Approximately every fourth bank card holder is at risk of financial fraud. As a rule, attackers use social engineering methods, and Russians transfer money to them and give out personal data voluntarily. Forbes talks about 11 common methods scammers use
In July, NAFI experts found that every fourth bank card holder in Russia could become a victim of fraud: 27% of respondents were at risk because they were ready to tell strangers the CVV code of their card and its expiration date. Slightly less than a third of cardholders have encountered fraud attempts in one form or another.
Fraudsters continue to improve their methods, Central Bank head Elvira Nabiullina admitted at the end of June. “Cheaters have always been creative. And technology, unfortunately, only expands their ability to mislead citizens. These include phishing sites, calls from so-called bank security services, fake pages of banks and even the Bank of Russia on social networks, where prizes are supposedly given out or compensation is paid, and so on,” the head of the regulator listed. According to Nabiullina, about 70% of transactions that are done without the client’s consent are carried out using social engineering. “And then the bank does not violate anything, because the person himself hands over the passwords and all personal data to the scammers,” she said.
Forbes talks about 11 common and current schemes that scammers use to withdraw money from bank cards and obtain personal data.
In particular, after the borders were closed, scammers began calling people and offering their services to return money for purchased tickets and hotel reservations. VTB warned about this method in May. Fraudsters are taking advantage of a new method of refunding tickets using vouchers, which many airlines are already using. The passenger issues a voucher, and the money spent on the ticket is credited to a special deposit in his personal account on the website of the air carrier or aggregator. Fraudsters call passengers, introduce themselves as airline employees and offer to buy a voucher from them. To do this, they ask you to provide your bank card details for debiting the agreed amount, as well as the code from the SMS you then receive from the bank.
Other cases of fraud are listed on the bank website:
VTB reported on the original use of this method in May. In the spring, due to the crisis and pandemic, the number of unemployed increased sharply, and the topic of vacancies became especially relevant. The bank gave an example of a vacancy for a mobile application tester for candidates without work experience. During the “testing” process, the candidate was asked to install remote access programs to a computer or smartphone. As a result, the scammers gained access to the client’s banking applications.
(c) Ekaterina Alikina
www.forbes.ru
In July, NAFI experts found that every fourth bank card holder in Russia could become a victim of fraud: 27% of respondents were at risk because they were ready to tell strangers the CVV code of their card and its expiration date. Slightly less than a third of cardholders have encountered fraud attempts in one form or another.
Fraudsters continue to improve their methods, Central Bank head Elvira Nabiullina admitted at the end of June. “Cheaters have always been creative. And technology, unfortunately, only expands their ability to mislead citizens. These include phishing sites, calls from so-called bank security services, fake pages of banks and even the Bank of Russia on social networks, where prizes are supposedly given out or compensation is paid, and so on,” the head of the regulator listed. According to Nabiullina, about 70% of transactions that are done without the client’s consent are carried out using social engineering. “And then the bank does not violate anything, because the person himself hands over the passwords and all personal data to the scammers,” she said.
Forbes talks about 11 common and current schemes that scammers use to withdraw money from bank cards and obtain personal data.
1. False assistance with refunds for air tickets and hotels
“Fraudsters actively use any newsworthy occasions and high-profile events,” says Sergei Nikitin, deputy head of the Laboratory of Computer Forensics and Malicious Code Research at Group-IB. “This year they are actively using the coronavirus theme.”In particular, after the borders were closed, scammers began calling people and offering their services to return money for purchased tickets and hotel reservations. VTB warned about this method in May. Fraudsters are taking advantage of a new method of refunding tickets using vouchers, which many airlines are already using. The passenger issues a voucher, and the money spent on the ticket is credited to a special deposit in his personal account on the website of the air carrier or aggregator. Fraudsters call passengers, introduce themselves as airline employees and offer to buy a voucher from them. To do this, they ask you to provide your bank card details for debiting the agreed amount, as well as the code from the SMS you then receive from the bank.
