John read that the data of thousands of people have leaked to the network. And even it was written which company is selling them. He went to her website and saw a demo fragment from the database, where his name and card number were. Now John is afraid that scammers will be able to steal all the money from his account. We will tell you about the threat of personal data leaks and how to secure your money if information about your account gets to criminals.
Why do criminals need my data?
As a rule, the information that leaks into the network from the databases of financial institutions and other companies is not enough to steal money without your knowledge. But personal data in the public domain attract scammers. Using social engineering, they try to find the missing information to get to your savings. Fraudsters rely on the card and account holders themselves as the source of the data they need.
The fraudsters call and introduce themselves as bank security officers, send messages "about blocking the card." They write by e-mail that "you are entitled to compensation, you only need to pay a small commission for its transfer to your account." And sometimes they even knock on the door and offer to “get tested for coronavirus”, because “the neighbors tested positive”.
Legends are very different. But the task is always the same: fraudsters play on emotions so that people voluntarily transfer their savings to them or provide secret data that will allow them to write off money from bank cards. And in the case of a face-to-face meeting, they can simply rob the apartment.
Criminals do not need to know much to strike up a conversation, gain confidence, and encourage rash actions. For their purposes, a name, address, phone and card numbers are sufficient.
When clients themselves give out classified information to fraudsters or, according to their instructions, transfer money to other people's accounts, banks do not compensate for the losses. And in the vast majority of cases, people lose their savings because of their own gullibility, and not because their accounts have been hacked by hackers.
How does personal and payment information get online?
Over the past years, several times customer data has been leaked by employees of banks, microfinance organizations, collection bureaus and credit brokers.
Sometimes hackers manage to break into the databases of online stores and service companies, hotels and carriers.
But often people themselves share their card numbers or even publish their photos in social networks and instant messengers. Cybercriminals hack accounts and collect such data into their own databases, so that they can then be put up for sale.
Some users enter their names, phone numbers and card details on the pages of pseudo-contests, lotteries and polls, or on twin sites of real financial organizations, stores and other companies. Scammers create such phishing sites specifically to collect personal and payment information.
I heard that scammers can get a duplicate SIM card with my phone number - and SMS codes will be sent to them.
Such a fraudulent scheme did exist. Using fake documents and a fake power of attorney, the criminals received a duplicate SIM card with someone else's number and intercepted SMS messages. This scheme was laborious and dangerous for the schemers themselves. They had to personally contact the office of the telecom operator. Because of this, the likelihood that they would be tracked down and caught increased dramatically.
Nowadays, such a scheme is rare. Many banks and mobile operators have entered into agreements on the exchange of information when replacing a SIM card. In such cases, banks suspend SMS reporting for one or two days.
If the criminals still manage to get hold of your number, you will immediately find out about it - the SIM card in your phone will stop working. In this case, you should immediately contact the bank and disconnect all services from the number. Then the criminals will not be able to steal anything.
If you yourself decide to replace the SIM card or switch to another mobile operator with your number, you should warn your bank about this so that it does not turn off the SMS service. Banks always carry out customer identification, including when calling the hotline. The likelihood that a fraudster will pass the bank check and continue to receive SMS messages to confirm transactions is very small.
What if my data gets to deceivers? How to protect yourself from them?
You cannot completely prevent data leaks. But it is in your power to minimize the risk of losing money. It is important to always follow the rules of financial security.
Why do criminals need my data?
As a rule, the information that leaks into the network from the databases of financial institutions and other companies is not enough to steal money without your knowledge. But personal data in the public domain attract scammers. Using social engineering, they try to find the missing information to get to your savings. Fraudsters rely on the card and account holders themselves as the source of the data they need.
The fraudsters call and introduce themselves as bank security officers, send messages "about blocking the card." They write by e-mail that "you are entitled to compensation, you only need to pay a small commission for its transfer to your account." And sometimes they even knock on the door and offer to “get tested for coronavirus”, because “the neighbors tested positive”.
Legends are very different. But the task is always the same: fraudsters play on emotions so that people voluntarily transfer their savings to them or provide secret data that will allow them to write off money from bank cards. And in the case of a face-to-face meeting, they can simply rob the apartment.
Criminals do not need to know much to strike up a conversation, gain confidence, and encourage rash actions. For their purposes, a name, address, phone and card numbers are sufficient.
When clients themselves give out classified information to fraudsters or, according to their instructions, transfer money to other people's accounts, banks do not compensate for the losses. And in the vast majority of cases, people lose their savings because of their own gullibility, and not because their accounts have been hacked by hackers.
How does personal and payment information get online?
Over the past years, several times customer data has been leaked by employees of banks, microfinance organizations, collection bureaus and credit brokers.
Sometimes hackers manage to break into the databases of online stores and service companies, hotels and carriers.
But often people themselves share their card numbers or even publish their photos in social networks and instant messengers. Cybercriminals hack accounts and collect such data into their own databases, so that they can then be put up for sale.
Some users enter their names, phone numbers and card details on the pages of pseudo-contests, lotteries and polls, or on twin sites of real financial organizations, stores and other companies. Scammers create such phishing sites specifically to collect personal and payment information.
I heard that scammers can get a duplicate SIM card with my phone number - and SMS codes will be sent to them.
Such a fraudulent scheme did exist. Using fake documents and a fake power of attorney, the criminals received a duplicate SIM card with someone else's number and intercepted SMS messages. This scheme was laborious and dangerous for the schemers themselves. They had to personally contact the office of the telecom operator. Because of this, the likelihood that they would be tracked down and caught increased dramatically.
Nowadays, such a scheme is rare. Many banks and mobile operators have entered into agreements on the exchange of information when replacing a SIM card. In such cases, banks suspend SMS reporting for one or two days.
If the criminals still manage to get hold of your number, you will immediately find out about it - the SIM card in your phone will stop working. In this case, you should immediately contact the bank and disconnect all services from the number. Then the criminals will not be able to steal anything.
If you yourself decide to replace the SIM card or switch to another mobile operator with your number, you should warn your bank about this so that it does not turn off the SMS service. Banks always carry out customer identification, including when calling the hotline. The likelihood that a fraudster will pass the bank check and continue to receive SMS messages to confirm transactions is very small.
What if my data gets to deceivers? How to protect yourself from them?
You cannot completely prevent data leaks. But it is in your power to minimize the risk of losing money. It is important to always follow the rules of financial security.
- Do not tell anyone the full details of your card and do not post its photos on the network. If someone wants to transfer money to you, he only needs to know the card number or even just the phone number.
- Enter card details only on secure websites of trusted companies. The official websites of financial organizations, as well as many online stores and services in the Yandex and Mail.ru search engines are marked with check marks. A secure connection is easily recognizable by the closed padlock icon and the address that begins with https: /.
- Payments are best made through secure gateways of payment systems: they transfer you to the bank's website, which sends a confirmation code in an SMS message to confirm the operation.
- Connect SMS notifications or push notifications about operations. So you will immediately find out if someone uses the card to make a payment without your consent.
- If you receive calls or messages from the bank with alarming or happy news about the balance of your account, it is better not to keep the conversation going and immediately hang up, not to answer the message. It is worth dialing the official hotline phone number - it is indicated on the back of the card and on the bank's website. Explain the situation to a specialist, he will tell you what is really happening with your account and how best to proceed in this case.
- Use complex passwords for your e-mail and personal accounts on websites. Passwords like 12345 or Password will not protect you. Ideally, all passwords should be different, long, with upper and lower case letters, numbers and special characters. In this case, it is desirable that the password makes sense for you and you can remember it. Like card details, passwords must be kept confidential.
