 4.4 Fraudulent buyers and fraudulent sellers on message boards (including eBay)
Card fraud has already become so widespread that it will no longer be possible to dismiss it, referring to isolated cases of theft of funds from the card. The number of fraudulent methods (already known - old and new, gaining popularity in a fraudulent environment) and the number of defrauded bank card holders is constantly growing. And in order not to become a victim of deception, you must, as they say, know your enemy in person. This review will show popular and rare schemes of fraud with bank cards, which will be constantly updated, including with the help of visitors to the Finance for People website (we are counting on this). We will also pay attention to the reasons that lead to the theft of the cards themselves or money from them, as a rule,
How do card fraudsters work? And how can we prevent this?
Before introducing you to various types of modern plastic card fraud, I would like to say a few words about how this happens and why is all this possible? In total, there are two types of criminal actions that lead to the theft of money from our card accounts. The first option is without our participation, when data about our cards (their details) are stolen en masse from the servers of banks, online stores, online services, etc. This is rarely done by lone hackers, as a rule, organized criminal groups (OCGs) or cybercriminals are involved. The card details are then sold on the “black markets” on the Internet, and the money is cashed (“laundered”) at the expense of, for example, bays on the card (we will talk about this later).
The second option is with our, so to speak, direct "help". The initiators here are lone scammers. Usually they use very effective methods of social engineering (a method of managing human actions based on the use of the weaknesses of the human factor), i.e. due to various tricks or gimmicks, they affect the "weak" points in the human psyche. There is no need to hack something (use technical means), since a competently processed person will give the information necessary to the offender himself, and even thank you for it.
Why do people fall for such tricks? This is due to the catastrophically low level of financial literacy (but, thank God, they began to deal with it at the state level), ignoring the rules for the safe use of bank cards when paying with them in ordinary stores, on the Internet, or when withdrawing funds from them at ATMs, etc. We, in the bulk, are very irresponsible towards such a modern banking product as a plastic card, and we ourselves get caught up in it.
If someone found out (stole) the data from your card, or your bank suspects such actions, then the card is considered compromised, and the bank may well block it. You should not worry in this case, because, thus, the bank is trying to protect your own money, although sometimes it overdoes it too much.
How else do banks and the state, represented by the main financial regulator - the Central Bank, take care of our safety. For example, various brochures and articles are produced to promote the “correct” use of card products. And one of the most effective measures was taken by the Central Bank, when all banks were prohibited from issuing cards without a chip, only with a magnetic stripe. As you know, the latter are much less secure than chip cards, allowing attackers to read information from the magnetic stripe (skimming) and use it to steal funds from the account. Bank, for example, has been issuing only chip cards since 2013, which greatly complicates the life of Internet thieves.
There is also a great offer from banks in conjunction with international payment systems Visa and MasterCard - this is the PayWave / PayPass contactless payment technology. Cards equipped with this technology allow you to pay for goods and services without entering a pin code (up to some money) and contacting the card with a payment terminal, which is much safer than conventional plastic. Many banks already offer such cards - pay attention to them. The future, in general, belongs to such contactless technologies, now you can pay for purchases in this way from smartphones with built-in NFC chips (by analogy with a card).
Cardholders are advised to use a number of recommendations to protect a bank card from fraudsters and adhere to the basic rules when paying with a card via the Internet.
Methods (types) of fraud with bank cards
Theft of bank cards
There have always been scammers who have stolen and will steal valuables in such a banal way. Your wallet was stolen, and there are several of your cards in it, including credit cards. Well, if all the cards are with a chip, then the offender will need to find out the pin code (we hope that it is not written on the card itself or on a piece of paper that is carefully put into the wallet), without which you cannot pay for the goods in the store, and the money at the ATM is not take off. But if there is an old-style card (with a magnetic stripe), then nothing can be done, it can be cashed in a store by buying any product.
By the way, if the card supports PayPass or PayWave instant payment technology, then a purchase worth up to some money can be made without problems (more than - only with the introduction of a pin code). Still, the card is not money, but just a piece of plastic, which is the "key" to your money, and it can be quickly blocked. How to act if your card is stolen and how to prevent this, read the corresponding article.
This method also includes theft of data from bank cards from the servers of banks, shops, etc., which we have already talked about, but, unfortunately, nothing depends on us here. The only way to counteract this is to insure the risks of theft of the card and its data (risks of its compromise).
Technical tricks
Fraudsters have come up with many tricks that are based on the use of various technical gadgets: the simplest and very complex, but quite effective.
Skimming
The classic method of deception, which is gradually becoming a thing of the past with the advent of cards with a chip, but nevertheless it is still relevant. Attackers use special devices to steal data - skimmers, which are discreetly attached to the ATM card reader and copy data from the magnetic stripe of the card when the card is inserted into the card reader slot. An ATM machine with a sticky skimmer is difficult for a layman to distinguish from original equipment - the same relief and color. The scammers' arsenal includes an overhead keyboard or a miniature camera required to read / spy on the entered pin code. The copied data is "uploaded" to a blank card, from which any amount is withdrawn from the card using the peeped pin-code (within the available limits, of course). Details about skimming and how to recognize it can be found in our article .
