Please do not judge strictly - the video was recorded on emotions, under the influence of a call that woke me up today from a friend whose family received a loan of more than 1,000,000 rubles (apparently it will have to be repaid), and to whom, as it turned out, I was unlikely to Is there anything I can help with? A little later it turned out that there were only a few victims of this “the bank security service is calling you” scheme, which had already seemingly become entrenched in jokes and flashed on demotivators on social networks, only among my friends - and again, these are only those who are not ashamed to talk about it . The scheme is simple: call -> install a Trojan -> receive a loan -> withdraw money through an ATM using the hands of the bank card holder -> transfer to a “secure account”.
If you think that you, your parents and loved ones are 100% protected from this scheme, you don’t have to look any further.
Transcript.
A short introduction.
I work as an executive director at a large bank, but there will be no insider things in this video - only my personal experience and the experience of my friends and acquaintances. And yes, the point of view that I express may not coincide with the official position of the bank, and in some places some of the managers may not like it.
It so happened that today a friend called me and told me that his wife was deceived by scammers, and she transferred them a whole million rubles. But the fact is that she did not have this million, and through a mobile bank they issued a loan for her, which she did not actually know about until the moment when it was too late.
Suddenly it turned out that there were a little more deceived people around me than I thought, including people my age. And for them, too, overnight a loan was taken out through a mobile bank, which now has to be repaid for a long time.
It cannot be said that people who have been subjected to such deception are complete fools. Yes, as a rule, these are women, and they are not inclined to squander money, give it to the first person they meet - and they get this money through hard work, they are extremely afraid of losing it - and it is precisely this fear that scammers play on in the style of “no time to explain, act, save your money, I’ll tell you exactly how right now, listen here.”
Let's figure out why this happens, who is to blame, and what could be done about it - and I can, of course, talk about this through the prism of my experience.
Let's start with the fact that breaking the law in Western capitalist society is somewhat romanticized, and what distinguishes it from our society is that there is a certain antidote to this in the form of irreparable consequences, the stigma of a criminal record.
It actually puts an end to getting a decent job, and information about even a suspended sentence is a reason for blackmail, and blackmail is professionally carried out by special agencies, which, every time they move or transfer to a new job, they threaten to tell all their neighbors and colleagues what kind of scumbag they have to work with.
I'm not even talking about the fact that you can legally shoot a person who has crossed the border of your property or the threshold of your house.
Apparently, this is why in Western cinema the image of a charming criminal often attracts people - after all, they put everything on the line, and ordinary people have long been weaned off such behavior.
As for us, after the change of system to capitalism, a large number of convicted or cleverly escaped criminals were winners, because at the right moment they took possession of capital and were not burdened with the need to work to feed themselves. Well, now they are respected people, just like the corsair Francis Drake received Her Majesty's certificate and became a respected person - the only difference is that those fortunes were acquired a very long time ago, and here the 90s have just ended, and in some places still and continue.
But let’s say that the rampant banditry is at least stopped, cybercrime has a much better image, since 1) it has an aura of intellectual activity and 2) it makes it easier to avoid punishment, since the crime is committed remotely.
While at school, I was a fan of the film “Hacker”, “Password Swordfish” and all that. I subscribed to Hacker magazine and carefully studied all the articles about hacking. Basically, it described the so-called scam - when they steal credit card data, buy goods, send them abroad, then the client protests the transaction - and the issuer suffers a loss, and the insurance covers it - this is such a funny story about Robin Hood, who robs the rich, but We all know that they have plenty of money. But, in general, the very first case of hacking that occurred in our city was significantly different from the romantic stories shown in the film - and I learned about it from the local FSB officer, who did not really understand what happened there and how to act in this case. situation, but I probably wanted an asterisk. The key point of this “hacking” is that the injured party was a private individual, and in general, there was not so much a hacking as a fraud on trust with Internet access cards - and it seems that little has changed since then. But that incident made me think - it turns out that the so-called. It is much easier for hackers to rob not organizations, but individuals - and since I believe that you should treat people strictly as you want them to treat you, I became extremely disgusted with taking the side of these guys.
