Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Attackers have found a way to bypass bank restrictions on blocking suspicious transfers. Under the pretext that the funds need to be "secured", Russians are persuaded to withdraw them from the card and transfer cash to couriers. Then the money is converted into cryptocurrency and sent to the organizers of the fraudulent scheme. Now this method of theft is becoming dominant. It has become relevant because in July the new requirements of the Central Bank for the control of transfers came into force. How to counteract this scheme is in the Izvestia article.
"Couriers to participate in the theft of funds are recruited in Telegram channels or on the darknet, and their commission is 5-10% of the amount stolen. Sometimes they present fake documents of law enforcement officers, but most often they give a certain password, which is justified by the "secrecy" of the operation, the expert said.
According to him, then couriers convert funds into cryptocurrency through special exchangers and transfer them to the organizers of the fraudulent scheme.
The only drawback of such a scheme for criminals is that the couriers turn out to be almost disposable, since in most cases the police identify and detain them after the first episode thanks to the ubiquitous video surveillance and facial recognition system, Ashot Oganesyan noted. However, it is still not possible to return the funds in such a situation.
The courier scheme began to actively spread 1.5-2 months ago and very quickly became dominant, he stressed. According to him, it already accounts for about 80% of thefts according to the model with the "need to secure funds." It allows bypassing almost all fraud control systems previously created by the Central Bank and banks, he said.
The last large-scale tightening of such inspections was in July 2024 - then the new requirements of the Bank of Russia came into force. In accordance with them, credit institutions are obliged to return stolen money if they have not taken a number of measures to prevent a suspicious transaction. In particular, market players must suspend transfers to accounts from a special database of the Central Bank for two days - it is assumed that during this time a person may come to his senses. In addition, now banks are required to disable access to remote services for customers who are engaged in the withdrawal and cashing of stolen money.
The Bank of Russia confirmed this information to Izvestia: indeed, after the introduction of new measures, attackers began to steal money from citizens more often with the help of "collectors" - dummy couriers. According to the fraudsters, they will be able to take the cash and transport it to another bank for temporary storage, allegedly on a "special account", which is protected from attacks.
VTB told Izvestia that it had launched a drop monitoring system. Droppers are people whose accounts are used by attackers to "cover their tracks". In 2024, the system made it possible to detain more than 1.1 billion rubles in such accounts, the financial organization specified.
Changes in legislation, as well as the constant work of banks and the regulator to counter fraudsters, informing citizens - all this made it possible to more effectively fight against intruders, Novicom Bank said, without specifying details.
After the changes came into force, from July, the "lifespan" of the dropper card was reduced from an average of a couple of weeks to two days, estimated Evgenia Lazareva, head of the People's Front project "For the Rights of Borrowers", coordinator of the Moshelovka platform.
"Therefore, attackers began to more actively involve couriers rather than droppers as a channel for transferring large sums. They are the most suitable for this, since they interrupt the chain of transactions within the banking circuit. This reduces the chances of preventing a crime," she said.
A fraudulent scheme in which social engineers do not ask to transfer money to a "safe account", but send a courier for cash, has existed for a long time, but was mainly used pointwise, for example, for large loans, said Denis Kalemberg, CEO of SafeTech. However, it allows for an increase in the trend, primarily due to innovations in the banking market, which motivate players to more actively implement anti-fraud systems.
"In addition, instead of codes from SMS and push notifications to confirm transactions, credit institutions are now increasingly introducing payment confirmation solutions, in which the bank client sees on the smartphone screen to whom exactly he transfers money. Therefore, he will no longer confuse the card of an unidentified person with a "safe account" with the Central Bank, the expert added.
It is unlikely that there is a simple and effective recipe for combating the use of couriers in fraudulent chains, Evgenia Lazareva fears. It happens that delivery people simply fulfill the order in quite legal services. When law enforcement officers contact couriers, they usually willingly cooperate with the investigation, the expert added.
"Therefore, it makes sense to carry out preventive work in risk groups, to continue the information campaign with the exposure of fraudulent legends and schemes," Evgenia Lazareva emphasized.
Customers need to be vigilant, VTB reminded: never follow instructions given by strangers on the phone or in instant messengers, including about withdrawing and transferring funds, purchasing shares, installing any applications on a computer or mobile phone.
Why do scammers ask to hand over cash to the courier?
