Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 933
- Points
- 113
The safety of the client’s funds, the safety of the bank card and/or its details largely depends on the card holder himself, on his knowledge of the rules for using the card, his compliance with security measures when conducting transactions using the card, as well as awareness of the bank card fraud schemes used criminals.
The most common bank card fraud schemes are the following:
Internet trust fraud is the most common fraud scheme currently used and can look like this:
Leaving the card in the ATM - in this new scheme, scammers allegedly accidentally leave the card in the ATM and ask someone nearby to take it away. After he takes the card, the attacker checks its balance and claims that money has disappeared from his account and forces the person who took out the card to return this amount. The scheme used by the attackers may involve two or three people - one more person will pose as a “witness” to the theft of money from the card. The attacker, pretending to be the victim, will begin to threaten to call the police, justifying this by the fact that someone else’s fingerprints remained on his card, and supposedly it will be easy to prove the alleged loss of money from the card.
In fact, no theft of funds occurs by touching the card; scammers try to get money by intimidating and deceiving the person who happens to be nearby.
Compromise of a PIN code by a bank card holder. This means writing the PIN code directly on the card or on some medium (sheet of paper, notebook, mobile phone) stored with the card. If a bank card is lost or stolen (usually along with a wallet, purse, handbag), then the thief has both the card and the personal code. In this case, it is not at all difficult for fraudsters to unauthorizedly use a bank card to receive cash and/or pay for goods (services).
Friendly Fraud. A family member, close friend, work colleague, having access to the storage location of a bank card, takes it without the permission of its holder, and then, having previously learned the PIN code, uses the card for his own purposes.
Peeking over your shoulder. A fraudster can find out the PIN code of a bank card holder by peeking over his shoulder while he enters his code while making transactions at an ATM or electronic terminal. In this case, special optical devices can be used. The fraudster then steals the card and uses it for his own purposes.
Fake ATMs. Recently, criminals have taken advantage of the rise in the number of ATMs and have begun using “fake” ATMs or attaching specially designed devices to real ATMs.
Fraudsters design and produce fake ATMs, or remake old ones to look like the real thing. They place their ATMs in places such as busy shopping areas where unsuspecting cardholders will try to get money from these fake ATMs. After entering the card and PIN code, a message usually appears on the display of the fake ATM that there is no money in the ATM or that the ATM is not working. By that time, the scammers had already copied the person’s account information and personal identification number from the card’s magnetic stripe.
Copying a magnetic stripe (skimming). This type of fraud involves the use of devices that read information from the magnetic stripe of bank cards when used in electronic devices (ATMs, electronic terminals). Specially manufactured keypads that cover existing keypads of real ATMs/terminals to read sensitive magnetic stripe data and remember PIN codes.
The legal holder of a bank card carries out a transaction by entering a personal identification number (PIN), at which time an additionally installed device reads and writes information on the magnetic stripe. Those. The attackers have the data necessary to further manufacture a counterfeit card and use it for their own purposes.
False PIN-PAD. The cardholder may be asked to enter the PIN code not into a real PIN-PAD (device for entering a PIN code), but into a false device simulating it, which will remember the entered code. Such devices are sometimes installed next to reading sensors designed to enter the premises with an ATM using a bank card as an identifier (electronic key).
Phishing is a modified form of the English words phone and fishing. The term appeared to refer to a scheme as a result of which, through deception, bank card details and PIN code become available. Most often it is used in the form of sending SMS messages about blocking a card, successful completion of a money transfer operation or changing settings, as well as a recommendation to call a mobile phone number to receive instructions on how to unblock a card. Emails sent on behalf of a bank or payment system with a request to confirm the specified confidential information on the organization’s website can also be used. A phishing email might look like this:
From: VISA Service [mailto:VisaService@visa.com]
Sent: date, time
To: card holder
Subject: Attention! Lost VISA credit card database!
Hello, Unfortunately, due to some databases being hacked, Visa has installed a new security system. You should check your balance and if you find any suspicious transactions, contact your issuing bank. If you do not detect any suspicious transactions, this does not mean that the card data is not lost and cannot be used. Your issuing bank may not have updated the information yet. Therefore, we strongly recommend that you visit our website and update your details, otherwise we will not be able to guarantee you the return of stolen funds. Thank you for your attention. Click here to update your details.