Looking ahead, in general, being on the “other” side, that is, not creating, but breaking information systems and software products, is extremely ineffective; these guys will most likely be caught, and I would not recommend getting involved in all this to get rich.
Then I graduated from university and tried to defend my dissertation on detecting attacks on information systems. The point was that there were certain signatures, patterns of hacking attempts - port scanning, buffer overflows, execution of so-called shellcode, installation of Trojans (root whales), and to detect all this, it was supposed to use a neural network.
The dissertation, unfortunately, was abandoned. After moving to Moscow, I did a little consulting for the FSB on IT-related offenses, but in general my current work is quite far from all this, and in general, I think that the security industry as a whole is quite boring (no offense), and at first glance it as if it is not visible - until the moment a loud failure occurs, after which those responsible are fired to hell, or they manage to cleverly excuse themselves in the style of “well, we said that we need to turn everything off and lock it with a barn lock, but no one listened to us.”
We are done with the introduction, and we can talk directly about the technologies of writing off money and assigning large loans to innocent citizens.
The main aspect that I don’t like about all this is that when installing a mobile bank, people are not at all concerned that the key principle of two-factor authorization is violated - you have both transaction confirmation codes and the transactions themselves on the same device. There is such a thing as privilege escalation. Many people have probably heard about the so-called “rooted” phones - on which you can do more than is allowed on regular ones, for example, this used to solve the legislative problem with recording a conversation (this is prohibited in the USA, so such programs were blocked). So, operating systems on mobiles have vulnerabilities through which root modes are activated, and software theory says that there will always be errors in programs - that is, there will always be a certain probability that the device will be hacked up to root rights.
In this case, consider that you simply gave the person your phone, with all the passwords and access to the mobile bank, to a stranger, and he can do whatever he wants with it. And since confirmation messages are also sent to it, you can say goodbye to all your money.
Based on the above, I categorically do not install a mobile bank on my phone, and I forbade my wife to do this. However, some women do not let go of their phone, so they have two of them so that one can be charged. Then you can bet on one, and let the confirmation codes arrive on the other.
But what I didn’t understand before is that wonderful mobile banks allow you to apply for a large loan in a few minutes, get it on your card account, and even write it off. I was going through a difficult period in my life, when I was loaded with loans, and on the verge of late payments, and when I was offered to refinance at a lower interest rate, it was just like a breath of fresh air - and for this I thank you very much.
But even then, when the manager arrived and asked me to point my fingers at the tablet, and after a few minutes money fell onto the card, I realized that everything was too simple - and if I had a mobile bank on my phone, then I, or someone under my guise could instantly put an unbearable burden on me - including one for which I would never repay in my life - by confirming my agreement to too large a percentage. This, for example, is equivalent to transferring an apartment to someone, and for this action it is not without reason that you need to be in a sober mind, and it is advisable for a notary to look at you - are you doing this at gunpoint, are your relatives being held hostage and etc.
Perhaps (perhaps) there is a flip side to the coin - it is not convenient for someone to go to the branch, and it is not even convenient to meet with the manager at work, as I did. For some, the overall process of reviewing a loan seems humiliating, and it is easier for them to communicate with a machine - which will immediately answer yes/no.
But I am firmly convinced that for the majority of the population, perhaps 90 percent or more, it is categorically wrong to issue loans on a button, even if the banks lose some of their profits.
Because people believe that their risk of interaction with the bank is limited by the amount in the account - and in the worst case, they will only lose it.
And it should have remained that way - and my friends (without denying their guilt) lost tens of times more, and it shouldn’t be this way - the bank either should protect them from all this (for example, by blocking work when installing Trojans), or take part of the responsibility.
It is absolutely clear that there are many more deceived people than it seems - a sense of pride does not allow many to confess. And speaking about the psychological aspect of fraudulent schemes, many of my friends boast that they will definitely never fall for such methods. But I know for sure about some of them that they sent small amounts of money when they saw a pop-up window on the Internet “You have won a prize, follow the link!” - that is, something that is generally beyond the bounds... That is, this boast is nothing more than self-confidence, which is now too expensive.
