The year 2024 has arrived. A year of technology and new fraudulent schemes!
An unpleasant suspicion crept in again, and then I wrote to support through the web application. There they informed me that the account information might not have been updated in time. At this point I could no longer stand it and called the hotline. It turned out that there are 2 records about me in the database, and in order for the cards to be displayed, they need to be combined.
Then I was asked to undergo identity verification via video link. And while I was there, I learned a lot of interesting things. It turned out that an unknown number was linked to my personal account.
The owner of the SberBank card using the same number is Shvetsov. Namesake. The police told me his name, but I doubt that he is aware of this story.
The mail, address and code word were also unknown. The database displayed 2 accounts, one of which had an error in the passport data. On the same day, I learned that one of the cards was blocked when trying to transfer 50 thousand rubles. During the day, I found out with support what had happened... It was getting to night. Together with the bank employee, I updated all the data and took precautions. In the end, they promised me that access would soon be restored, so having finally calmed down, I disconnected.
However, the nightmare was just beginning...
Then pest activity moved to a new level. I received a call from a representative of Tinkoff Business, who was going to meet to sign papers to open an account. Naturally, I did not plan to open anything, which I immediately reported.
On the same day, Tinkoff employees proposed blocking and re-issuing all cards. As a result, they were almost sent to Chelyabinsk... complete with two SIM cards, which I didn’t even apply for. Moreover, last night a bank employee received confirmation of my Moscow address.
As a result, I made a statement with which I went to the police. After studying the SMS messages received on the phone, we found out the reason for the hack. It turns out that on January 18, Tinkoff Bank scheduled a video call, which seems to have gone “successfully.” And on January 21, the scammer changed his phone number, after which he gained full access to his personal account.
And I could have detected it right away if I hadn't turned off iMessage. Advertisers have long since turned the phone into a spam dump and critical information has been scattered in a sea of messages. At some point I got tired of dealing with it and turned off notifications.
Having received the restored cards, I checked access to the mobile application and saw that the bank had closed the application. I immediately wrote to technical support with a logical question: “Why on earth?” I received a vague answer stating that the funds transfer operation was the reason for closing the appeal. I was dumbfounded. What translation?! As it turned out, the transfer of those ill-fated 68 thousand rubles that the scammers had previously stolen. Did you understand anything? I'm not very good either.
In bewilderment, I wrote to support again and described the situation as it was, attaching screenshots from the SMS. The bank opened the application again.
I went into the application... and saw that another 140 thousand rubles were written off from the new credit card. That is, in total my credit card has already been emptied by 200 thousand!
Shock gave way to disbelief - the fraudster used the same method to deceive the Tinkoff Bank security service twice. Through one personal account. I don’t want to joke about the rake, but at that moment it was asking...
Suddenly, the correspondence with support disappeared and was replaced by a chat with a scammer who had been trying to scam the security service since February last year!
The bank conducted an investigation and contacted me. According to the representative, the fraudster misled the employees. A new account was created, then he managed to merge it with mine and gained access.
A program that can accurately imitate any face in live broadcast mode
Software is also available that synthesizes your voice using audio from Instagram, Whats App and Telegram, which are banned in Russia.
PS (After an internal investigation by Tinkoff Bank)
There are no officially registered cases of fraud through deepfake. But this does not mean that this is impossible in the future. I wish Tinkoff's security service to stay one step ahead.
I am Alexander Kubor (according to Shvetsov’s passport), a 3D artist from the film industry. I am active on social networks and am interested in the development of neural networks, which includes deepfake technology. Understanding the principle of operation, I’ll give you a couple of tips on how to figure out where the person is and where the digital twin is:
My story has come to a fair ending.
Be vigilant and careful. Unfortunately, scammers learn from mistakes just as quickly as we do.
(с) https://habr.com/ru/articles/791074/
The 25th of January
It all started on Thursday, when I was unable to log into my Tinkoff Bank personal account. Suspecting something was wrong, I immediately contacted support. The employee checked the information and reported that there was a problem with the mobile application. Then he promised that they would contact me the next day. However, the call never came. At that time, I rarely used the bank’s services, so I conveniently forgot about the incident.January 29
On Monday I remembered the problem and tried to log into the application again - to no avail... I immediately learned about the Tinkoff web version, through which I finally managed to get into my personal account. However, where the cards were previously displayed, there was an empty inscription: “You don’t have any products yet”... I fell into a stupor. I thought maybe the web version of the application is also slow? After all, the bank representative, even at the first request, answered the question: “Am I accidentally hacked?” confidently answered “No.”An unpleasant suspicion crept in again, and then I wrote to support through the web application. There they informed me that the account information might not have been updated in time. At this point I could no longer stand it and called the hotline. It turned out that there are 2 records about me in the database, and in order for the cards to be displayed, they need to be combined.
Then I was asked to undergo identity verification via video link. And while I was there, I learned a lot of interesting things. It turned out that an unknown number was linked to my personal account.
The owner of the SberBank card using the same number is Shvetsov. Namesake. The police told me his name, but I doubt that he is aware of this story.
