1. What's happened?
It didn’t happen, but it happens all the time - people have money stolen from their accounts, and the victims themselves provide all the information to the scammers, without understanding what they are doing. Most people think that they will not be robbed and begin to worry when the money has already been withdrawn and nothing can be done. There are many ways to steal your money, such as skimming and phishing.2. Skimming and phishing? Russian is ok?
Skimming is when scammers place various dubious devices on an ATM and physically copy your card details. We have already talked about this in detail once. Phishing is when card data is obtained by deception: scammers pretend to be something they are not. This card is about phishing. The main goal of phishing is to obtain your PIN code, card number, CVC number (three digits near the signature), card expiration date, and SMS with the code. At the same time, scammers do not need to know all of the above, so the main thing to understand is that you should never share this information with anyone. Yes, when you pay, for example, in an online store, you will be asked for your card number, expiration date, and CVC: therefore, buy only on trusted sites. And in any case, never provide this data by voice. If you fall for a scam and provide your information, it will be almost impossible to return the money after that: because you reported everything yourself and voluntarily.3. Does anyone believe these calls from “bank employees”?
A lot of people believe them. And you can believe it too: there is an entire industry working on these calls, including professional actors who can perfectly play a bank employee.4. And how to distinguish a real bank employee from a fake one?
According to one or more criteria:1. A fake employee calls and asks for a code from SMS or card details (number, expiration date, CVC code) - he should never do this.
2. The fake employee is not knowledgeable enough. For example, it cannot answer a question about your other products in the bank or recent transactions.
3. The fake employee is too persistent: he tries to convince you, insists that you provide the necessary information right now.
4. A fake employee calls from a mobile phone, or his number is not identified.
If the call makes you doubtful, hang up and call your bank on a verified phone number to find out if they really called you.
And now attention: if you are not fooled by fake calls, this is not salvation. Because phishing doesn’t just happen over the phone.
5. How else?
SMS, mailings, fake websites.6. Oh. Let's go in order.
Let's. Let's start with SMS. A fake SMS may indicate that accounts have been blocked or a large amount of money has been withdrawn. Or the message promises a prize or benefit without any effort, for example, earnings of 30,000 rubles per hour of work per day. Or the message contains spelling, punctuation or other errors. Most likely, the SMS will contain a fake phone number at which the connection will be waiting for you.7. OK. What about the sites?
There are much more opportunities for deception here, but if you are careful, everything can be avoided. What should you keep an eye on?1. Behind the name of the bank (as well as an online store or some popular service) in the address (or link that you are going to click on). There may be a subtle error in it. For example, Sderbank instead of Sberbank or Tiknoff instead of Tinkoff.
2. Browser behavior. All modern browsers have technologies that find suspicious sites. And you will be warned about the danger - the main thing is not to ignore such messages.
3. How the site looks. There are dummy sites that pretend, for example, to be an online store, but there are no products or reviews on them.
4. How you got to the site - it happens that when you click on one link, several open at once. Normal sites don't behave this way.
5. And one more thing: never enter any card data on a website that does not have https:// at the beginning of the address (precisely https, not http, because only https sites provide secure transfer of information).
8. It's clear. What about mailings?
Mailings are perhaps the most dangerous method of phishing because they drop into your inbox without warning, meaning you don't have to do anything at all to receive a dangerous email. To understand the scale: 156 million phishing emails are sent every day worldwide, 16 million of them get through spam filters, half of these emails are opened, 800,000 click on links and 80,000 give away their data. Once again: 80,000 people in the world give their money to bandits every day just through mailings. How to spot a fake newsletter?1. Look carefully at the sender's address. The main deception is always there. Either there is a deliberate typo in it (sbelbank, not sberbank), or the letter was sent from an address registered in an open mail service (gmail, mail, yandex, etc.) No matter how official and beautiful and true-to-life the newsletter may be, if there is something wrong with the sender’s address, it means it’s definitely a scam.
2. Look at the links inside the newsletter. Look where they are going to send you - if you are not being directed to the official website of the company that supposedly sent the newsletter, do not go there.
3. Look for grammatical errors and typos. Also a cause for concern.
We highly recommend reading the article about this - there are many examples there, from which it follows that sometimes phishing emails look almost like real ones and it is extremely difficult to detect deception.
9. They gave us fear. Are there any ways to protect yourself?
Firstly, the banks themselves are struggling with this. Every bank has a security service - and this is essentially a private intelligence service that is looking for fraudsters. But you can also protect yourself. Here are the tips from Tinkoff Bank, with whom we made this card:1. Get a separate card for online purchases. The additional card uses the same account as the main one, but has different payment information. Even if they are taken away, you will block the additional card and remain with the main one.
2. Set a spending limit on an additional card, for example, 5,000 rubles per month. The limit can be changed at any time.
3. Call the number on the back of the card and check whether you have 3-D Secure enabled - this is when any payment on the Internet must be confirmed via a code in an SMS. If not connected, find out how. If you cannot connect 3-D Secure, change the bank.
4. Don't carry your card and phone together. They put the card in the phone case and did half the work for the scammer. When paying, he will receive an SMS with a code to your phone.
5. Install an antivirus and update it regularly.
6. Do not download programs and movies from pirated sites, this is the most reliable way to catch a virus.
7. Do not install applications on Android that are not from Google Play.
8. Protect your phone with a PIN code or fingerprint. No one should get to your SMS messages except you. Be sure to turn off the display of message text on the lock screen. Of course, it’s more convenient to enter the code this way. Including scammers.
10. Okay, I'll be more careful.
And also tell all this to your elderly relatives, if you have them. They may not be buying online, but they are the least likely to be scammed over the phone.(c) https://meduza.io/cards/kak-ukrast-dengi-s-moey-karty