Therefore, one should not renounce this. Perhaps they will call you at the moment when you are most unprepared for this - in a park, sleepy, intoxicated, or simply in a relaxed state when critical thinking is not working.
And a couple more tips. When interacting with your phone, act as if it has already been hacked or stolen, or will happen in 5 minutes. That is, there must be a password, SMS should not be displayed when the phone is locked - it would be a good idea to put a password on the SIM card too. But! If you have a scan of your passport, in collusion with the mobile operator, the SIM card can be reissued - the original one will stop working. Notify the bank at the first communication problems.
According to telecom workers, any number from which they call you can be faked. DO NOT believe a single word of those who called you. If you really want to believe it, ask for the last name or extension and call back, but the main number you are calling back must definitely belong to the organization (it is written on the bank card).
Turn off the hell out of SMS transfers, as I did the day I found out that they exist, and that they are enabled by default.
As soon as your money has been debited, call the bank (by the number on the card and demand to cancel the operation, the longer you delay, the less likely it is that this will happen).
I want to say that the longer I work in information technology, the less trust I have in it, but as a bank employee, it’s sad to hear reproaches - you’re programmers, protect us. We might have protected you, but once the money has left the bank, no one can do anything for you. And a programmer is unlikely to be able to protect you from handing over codes to attackers, and in most cases you do it yourself. Not to mention that when real bank employees call and try to tell the client that he has gone somewhere wrong, especially gifted ones send them - they say, they told me that scammers will call and dissuade you from transferring to a protected account, but you don’t give in. In some cases, it was much cheaper to sit and watch how money was debited from the card (and there is a limit on transfers and withdrawals) than to fuss and, as a result, transfer a million in credit money to a “secure account” to scammers.
A few words about how the police aren’t doing anything either. She does it, but not everything is within her power. The fact is that all these complex schemes with organized groups are organized (forgive the tautology) not at all in order to steal money and sit with it in an account, waiting for someone to come for you and lock you up, and the money will be returned to the victim.
The whole point is to put someone in the middle who is not afraid of responsibility - an alcoholic, drug addict, homeless person, etc., and take the money out of the reach of the police.
In this regard, I would like to say hello to cryptocurrency lovers, about whom I already made a video, and many of whom were offended. But this is precisely the answer to the question that always baffles you - why are cryptocurrencies needed at all? This is why - to avoid punishment for fraud, extortion, drug sales, and so on. Some frightened women, under severe psychological pressure, transferred money, it was instantly withdrawn from the drug addict’s card, and they bought cryptocurrency, which was put through a mixer and cashed abroad. That's it, no police will do anything, they would report the recipient of the money to Interpol if it were an ordinary cross-border Swift or Western Union.
This is precisely the result of the work of wonderful information technologies, which are shouted about on every corner today - and those who participate in cryptocurrency scams serve precisely these criminal schemes, where the anonymity of international transactions is important - cryptocurrencies simply have no other advantages, no matter how much you try to pull the wool over the eyes globe. And without you, dear miners, and amateur exchangers of bitcoins for rubles and back (a popular cryptocurrency “startup”), such fraud with mobile banks would have been a little more difficult to engage in - if you don’t believe me, read for example the Golden Calf, how the hero could not steal a million neither spend it nor take it out of the country. Already at the time when this book was written, it was clear how everything works, what the train of thought is and what the main movements of the scammers are. Everything is as primitive as possible - steal and run away, but now they have added the opportunity to sit abroad, and let losers work for you - they deceive, lie, and let them go to prison for this - and the money will come to you beyond the border.
Therefore, crypto demons bear part of the blame for the fact that some easily loyal people will have to spend years of their lives to compensate for the stolen funds. And if it so happens that you are a crypto demon - a lover of cryptocurrency and its promoter, and you think that this is not about you, that you have nothing to do with it - try not to lie to yourself at least - you are as much a participant in this whole Sabbath as everyone else - and freedom from the oppression of the state, which you so love to talk about, has nothing to do with it - it ended where the freedom of another citizen began - that is, where the first victim was deceived and the money was sent abroad through your beloved Bitcoin or Ether.