Shimming is a technically advanced form of skimming. In this case, the thinnest flexible board ("shim") is inserted into the card collector using a special carrier card. A thin "shim" the size of a human hair connects to the pins that read data from the card's magnetic stripe. After removing the carrier card, the fraudulent device remains in the ATM and begins its "work" to read data from the cards inserted into the ATM card reader. Further actions for criminals are the same as in the case of classic shimming.
Skimming in shops and restaurants
This type of fraud is a variant of the previous one, the only difference is that the seller or the waiter rolls your card on a special miniature manual skimmer. A pin code or other card details are easily recorded on a video camera, after which a clone of your card is also made and money is withdrawn from it. Read the rest of the details and how to protect yourself from skimming in stores.
Repeated (double) debiting from the card
Not so often, but it still happens when you pay twice for a purchase you made with your card. It's good if you have a service connected SMS-informing (it is not that expensive, but extremely useful and informative), and they learned about it in a timely manner and began to take appropriate measures. Otherwise, you just donate your money to the store (do you have extra money?). Such a problem may arise due to a technical problem on the side of the store (a problem with the terminal or a human factor - a seller's mistake), an acquiring bank serving the store, or a payment system (an error in the processing center). This may also be a deliberate action by the seller, although he is unlikely to receive anything from this, the payments are non-cash. Most likely, these are accidental actions due to inexperience or inattention, the very human factor. How to protect yourself from repeated write-offs and get your money back, read in this article.
Sniffering (sniffing and intercepting data)
Fraudsters practice data interception in crowded places (restaurants, cafes, train stations, etc.) using a network traffic analyzer (sniffer, from the English word to sniff) - a special computer program for intercepting packet data , their decoding and analysis. Free and public Wi-Fi is the perfect place to fall prey to an intruder. Fraudsters can intercept any of your data, including passwords for payment accounts and payment details of your card, if you suddenly decide to pay with it in an online store, and the connection was not properly protected. How to protect yourself from such a misfortune?
ATM tape method
Cheap but effective. A person approaches an ATM, wanting to withdraw money from his card, inserts the card into the card reader and types a pin code on the keyboard. From the side of the dispenser (a device for issuing money) a characteristic rustle is heard, but for some reason the money is not visible. The person “writes off” this to a malfunction of the ATM, shrugs his shoulders, takes out his card and goes to another ATM. What's the bottom line? The money was actually withdrawn from the card and even the ATM issued it, but in reality it stuck to the double-sided tape stuck in the dispenser by a fraudster who will take out the money for you. If something like this happened to you, and besides, the ATM gave you a check, then do not rush to leave it. See what to do in such cases in this article.
Lebanese loop
The same simplest method as the previous one, but only in this case the card is captured, not the money. An attacker places a so-called "Lebanese loop", a film trap in the form of a pocket or an envelope, into the ATM card reader in advance. When a person inserts a card into an ATM, then in reality he inserts it into a pre-prepared "envelope" made of film, in which it gets stuck. The fraudster, after the person leaves the ATM in bewilderment, takes out the envelope along with the card. For details of the device of this method and how to protect yourself from it, see its similar description.
Phantom ATM
Not such a popular method of card fraud due to its "scale" and high cost. Instead of a real ATM, fraudsters can build a plastic frame with a skimmer built into it. From the inserted card into the card reader, all the necessary information can be read for its subsequent cashing (see about skimming) and at the same time the attackers will find out your PIN-code typed on the "pseudo-keyboard". Alternatively, the ATM may swallow and not return the card at all. Read more about the phantom ATM here, there are also tips on how not to get into such a scam.
Data theft using viruses (trojans)
A very dangerous type of technically perfect fraud, when a smartphone or computer is "infected" with a virus program, for example, a Trojan. This is such a clever "digital pest" that it can not only spoil the data on your computer or "steal" valuable information, but also act on behalf of the owner of the phone (or else there will be!).
For example, you installed a free program with GooglePlay on your android, and along with it, a virus entered your smartphone. Your phone number is linked to the card, i.e. the mobile bank service is connected to your phone. So, a Trojan that you accidentally installed can, using SMS banking commands, find out your balance, send an SMS command to transfer from your card to another, and independently respond by SMS to a message confirming the operation. Moreover, the owner of the smartphone may not see any signs of activity, the virus will simply hide them from him, or he will see them, but it will be too late.
Many clients of bank (and not only him) have come across such fraud, I am glad that the maximum daily transfer limit through the Sberbank mobile bank is 8 thousand rubles, otherwise the virus would have removed all savings.
Alternatively, the virus can transfer money from your card account to the account of a certain cell number, and then the scammers will cash out this account. How to protect yourself from such problems, study the material on the above link.
Duplicate SIM card
Knowing your card number in order to withdraw money from it is not enough (is it really so?), Usually any operation is accompanied by additional identification of the cardholder (3-D Secure), when the bank sends a one-time password to the phone number attached to the card, and the cardholder must confirm this password by entering it in the appropriate form. Thus, any operation with a card (on the Internet or through a mobile bank) is impossible without access to the phone associated with it.
