Fraudsters who stole money from VIP-clients of banks using clones of SIM-cards detained

[Tomcat]

The Interior Ministry and Group-IB have detained the organizers of a criminal group specializing in reissuing SIM cards and stealing money from clients of Russian banks. The group operated for several years, the damage from its activities is estimated at tens of millions of rubles, and even those who were in prison became victims of fraudsters.

Researchers at Group-IB remind that the peak of SIM card reissuance scams occurred in 2017-2018 - attackers hacked Instagram accounts, instant messengers, mailboxes of famous bloggers, entrepreneurs, show business and sports stars, and then extorted a ransom to get access back ... Also, such attacks are often used to steal large amounts of cryptocurrency and from the victims' bank accounts (after all, intercepting 2FA codes is becoming quite simple).

One of the criminal groups specialized in VIP clients of Russian banks. To collect information about the victim of the fraudsters, they used special "punching" services in Telegram channels or on underground hacker forums. As a rule, the owners of such services have established contacts with insiders in banks with a high level of access. So they could receive in real time not only the client's personal data, but also information about the state of his bank account.

At the next stage, the scammers used the services of an employee of an underground service for the restoration of SIM-cards, which is also a rather popular service in the shadow segment of the Internet. Having made a fake power of attorney (the form costs about 1,500 rubles on the forums, they also use fake stamps or print forms on a color printer), the girl reissued the SIM card in the mobile phone stores of Moscow and the Moscow region. The girl used a fake driver's license as an identity card.

Immediately after the activation of the clone SIM card, the victim's cellular communication was lost, but at that moment the new owner of the SIM card sent requests to the bank to receive one-time access codes for mobile Internet banking. In some cases, the scammers' accomplice did not even bother sending the SIM card - she simply sent or dictated the received codes over the phone. The money (on average 50,000-100,000 rubles) was withdrawn from the victim's account to the accounts of third parties and through a chain of transactions was cashed in other cities, for example, in Samara.

At the same time, if in 2017-2018 criminals withdrew large sums almost instantly, then, starting in 2019, after banks intensified the fight against fraud, it began to take more time. Thus, fraudsters could make transactions only a day after the SIM cards were reissued.

For this reason, fraudsters began to select victims from among wealthy people who were in prison. A prerequisite is that the victim must have money in the account and have mobile banking connected. Experts note that in the institutions of the Federal Penitentiary Service, the defendants and convicts, of course, are prohibited from using cellular communications, however, not only cases of "smuggling" smartphones behind bars are known, but also the work of entire prison call centers, which resulted in a joint initiative of the Ministry of Internal Affairs, the FSB and the Federal Penitentiary Service on blocking of cellular communications in places of deprivation of liberty.

Numerous cases of embezzlement of money from clients of Russian banks became the reason for checking and initiating a criminal case. In the course of the investigation, employees of the Moscow MUR identified the organizers of the criminal group and attracted experts from Group-IB.

Two organizers of the group were detained in Solntsevo and Kommunarka, their accomplice from the "SIM-card recovery service" - in the Moscow region. Another member of the group associated with cashing was caught in Samara. It is noteworthy that one of the members of the criminal group was convicted of similar fraud with the reissue of SIM-cards in 2014-2015, but when he was free, he returned to his former craft.

During the search, Group-IB operatives and specialists found numerous SIM-cards, laptops, smartphones and push-button telephones - "dialers", fake documents - passports and driver's licenses, as well as bank cards and SIM-cards attached to them, to which the stolen money came ...

To store confidential information, the scammers used flash drives-cryptocontainers. The detainees have already given confessions - they have been charged with Part 4 under Article 159 of the Criminal Code of the Russian Federation (Fraud). There are several episodes in the case, the number of victims is increasing, and the total damage from the group's actions is already estimated at several tens of millions of rubles.

“Unlike the well-known schemes with telephone fraud - vishing, when the villains try to get a CVV or SMS code from the victim, the scheme with the reissue of SIN cards is not so widespread and is primarily aimed at respectable wealthy clients. More and more banks are negotiating with mobile operators on the exchange of data to counter fraud: in the event of a SIM card re-issue, mobile banking is temporarily blocked and a separate activation of online banking is required, but this rule is not yet valid for everyone, "comments Sergey Lupanin, head of department Group-IB investigations.