That's all. Take care of yourself and your loved ones.
If you think that you, your parents and loved ones are 100% protected from this scheme, you don’t have to look any further.
Transcript.
A short introduction.
I work as an executive director at a large bank, but there will be no insider things in this video - only my personal experience and the experience of my friends and acquaintances. And yes, the point of view that I express may not coincide with the official position of the bank, and in some places some of the managers may not like it.
It so happened that today a friend called me and told me that his wife was deceived by scammers, and she transferred them a whole million rubles. But the fact is that she did not have this million, and through a mobile bank they issued a loan for her, which she did not actually know about until the moment when it was too late.
Suddenly it turned out that there were a little more deceived people around me than I thought, including people my age. And for them, too, overnight a loan was taken out through a mobile bank, which now has to be repaid for a long time.
It cannot be said that people who have been subjected to such deception are complete fools. Yes, as a rule, these are women, and they are not inclined to squander money, give it to the first person they meet - and they get this money through hard work, they are extremely afraid of losing it - and it is precisely this fear that scammers play on in the style of “no time to explain, act, save your money, I’ll tell you exactly how right now, listen here.”
Let's figure out why this happens, who is to blame, and what could be done about it - and I can, of course, talk about this through the prism of my experience.
Let's start with the fact that breaking the law in Western capitalist society is somewhat romanticized, and what distinguishes it from our society is that there is a certain antidote to this in the form of irreparable consequences, the stigma of a criminal record.
It actually puts an end to getting a decent job, and information about even a suspended sentence is a reason for blackmail, and blackmail is professionally carried out by special agencies, which, every time they move or transfer to a new job, they threaten to tell all their neighbors and colleagues what kind of scumbag they have to work with.
I'm not even talking about the fact that you can legally shoot a person who has crossed the border of your property or the threshold of your house.
Apparently, this is why in Western cinema the image of a charming criminal often attracts people - after all, they put everything on the line, and ordinary people have long been weaned off such behavior.
As for us, after the change of system to capitalism, a large number of convicted or cleverly escaped criminals were winners, because at the right moment they took possession of capital and were not burdened with the need to work to feed themselves. Well, now they are respected people, just like the corsair Francis Drake received Her Majesty's certificate and became a respected person - the only difference is that those fortunes were acquired a very long time ago, and here the 90s have just ended, and in some places still and continue.
But let’s say that the rampant banditry is at least stopped, cybercrime has a much better image, since 1) it has an aura of intellectual activity and 2) it makes it easier to avoid punishment, since the crime is committed remotely.
While at school, I was a fan of the film “Hacker”, “Password Swordfish” and all that. I subscribed to Hacker magazine and carefully studied all the articles about hacking. Basically, it described the so-called scam - when they steal credit card data, buy goods, send them abroad, then the client protests the transaction - and the issuer suffers a loss, and the insurance covers it - this is such a funny story about Robin Hood, who robs the rich, but We all know that they have plenty of money. But, in general, the very first case of hacking that occurred in our city was significantly different from the romantic stories shown in the film - and I learned about it from the local FSB officer, who did not really understand what happened there and how to act in this case. situation, but I probably wanted an asterisk. The key point of this “hacking” is that the injured party was a private individual, and in general, there was not so much a hacking as a fraud on trust with Internet access cards - and it seems that little has changed since then. But that incident made me think - it turns out that the so-called. It is much easier for hackers to rob not organizations, but individuals - and since I believe that you should treat people strictly as you want them to treat you, I became extremely disgusted with taking the side of these guys.
Looking ahead, in general, being on the “other” side, that is, not creating, but breaking information systems and software products, is extremely ineffective; these guys will most likely be caught, and I would not recommend getting involved in all this to get rich.