Non-electronic phishing - its appearance is due to an increase in the volume of microprocessor cards issued and the program of international payment systems “chip and PIN” associated with this process, i.e. making a purchase at a trade (service) enterprise by mandatory entering a PIN code. Unlike traditional electronic phishing (see above), in non-electronic phishing schemes real trade and service enterprises/bank offices are created or existing ones are used. Payment card holders make purchases of goods, receive services, or withdraw funds from the bank's cash desk. Operations are carried out using bank microprocessor cards and are accompanied by the client entering his PIN code. Employees of fraudulent enterprises secretly copy information from the magnetic stripe of the card and record the personal identification number. Next, the fraudsters make a fake bank card, and funds are withdrawn from the client’s account at ATMs. This type of fraud is common in Turkey, but can also occur in other countries around the world.
Vishing is a type of phishing - voice phishing that uses technology that allows you to automatically collect confidential information, such as card and account numbers. Fraudsters simulate a call from an autoinformer, upon receiving which the holder receives the following information:
Recently, cases of telephone fraud have become more frequent, in which cell phone owners receive SMS messages with false content that lure users to an infected website. The text of the fake SMS message usually informs the user that he has subscribed to a certain paid service, for which a certain amount will be deducted from his account every day, and if he wants to cancel this service, he needs to go to the site. By visiting the site specified in the SMS message, the user activates a Trojan program that infects the computer and thereby gives scammers access to the user’s computer. This type of fraud is called smishing (English: “SMiShing” - a derivative of SMS and “phishing”).
Sniffing (from English to sniff - “sniff out”) is a method of fraud in which an attacker uses an analyzer of passing Internet network traffic (“sniffer”) - a special computer program for intercepting data with the ability to decode and analyze it. Sniffing is especially popular in crowded places, wherever there is a public Wi-Fi network.
“Fraudsters deceive the victim and issue instant cards”
Using social engineering, fraudsters gain access to the victim’s confidential data and personal account of the remote banking application. Next, the scammers use the victim’s app to issue an instant virtual card and receive the virtual card’s PIN code from the victim. From all the victim’s accounts, the scammers transfer money to the account of a new virtual card and go to an ATM, where they cash out all the funds using NFC technology (technology for wireless data exchange between nearby devices): the ATM reads the virtual card data from the scammer’s phone, the scammer enters the PIN code , the ATM dispenses money.
How to protect your funds?
1. DO NOT tell third parties your personal data - codes, passwords, bank card details!
2. DO NOT carry out any actions based on the recommendations of third parties!
3. If you receive a call from unknown persons with questions about your accounts, hang up the phone and CALL THE BANK BACK at the numbers indicated on the back of the card.
“Cheap purchases on marketplaces”
Today it is difficult to find a person who would not order goods remotely through the website of some marketplace or online store. It's fast and convenient. However, in this area too, scammers have figured out how to deceive clients. The essence of the deception scheme is simple: an unscrupulous seller places a tempting advertisement for the sale of goods at very low prices. To purchase a product, the seller offers to write to him in the messenger to send a link to purchase the product. A gullible client receives a link supposedly to purchase a product, but after clicking on this link, the victim’s card is debited and the client does not receive any goods.
When servicing on marketplaces, the Bank recommends:
1. CHECK REVIEWS about the seller’s work!
2. DO NOT CLICK ON LINKS sent by the seller!
3. ALWAYS CHECK YOUR PURCHASE AMOUNT and store name before paying!
(c) https://www.sngb.ru/cards-schemas
The most common bank card fraud schemes are the following:
Internet trust fraud is the most common fraud scheme currently used and can look like this:
- The phone number of the card holder who has placed a public advertisement in a newspaper or on a website about the sale of a particular property receives a call from supposedly potential buyers in order to purchase this property. After which the “potential buyer” offers a convenient form of payment in the form of topping up a bank card, for which he asks to provide him with bank card details such as card number, expiration date, verification code, as well as an additional secret code sent by the bank in an SMS message to his mobile phone. client's phone number when the client performs an operation on the Internet. Having received this information, the “potential buyer” does not perform an operation to replenish the client’s card account, but an operation to transfer/debit funds on the Internet from the holder’s card, for example, to his electronic wallet.
- Fraudsters introduce themselves as the bank's security service and inform the client about a suspicious transaction on his card and about the opportunity to return the money allegedly written off from the card. Or they report a failure in the bank’s system and the need to block the card. To solve the problem, scammers ask for card details and mobile bank passwords. At the same time, attackers using modern technologies use the substitution of phone numbers for official bank numbers , thereby lulling the client’s vigilance.