What are the attackers doing? They go to a cellular salon and make a duplicate SIM card. Just like that, without the passport of the owner of the SIM card, a duplicate cannot be made, therefore there is a criminal conspiracy of fraudsters and sellers of a cellular salon. After creating a duplicate, access to the "attacked" card is blocked.
To steal money from a card through the commands of a mobile bank, it is not even necessary to know the card number, see, for example, with which commands you can pay for cellular communications from bank cards. And if the criminal already knows the card details (for example, he peeped them), then having made a duplicate, he can transfer a large amount of funds to his accounts via the Internet bank and look for the wind in the field. Do not forget that with the help of your cellular phone, an attacker will be able to gain access to mail accounts, and they are also payment accounts.
This is a very insidious fraud, so it is better to adhere to certain recommendations so as not to fall for it, follow the same link for a more detailed description of the fraud.
Methods of influencing the psyche and the human factor (social engineering)
The main protection against the following methods of card fraud is knowledge (including financial literacy), personal experience and the experience of other people who have fallen into such divorces. We are helped by numerous cases of deception, which are described in a huge number of reviews on the Internet, as well as many articles that reveal the tricks of small bandits. It is better if we learn not from our own, but from someone else's, albeit bitter, experience.
SMS fraud
A typical example of SMS fraud is receiving an SMS message from an alleged bank number about the blocking of funds on your card due to an attempt to unauthorized access to them, with a recommendation to call the number given in this message. By phone, you will be informed that to unblock the money on the card account, you must transfer its details: card number, full name, expiration date and a three-digit secret code on the back of the plastic (CVV / CVC). Thus, the unlucky cardholder, in order to save his money, transfers all important data - he is not given time to think and analyze the situation, which is the calculation of cunning intruders. Moreover, the scammers will also ask to dictate to them the password that came to the victim's cell phone (and this is the same one-time password, which they need to confirm the operation of transferring money from the attacked card). If a person is not blind, then in the received SMS he will see a phrase about the inadmissibility of transferring a one-time password to an unauthorized person. But he will read it only later, when he realizes that a decent amount has been taken from his card account (well, if not all).
Usually, after such cases, people begin to figure out what's what, but it happens that they repeatedly fall for the same divorce.
What other tricks do dishonest people go to in order to lure money from cardholders with the help of SMS messages, and how to prevent this.
Phishing
A very common type of fraud, when, for example, an Internet user is “shoved” a pseudo-site of his Internet bank, which is very similar to the original, on which they will try to extract (catch) his card data in every way. Hence the name of this method of fraud, translated from English. "Fishing" is fishing.
In the form of an attachment, the same methods of social engineering are used as in the previous method, the main thing is that the person goes to a fake site and believes that he is on the original resource. A link to such fake sites may contain, for example, an e-mail from a fraudster, made in a typical bank form (colors, logo, etc.), and the text will encourage you to follow it, scaring you with possible problems with money on your card accounts.
At the same time, the names of such sites are outwardly similar, but still slightly differ. Find, for example, the differences between the original name of the site sberbank.ru and the pseudo site sbepbank.ru. As you can see, the differences are not so easy for the "inexperienced" eye to notice.
Find out more about this scam and how to avoid being caught by internet thieves (phishers).
Transfer on the card
The well-known method of "laundering" (cashing out) dirty money stolen from bank accounts is based on the scheme of transferring (gulf) to a person's card ("drop" - in fraudulent terminology), who agreed to withdraw the money credited to him for a decent fee and give it to a certain person. Having bought into such offers, a person risks twice.Firstly, he violates the law, and if he is caught, and this will not be too much for the relevant labor authorities, then you can get a real term of up to 7 years.
Secondly, he runs the risk of getting caught by a pseudo-filler who will fraudulently lure an advance payment from the victim and hide with the money received. Basically, advertisements about the gulf are put on the map by just pseudo-fillers, and the real representatives of this illegal business are silent like a fish, and work only with trusted people. That is why so often people are caught in the hope of making decent money by providing their card for the bay and closing their financial holes, but in reality they are deprived of their last money.
To have a complete understanding of bank card transfers, check out our article detailing this cheating method. There is also information about the measures that must be taken if you are dragged into this adventure.
Fraudulent buyers and fraudulent sellers on message boards (including eBay)
Fraudulent sellers act quite simply - they ask to transfer the advance payment to their card, and this is where the contact with the seller ends. It evaporates without a trace. Keep in mind that it will no longer be possible to return the money transferred by you through the bank, since you transferred it of your own free will.
But the fraudulent buyer is already a more cunning beast. Such people offer to transfer an advance payment for the goods and beg from an unsuspecting victim for all the card details (although only its number is sufficient for the transfer). Moreover, they have the audacity to call again and ask for the one-time password that comes to the victim's phone, which suggests that the fraudsters are already halfway to their goal of stealing money from the card account. We've covered several deception scenarios in our roundup of this common deception and how to protect yourself from such phantom buyers. Read on and don't fall for these scams.
You may be aware of other types of card fraud. Therefore, write about them in the comments, and together we will try to collect as many cases of card fraud as possible. Forewarned is forearmed!