Fraudsters are increasingly using a variant of the "safe account" deception scheme, in which victims are persuaded to hand over cash to couriers, Ashot Oganesyan, founder of the DLBI vulnerability and data leak intelligence service, told Izvestia. First, the attackers, as before, convince the potential victim that the funds are in danger. However, then, instead of encouraging the person to transfer the money to a "safe account", they ask to withdraw it from an ATM and hand it over to the courier."Couriers to participate in the theft of funds are recruited in Telegram channels or on the darknet, and their commission is 5-10% of the amount stolen. Sometimes they present fake documents of law enforcement officers, but most often they give a certain password, which is justified by the "secrecy" of the operation, the expert said.
According to him, then couriers convert funds into cryptocurrency through special exchangers and transfer them to the organizers of the fraudulent scheme.
The only drawback of such a scheme for criminals is that the couriers turn out to be almost disposable, since in most cases the police identify and detain them after the first episode thanks to the ubiquitous video surveillance and facial recognition system, Ashot Oganesyan noted. However, it is still not possible to return the funds in such a situation.
The courier scheme began to actively spread 1.5-2 months ago and very quickly became dominant, he stressed. According to him, it already accounts for about 80% of thefts according to the model with the "need to secure funds." It allows bypassing almost all fraud control systems previously created by the Central Bank and banks, he said.
The last large-scale tightening of such inspections was in July 2024 - then the new requirements of the Bank of Russia came into force. In accordance with them, credit institutions are obliged to return stolen money if they have not taken a number of measures to prevent a suspicious transaction. In particular, market players must suspend transfers to accounts from a special database of the Central Bank for two days - it is assumed that during this time a person may come to his senses. In addition, now banks are required to disable access to remote services for customers who are engaged in the withdrawal and cashing of stolen money.
The Bank of Russia confirmed this information to Izvestia: indeed, after the introduction of new measures, attackers began to steal money from citizens more often with the help of "collectors" - dummy couriers. According to the fraudsters, they will be able to take the cash and transport it to another bank for temporary storage, allegedly on a "special account", which is protected from attacks.
How to protect yourself from phone scammers
Only on the first day of the new rules, access to about 30 thousand electronic means of payment (cards, online banking) of attackers was simultaneously blocked, the Central Bank told Izvestia. According to preliminary monitoring of systemically important credit institutions, on average, banks suspend about 20 thousand transfers daily to accounts with suspicious details that are contained in the regulator's database.VTB told Izvestia that it had launched a drop monitoring system. Droppers are people whose accounts are used by attackers to "cover their tracks". In 2024, the system made it possible to detain more than 1.1 billion rubles in such accounts, the financial organization specified.
Changes in legislation, as well as the constant work of banks and the regulator to counter fraudsters, informing citizens - all this made it possible to more effectively fight against intruders, Novicom Bank said, without specifying details.
After the changes came into force, from July, the "lifespan" of the dropper card was reduced from an average of a couple of weeks to two days, estimated Evgenia Lazareva, head of the People's Front project "For the Rights of Borrowers", coordinator of the Moshelovka platform.
"Therefore, attackers began to more actively involve couriers rather than droppers as a channel for transferring large sums. They are the most suitable for this, since they interrupt the chain of transactions within the banking circuit. This reduces the chances of preventing a crime," she said.
A fraudulent scheme in which social engineers do not ask to transfer money to a "safe account", but send a courier for cash, has existed for a long time, but was mainly used pointwise, for example, for large loans, said Denis Kalemberg, CEO of SafeTech. However, it allows for an increase in the trend, primarily due to innovations in the banking market, which motivate players to more actively implement anti-fraud systems.
"In addition, instead of codes from SMS and push notifications to confirm transactions, credit institutions are now increasingly introducing payment confirmation solutions, in which the bank client sees on the smartphone screen to whom exactly he transfers money. Therefore, he will no longer confuse the card of an unidentified person with a "safe account" with the Central Bank, the expert added.
It is unlikely that there is a simple and effective recipe for combating the use of couriers in fraudulent chains, Evgenia Lazareva fears. It happens that delivery people simply fulfill the order in quite legal services. When law enforcement officers contact couriers, they usually willingly cooperate with the investigation, the expert added.
"Therefore, it makes sense to carry out preventive work in risk groups, to continue the information campaign with the exposure of fraudulent legends and schemes," Evgenia Lazareva emphasized.
Customers need to be vigilant, VTB reminded: never follow instructions given by strangers on the phone or in instant messengers, including about withdrawing and transferring funds, purchasing shares, installing any applications on a computer or mobile phone.