- Fraudsters report that a certain incident occurred with the client’s bank card or mobile application, and convince them to install applications that supposedly protect funds. Such applications may be programs for remote access and management of the client’s device: TeamViewer, AnyDesk or their analogues. After installing such a program and receiving IDs and access codes, scammers connect to the victim’s device and can control it, view any information, and perform transactions through a mobile bank.
- Fraudsters are actively using the topic of coronavirus infection and people’s state of concern to steal money. Attackers may introduce themselves as employees of the Pension Fund, Rospotrebnadzor and other government or social organizations, inform about the required social payment or financial assistance, thereby forcing them to provide information about the card, codes, passwords from SMS, personal data, or take any actions to receive payments .
Leaving the card in the ATM - in this new scheme, scammers allegedly accidentally leave the card in the ATM and ask someone nearby to take it away. After he takes the card, the attacker checks its balance and claims that money has disappeared from his account and forces the person who took out the card to return this amount. The scheme used by the attackers may involve two or three people - one more person will pose as a “witness” to the theft of money from the card. The attacker, pretending to be the victim, will begin to threaten to call the police, justifying this by the fact that someone else’s fingerprints remained on his card, and supposedly it will be easy to prove the alleged loss of money from the card.
In fact, no theft of funds occurs by touching the card; scammers try to get money by intimidating and deceiving the person who happens to be nearby.
Compromise of a PIN code by a bank card holder. This means writing the PIN code directly on the card or on some medium (sheet of paper, notebook, mobile phone) stored with the card. If a bank card is lost or stolen (usually along with a wallet, purse, handbag), then the thief has both the card and the personal code. In this case, it is not at all difficult for fraudsters to unauthorizedly use a bank card to receive cash and/or pay for goods (services).
Friendly Fraud. A family member, close friend, work colleague, having access to the storage location of a bank card, takes it without the permission of its holder, and then, having previously learned the PIN code, uses the card for his own purposes.
Peeking over your shoulder. A fraudster can find out the PIN code of a bank card holder by peeking over his shoulder while he enters his code while making transactions at an ATM or electronic terminal. In this case, special optical devices can be used. The fraudster then steals the card and uses it for his own purposes.
Fake ATMs. Recently, criminals have taken advantage of the rise in the number of ATMs and have begun using “fake” ATMs or attaching specially designed devices to real ATMs.
Fraudsters design and produce fake ATMs, or remake old ones to look like the real thing. They place their ATMs in places such as busy shopping areas where unsuspecting cardholders will try to get money from these fake ATMs. After entering the card and PIN code, a message usually appears on the display of the fake ATM that there is no money in the ATM or that the ATM is not working. By that time, the scammers had already copied the person’s account information and personal identification number from the card’s magnetic stripe.
Copying a magnetic stripe (skimming). This type of fraud involves the use of devices that read information from the magnetic stripe of bank cards when used in electronic devices (ATMs, electronic terminals). Specially manufactured keypads that cover existing keypads of real ATMs/terminals to read sensitive magnetic stripe data and remember PIN codes.
The legal holder of a bank card carries out a transaction by entering a personal identification number (PIN), at which time an additionally installed device reads and writes information on the magnetic stripe. Those. The attackers have the data necessary to further manufacture a counterfeit card and use it for their own purposes.
False PIN-PAD. The cardholder may be asked to enter the PIN code not into a real PIN-PAD (device for entering a PIN code), but into a false device simulating it, which will remember the entered code. Such devices are sometimes installed next to reading sensors designed to enter the premises with an ATM using a bank card as an identifier (electronic key).
Phishing is a modified form of the English words phone and fishing. The term appeared to refer to a scheme as a result of which, through deception, bank card details and PIN code become available. Most often it is used in the form of sending SMS messages about blocking a card, successful completion of a money transfer operation or changing settings, as well as a recommendation to call a mobile phone number to receive instructions on how to unblock a card. Emails sent on behalf of a bank or payment system with a request to confirm the specified confidential information on the organization’s website can also be used. A phishing email might look like this:
From: VISA Service [mailto:VisaService@visa.com]
Sent: date, time
To: card holder
Subject: Attention! Lost VISA credit card database!