Then I graduated from university and tried to defend my dissertation on detecting attacks on information systems. The point was that there were certain signatures, patterns of hacking attempts - port scanning, buffer overflows, execution of so-called shellcode, installation of Trojans (root whales), and to detect all this, it was supposed to use a neural network.
The dissertation, unfortunately, was abandoned. After moving to Moscow, I did a little consulting for the FSB on IT-related offenses, but in general my current work is quite far from all this, and in general, I think that the security industry as a whole is quite boring (no offense), and at first glance it as if it is not visible - until the moment a loud failure occurs, after which those responsible are fired to hell, or they manage to cleverly excuse themselves in the style of “well, we said that we need to turn everything off and lock it with a barn lock, but no one listened to us.”
We are done with the introduction, and we can talk directly about the technologies of writing off money and assigning large loans to innocent citizens.
The main aspect that I don’t like about all this is that when installing a mobile bank, people are not at all concerned that the key principle of two-factor authorization is violated - you have both transaction confirmation codes and the transactions themselves on the same device. There is such a thing as privilege escalation. Many people have probably heard about the so-called “rooted” phones - on which you can do more than is allowed on regular ones, for example, this used to solve the legislative problem with recording a conversation (this is prohibited in the USA, so such programs were blocked). So, operating systems on mobiles have vulnerabilities through which root modes are activated, and software theory says that there will always be errors in programs - that is, there will always be a certain probability that the device will be hacked up to root rights.
In this case, consider that you simply gave the person your phone, with all the passwords and access to the mobile bank, to a stranger, and he can do whatever he wants with it. And since confirmation messages are also sent to it, you can say goodbye to all your money.
Based on the above, I categorically do not install a mobile bank on my phone, and I forbade my wife to do this. However, some women do not let go of their phone, so they have two of them so that one can be charged. Then you can bet on one, and let the confirmation codes arrive on the other.
But what I didn’t understand before is that wonderful mobile banks allow you to apply for a large loan in a few minutes, get it on your card account, and even write it off. I was going through a difficult period in my life, when I was loaded with loans, and on the verge of late payments, and when I was offered to refinance at a lower interest rate, it was just like a breath of fresh air - and for this I thank you very much.
But even then, when the manager arrived and asked me to point my fingers at the tablet, and after a few minutes money fell onto the card, I realized that everything was too simple - and if I had a mobile bank on my phone, then I, or someone under my guise could instantly put an unbearable burden on me - including one for which I would never repay in my life - by confirming my agreement to too large a percentage. This, for example, is equivalent to transferring an apartment to someone, and for this action it is not without reason that you need to be in a sober mind, and it is advisable for a notary to look at you - are you doing this at gunpoint, are your relatives being held hostage and etc.
Perhaps (perhaps) there is a flip side to the coin - it is not convenient for someone to go to the branch, and it is not even convenient to meet with the manager at work, as I did. For some, the overall process of reviewing a loan seems humiliating, and it is easier for them to communicate with a machine - which will immediately answer yes/no.
But I am firmly convinced that for the majority of the population, perhaps 90 percent or more, it is categorically wrong to issue loans on a button, even if the banks lose some of their profits.
Because people believe that their risk of interaction with the bank is limited by the amount in the account - and in the worst case, they will only lose it.
And it should have remained that way - and my friends (without denying their guilt) lost tens of times more, and it shouldn’t be this way - the bank either should protect them from all this (for example, by blocking work when installing Trojans), or take part of the responsibility.
It is absolutely clear that there are many more deceived people than it seems - a sense of pride does not allow many to confess. And speaking about the psychological aspect of fraudulent schemes, many of my friends boast that they will definitely never fall for such methods. But I know for sure about some of them that they sent small amounts of money when they saw a pop-up window on the Internet “You have won a prize, follow the link!” - that is, something that is generally beyond the bounds... That is, this boast is nothing more than self-confidence, which is now too expensive.
Therefore, one should not renounce this. Perhaps they will call you at the moment when you are most unprepared for this - in a park, sleepy, intoxicated, or simply in a relaxed state when critical thinking is not working.