2. “False” benefits and benefits from the state or credit holidays
Another “coronavirus” method of fraud. A person may receive a call supposedly from the bank and be informed that he is entitled to financial support due to a sharp loss of income, credit holidays, installment plans, etc. To process them, callers are asked to provide their bank card details. If the cardholder provides the bank card details, its expiration date and CVV code, then fraudsters can already make online purchases in his name.3. “False” child benefits
In June, Pochta Bank reported on a method of fraud related to the payment of “anti-crisis” benefits for children. Fraudsters create fake Internet sites that imitate a government services portal and are supposedly dedicated to the payment of benefits for families with children. Externally, they either completely copy the official portal or are very similar to it, the bank said in a release. On such sites, scammers ask you to enter your bank account number.4. Messages about an attempt to log into mobile banking and link another phone number to the card
Fraudsters contact the card owner and report that someone is trying to link the card to another phone number. To identify the person, the card owner is asked to provide her details. After this, the scammers make a transfer from the card, the client receives a confirmation code from the bank, which he also informs the scammers - also for “identification”. Having learned the code, attackers can transfer money to another card.5. Fraud using a service for entrepreneurs
Fraudsters have found a loophole in bank’s service for remotely reserving a current account for individual entrepreneurs. The attackers introduce themselves over the phone as employees of the Sberbank security service and inform the client about an attempted unauthorized operation on his accounts. They suggest opening a reserve bank account and going through verification. To do this, you are asked to provide your card details. When the client begins to doubt and refuses to disclose the data, the scammers fill out a form on the service for remotely reserving a current account, and then the potential victim of the scammer receives a real SMS with a transaction confirmation code from the Sberbank number 900.Other cases of fraud are listed on the bank website:
6. "Lottery" from Sberbank
Scammers over the phone offer to participate in a lottery from Sberbank, for which you need to complete a survey on the website. Participants in the “lottery” are promised a large sum. Naturally, the State Bank does not conduct lotteries, and the site is a phishing site. On it, to confirm the card, the potential victim of fraudsters is asked to transfer 150 rubles. “You send money, and then you can’t contact the scammers,” the bank writes.7. "Broker or dealer services"
Fraudsters pose as employees of a brokerage or dealer company. They offer to invest money with a guarantee of high income. The person eventually agrees to open an account and independently transfers the money to the scammers. Another option that Sberbank points out is that scammers offer to register on a binary options website; after replenishing the balance, a person receives notifications about receiving “bonus” income. To withdraw them, you need to deposit an additional amount into the account; as a result, this money cannot be returned, the bank writes.8. Calls from similar numbers
“Criminals can change one digit in the number, which you won’t notice and think is a bank number,” Sberbank warns. Fraudsters will ask for full card details, CVV or CVC code, SMS code or online banking passwords, and explain this by saying that they are trying to prevent a suspicious transaction.9. "Translation by mistake"
Fraudsters can send an SMS faked as a bank message about a transaction, then a message comes from another number asking for a refund, since the transfer was allegedly made by mistake.10. Suggestions for installing a remote access program
The attackers pose as bank employees and, under various pretexts, may offer to install a remote control program on your smartphone. For example, scammers may say that this will save the client from unauthorized withdrawal of money. Next, the person downloads a “special antivirus” or “remote assistance program” from the link. “The most dangerous thing is that the attacker sees the smartphone screen,” says Sergey Nikitin from Group-IB. — If it’s Android, then he can control this smartphone, if it’s iOS, then he can just see the screen. The trick here is that the scammers then initiate an operation to transfer funds from the account, and the person receives a code that is immediately displayed on the screen.”VTB reported on the original use of this method in May. In the spring, due to the crisis and pandemic, the number of unemployed increased sharply, and the topic of vacancies became especially relevant. The bank gave an example of a vacancy for a mobile application tester for candidates without work experience. During the “testing” process, the candidate was asked to install remote access programs to a computer or smartphone. As a result, the scammers gained access to the client’s banking applications.
11. Going to the ATM to “save money”
This option is less common, but works well for older citizens. Attackers persuade a person to go to an ATM and type a certain sequence of commands into it. Typically, scammers report in an alarming tone that they are trying to steal money and that it needs to be immediately transferred to an “insurance account.” The card owner is told which buttons to press, and the person transfers money either to a phone number or to someone else’s card.How to protect yourself
Attackers can find out a person’s personal data through social networks and from leaks, including bank client databases. Often such databases even contain a person’s passport data, information about their balance, recent transactions, etc. It is also possible to find out the name of the owner of someone else’s card by its number by trying to make a payment on it, says Sergey Nikitin from Group-IB.- You need to understand that you cannot tell anyone (without exceptions) your card details, much less the codes from SMS.
- It is better not to enter into negotiations at all. When in doubt, it is better to call the bank back at the phone number indicated on the card and clarify whether the bank really called you, Nikitin warns.
- Banking apps can only be installed from the official app store and not from a search engine or third-party links.
- Finally, you should not leave online information with your card numbers, phone number linked to cards, or information about which banks you are a client of.
(c) Ekaterina Alikina
Как мошенники крадут деньги с ваших банковских карт: 11 главных схем
Риску финансового мошенничества подвержен примерно каждый четвертый владелец банковских карт. Как правило, злоумышленники используют методы социальной инженерии, и россияне переводят им деньги и выдают персональные данные добровольно. Forbes рассказы
www.forbes.ru