Hello, Unfortunately, due to some databases being hacked, Visa has installed a new security system. You should check your balance and if you find any suspicious transactions, contact your issuing bank. If you do not detect any suspicious transactions, this does not mean that the card data is not lost and cannot be used. Your issuing bank may not have updated the information yet. Therefore, we strongly recommend that you visit our website and update your details, otherwise we will not be able to guarantee you the return of stolen funds. Thank you for your attention. Click here to update your details.
Non-electronic phishing - its appearance is due to an increase in the volume of microprocessor cards issued and the program of international payment systems “chip and PIN” associated with this process, i.e. making a purchase at a trade (service) enterprise by mandatory entering a PIN code. Unlike traditional electronic phishing (see above), in non-electronic phishing schemes real trade and service enterprises/bank offices are created or existing ones are used. Payment card holders make purchases of goods, receive services, or withdraw funds from the bank's cash desk. Operations are carried out using bank microprocessor cards and are accompanied by the client entering his PIN code. Employees of fraudulent enterprises secretly copy information from the magnetic stripe of the card and record the personal identification number. Next, the fraudsters make a fake bank card, and funds are withdrawn from the client’s account at ATMs. This type of fraud is common in Turkey, but can also occur in other countries around the world.
Vishing is a type of phishing - voice phishing that uses technology that allows you to automatically collect confidential information, such as card and account numbers. Fraudsters simulate a call from an autoinformer, upon receiving which the holder receives the following information:
- the answering machine warns that fraudulent activities are being carried out with his card and gives instructions to call a specific number back immediately;
- an attacker who receives calls at the number specified by the answering machine often introduces himself with a fictitious name on behalf of a financial organization and identifies the client, allowing him to find out the personal data of the client and card;
- or at the other end of the line there is an answering machine informing that the person must undergo data verification and also enter a 16-digit card number from the telephone keypad;
- as soon as all the necessary data is received, vishers become the owners of information (phone number, full name, address) that can be used to carry out transactions on the Internet;
- Then, using the information obtained during the first call, additional information can be collected, such as PIN code, card expiration date, bank account number, etc., which allows you to create a counterfeit card for use in physical devices.
Recently, cases of telephone fraud have become more frequent, in which cell phone owners receive SMS messages with false content that lure users to an infected website. The text of the fake SMS message usually informs the user that he has subscribed to a certain paid service, for which a certain amount will be deducted from his account every day, and if he wants to cancel this service, he needs to go to the site. By visiting the site specified in the SMS message, the user activates a Trojan program that infects the computer and thereby gives scammers access to the user’s computer. This type of fraud is called smishing (English: “SMiShing” - a derivative of SMS and “phishing”).
Sniffing (from English to sniff - “sniff out”) is a method of fraud in which an attacker uses an analyzer of passing Internet network traffic (“sniffer”) - a special computer program for intercepting data with the ability to decode and analyze it. Sniffing is especially popular in crowded places, wherever there is a public Wi-Fi network.
“Fraudsters deceive the victim and issue instant cards”
Using social engineering, fraudsters gain access to the victim’s confidential data and personal account of the remote banking application. Next, the scammers use the victim’s app to issue an instant virtual card and receive the virtual card’s PIN code from the victim. From all the victim’s accounts, the scammers transfer money to the account of a new virtual card and go to an ATM, where they cash out all the funds using NFC technology (technology for wireless data exchange between nearby devices): the ATM reads the virtual card data from the scammer’s phone, the scammer enters the PIN code , the ATM dispenses money.
How to protect your funds?
1. DO NOT tell third parties your personal data - codes, passwords, bank card details!
2. DO NOT carry out any actions based on the recommendations of third parties!
3. If you receive a call from unknown persons with questions about your accounts, hang up the phone and CALL THE BANK BACK at the numbers indicated on the back of the card.
“Cheap purchases on marketplaces”
Today it is difficult to find a person who would not order goods remotely through the website of some marketplace or online store. It's fast and convenient. However, in this area too, scammers have figured out how to deceive clients. The essence of the deception scheme is simple: an unscrupulous seller places a tempting advertisement for the sale of goods at very low prices. To purchase a product, the seller offers to write to him in the messenger to send a link to purchase the product. A gullible client receives a link supposedly to purchase a product, but after clicking on this link, the victim’s card is debited and the client does not receive any goods.
When servicing on marketplaces, the Bank recommends:
1. CHECK REVIEWS about the seller’s work!
2. DO NOT CLICK ON LINKS sent by the seller!
3. ALWAYS CHECK YOUR PURCHASE AMOUNT and store name before paying!
(c) https://www.sngb.ru/cards-schemas