And a couple more tips. When interacting with your phone, act as if it has already been hacked or stolen, or will happen in 5 minutes. That is, there must be a password, SMS should not be displayed when the phone is locked - it would be a good idea to put a password on the SIM card too. But! If you have a scan of your passport, in collusion with the mobile operator, the SIM card can be reissued - the original one will stop working. Notify the bank at the first communication problems.
According to telecom workers, any number from which they call you can be faked. DO NOT believe a single word of those who called you. If you really want to believe it, ask for the last name or extension and call back, but the main number you are calling back must definitely belong to the organization (it is written on the bank card).
Turn off the hell out of SMS transfers, as I did the day I found out that they exist, and that they are enabled by default.
As soon as your money has been debited, call the bank (by the number on the card and demand to cancel the operation, the longer you delay, the less likely it is that this will happen).
I want to say that the longer I work in information technology, the less trust I have in it, but as a bank employee, it’s sad to hear reproaches - you’re programmers, protect us. We might have protected you, but once the money has left the bank, no one can do anything for you. And a programmer is unlikely to be able to protect you from handing over codes to attackers, and in most cases you do it yourself. Not to mention that when real bank employees call and try to tell the client that he has gone somewhere wrong, especially gifted ones send them - they say, they told me that scammers will call and dissuade you from transferring to a protected account, but you don’t give in. In some cases, it was much cheaper to sit and watch how money was debited from the card (and there is a limit on transfers and withdrawals) than to fuss and, as a result, transfer a million in credit money to a “secure account” to scammers.
A few words about how the police aren’t doing anything either. She does it, but not everything is within her power. The fact is that all these complex schemes with organized groups are organized (forgive the tautology) not at all in order to steal money and sit with it in an account, waiting for someone to come for you and lock you up, and the money will be returned to the victim.
The whole point is to put someone in the middle who is not afraid of responsibility - an alcoholic, drug addict, homeless person, etc., and take the money out of the reach of the police.
In this regard, I would like to say hello to cryptocurrency lovers, about whom I already made a video, and many of whom were offended. But this is precisely the answer to the question that always baffles you - why are cryptocurrencies needed at all? This is why - to avoid punishment for fraud, extortion, drug sales, and so on. Some frightened women, under severe psychological pressure, transferred money, it was instantly withdrawn from the drug addict’s card, and they bought cryptocurrency, which was put through a mixer and cashed abroad. That's it, no police will do anything, they would report the recipient of the money to Interpol if it were an ordinary cross-border Swift or Western Union.
This is precisely the result of the work of wonderful information technologies, which are shouted about on every corner today - and those who participate in cryptocurrency scams serve precisely these criminal schemes, where the anonymity of international transactions is important - cryptocurrencies simply have no other advantages, no matter how much you try to pull the wool over the eyes globe. And without you, dear miners, and amateur exchangers of bitcoins for rubles and back (a popular cryptocurrency “startup”), such fraud with mobile banks would have been a little more difficult to engage in - if you don’t believe me, read for example the Golden Calf, how the hero could not steal a million neither spend it nor take it out of the country. Already at the time when this book was written, it was clear how everything works, what the train of thought is and what the main movements of the scammers are. Everything is as primitive as possible - steal and run away, but now they have added the opportunity to sit abroad, and let losers work for you - they deceive, lie, and let them go to prison for this - and the money will come to you beyond the border.
Therefore, crypto demons bear part of the blame for the fact that some easily loyal people will have to spend years of their lives to compensate for the stolen funds. And if it so happens that you are a crypto demon - a lover of cryptocurrency and its promoter, and you think that this is not about you, that you have nothing to do with it - try not to lie to yourself at least - you are as much a participant in this whole Sabbath as everyone else - and freedom from the oppression of the state, which you so love to talk about, has nothing to do with it - it ended where the freedom of another citizen began - that is, where the first victim was deceived and the money was sent abroad through your beloved Bitcoin or Ether.
That's all. Take care of yourself and your loved ones.