The mail, address and code word were also unknown. The database displayed 2 accounts, one of which had an error in the passport data. On the same day, I learned that one of the cards was blocked when trying to transfer 50 thousand rubles. During the day, I found out with support what had happened... It was getting to night. Together with the bank employee, I updated all the data and took precautions. In the end, they promised me that access would soon be restored, so having finally calmed down, I disconnected.
However, the nightmare was just beginning...
January 30
Having still not received access to the mobile application, I called the bank again. The next operator reported that there were five transactions, including from a credit card - in the amount of 68 thousand rubles. And this happened on January 22, after which the fraudster had too much appetite and the operations began to be blocked.Then pest activity moved to a new level. I received a call from a representative of Tinkoff Business, who was going to meet to sign papers to open an account. Naturally, I did not plan to open anything, which I immediately reported.
On the same day, Tinkoff employees proposed blocking and re-issuing all cards. As a result, they were almost sent to Chelyabinsk... complete with two SIM cards, which I didn’t even apply for. Moreover, last night a bank employee received confirmation of my Moscow address.
As a result, I made a statement with which I went to the police. After studying the SMS messages received on the phone, we found out the reason for the hack. It turns out that on January 18, Tinkoff Bank scheduled a video call, which seems to have gone “successfully.” And on January 21, the scammer changed his phone number, after which he gained full access to his personal account.
And I could have detected it right away if I hadn't turned off iMessage. Advertisers have long since turned the phone into a spam dump and critical information has been scattered in a sea of messages. At some point I got tired of dealing with it and turned off notifications.
Later, I discovered that the fraudster had been conducting a long correspondence in my personal account and was trying to get my cards unblocked.
January 31
During the day, I compared the information and built a probable chain of events:- The scammer called from an unknown number, saying that the old one did not belong to him and the phone urgently needed to be replaced.
- Tinkoff Bank demanded to confirm my identity via video link, after which a link to the conference was sent to my number and the attacker’s number.
- The fraudster confirmed his identity through a video call in another city using deepfake technologies. (Later it turned out that the hack did not occur through a video call. Details at the end of the article...)
- Having gained access to his personal account, he changed all the data: phone number, passwords, email, addresses and passport details.
- Then I ordered SIM cards to another city and tried to open a business account and loan. And he withdrew 68 thousand rubles from the account.
- Next, the scammer made Tinkoff Bank doubt my identity, which gave him a little head start. I had to urgently get my phone number and other data back using his own methods - through a video conference.
Having received the restored cards, I checked access to the mobile application and saw that the bank had closed the application. I immediately wrote to technical support with a logical question: “Why on earth?” I received a vague answer stating that the funds transfer operation was the reason for closing the appeal. I was dumbfounded. What translation?! As it turned out, the transfer of those ill-fated 68 thousand rubles that the scammers had previously stolen. Did you understand anything? I'm not very good either.
In bewilderment, I wrote to support again and described the situation as it was, attaching screenshots from the SMS. The bank opened the application again.
1st of February
In the morning I received a message that the number had been changed. Another attempt to enter your personal account was unsuccessful. I called Tinkoff Bank again for clarification. I was asked to undergo verification via video conference and my access was restored. Second time in three days.I went into the application... and saw that another 140 thousand rubles were written off from the new credit card. That is, in total my credit card has already been emptied by 200 thousand!
Shock gave way to disbelief - the fraudster used the same method to deceive the Tinkoff Bank security service twice. Through one personal account. I don’t want to joke about the rake, but at that moment it was asking...
Suddenly, the correspondence with support disappeared and was replaced by a chat with a scammer who had been trying to scam the security service since February last year!
Summing up
In this situation, I am interested in five questions:- How did an attacker manage to deceive Tinkoff Bank employees twice in one way?
- Why didn’t they question his actions when he changed his passport details several times?
- Why did I receive correspondence from an unauthorized chat that was not displayed before?
- Was the deepfake really so successful that they didn’t even get suspicious? (After investigation, it turned out that there was no video call and the bank was not deceived in such a case. Details below...)
- In the age of technology, shouldn’t we be more careful and improve such checks?
The bank conducted an investigation and contacted me. According to the representative, the fraudster misled the employees. A new account was created, then he managed to merge it with mine and gained access.
Is it possible to deceive a bank through a deepfake?
Today there are open access programs that imitate faces and facial expressions using photos and videos from social networks. They can even make your digital copy answer questions.
A program that can accurately imitate any face in live broadcast mode
Software is also available that synthesizes your voice using audio from Instagram, Whats App and Telegram, which are banned in Russia.
PS (After an internal investigation by Tinkoff Bank)
There are no officially registered cases of fraud through deepfake. But this does not mean that this is impossible in the future. I wish Tinkoff's security service to stay one step ahead.
I am Alexander Kubor (according to Shvetsov’s passport), a 3D artist from the film industry. I am active on social networks and am interested in the development of neural networks, which includes deepfake technology. Understanding the principle of operation, I’ll give you a couple of tips on how to figure out where the person is and where the digital twin is:
- Ask the other person to shake their head vigorously;
- Offer to wave your hands in front of your face.
My story has come to a fair ending.
Be vigilant and careful. Unfortunately, scammers learn from mistakes just as quickly as we do.
(с) https://habr.com/ru/articles/791074/
