Jollier
Professional
- Messages
- 1,431
- Reaction score
- 1,454
- Points
- 113
Sergey Pavlovich talked to a masked guest who steals money from European bank accounts. How he came to this type of activity, where the victim databases are bought, how fake pages of European banks are made and how they are distributed among their users, what income this brings - about this and much more in this topic.
Enjoy reading!
Contents:
In this topic
Fisher:
We call the client, tell him special words, a prepared text.
Pavlovich:
You called, say, ten random Austrians. How many will fall for this fraudulent bait of yours?
Fisher:
We are trying to get him to Australian authorization right away.
Pavlovich:
Who is easier to deceive with this particular banking fraud scheme?
Fisher:
Your developers, your traffickers, your calls. The biggest jackpot that we managed to hit? 20 million euros. That's just us. You can't imagine how much other teams have.
Introduction
Pavlovich:
Friends, hello! Today we will talk about phishing. Phishing is such a beast that I first encountered personally in 2003, probably, or even in 2002. And, in general, this is when they make a fake website of your bank, crypto exchange and some other valuable thing and you think that you are on a normal legal site, but you are on a fraudulent one and give away all your data, and then your money disappears on its own, so to speak.
Is that right?
Fisher:
Yes, that's right.
How did the guest get into the field
Pavlovich:
Please tell us how you got into this field and how long ago?
Fisher:
I got into this field, let's say, in 2016. It all started with the fact that we were looking for a way to bypass, well, they didn't let block-making offices into the system, we were looking for a way to bypass this, and ended up on one shadow plan. We looked for shares, looked, looked. We found nothing, really nothing. Nothing worked. And after some time I met a person who invited us to the topic.
In his own way. He wrote software. He had his own person. He needed an extra person in the team. That is, he took accounts for software, then sold them. Then they took another person in the team. Through a certain office. There is their own, now it is called by another name. By login and password it is tied to the offices. We worked and worked for a certain time, so then experience happens, experience comes.
You start reading more, learning and being interested, and here you are on the topic of phishing. We really liked it. It is relatively simple and at the same time very complex.
What is phishing
Pavlovich:
And what is phishing in your understanding, if you briefly describe the type of activity?
Fisher:
These are fake pages on the Internet of the original site, to a bank, to some deplorable system. Only a fake site. A person comes, he goes to an unofficial site, and to the fake one by a link. He leaves his data, and after that we are already working. That's it. The person himself does not understand this. Only over time he understands.
How phishing worked before
Pavlovich:
The first time I personally used phishing was in 2003, we had huge, simply gigantic databases of cards, well, dumps, yes, and it was possible in principle to steal something from an ATM, but there was no PIN code and there were just phishers like you back then in 2003, who simply sent out forms en masse to clients of all banks, they hung up these fake sites there and people entered the
card number and PIN code, but we didn’t know whether it was in our database or not, we didn’t have any emails, no contact information, we only had the Dump card number and the PIN code itself and there were about 5-10 PIN codes out of a million, that is, we directly saw what the phishers were supplying us with, and that’s it, we have a dump, we can steal, and from the phishers we receive a PIN code for it for a percentage, we just go to the ATM, stupidly withdraw.
That was the first time I encountered phishing.
Fisher:
Then, I'll be honest, everything was much simpler, now everything is much more complicated. In my understanding, personally equipping myself, in my understanding everything is more complicated. It's a code system, it's not enough to get a person's data. First, you have to lure him in, conduct a competent Well, in a word, talk the person into believing it. Sending him, for example, the necessary link - it's not enough for him to send the login and password or link it to a mobile application.
You also have to send this money. And the system works completely differently there. Everything has become so complicated there. Before, it was enough to just change. I don't know, insert the card into the ATM, and that's it. But now it's all over.
Pavlovich:
Well, in the case I'm talking about, just banking information, so to speak, it was obtained through random spam, you know, but I don't know how it is now, I have a friend who complained that she saw an ad in Yandex Direct.
Well, many people, I don't do that, I usually remember the addresses of my exchanges, crypto exchanges, and other banks by heart and type them into the browser directly, but for some reason most people go there, I don't know, they need Tinkoff Bank, yes, and they type it directly into Yandex, it's some kind of nonsense, actually. That's how she caught a fake link, there, someone pushed a fake Binance through Yandex advertising, and, basically, she lost all her money, albeit small, there.
How do they get information
Pavlovich:
So how do you get information, and what kind of information are you interested in? You said banks, payment system.
Fisher:
Well, first of all, we don't work with Yandex.Direct at all, this is a certain principle. Secondly, we work only with Google, we launch advertising through it. And only then I will return to this, everything is not so simple there. In fact, there are two development paths. Thirdly, what kind of dump data do we need? Login and password. And we definitely catch the SMS to link it to the mobile application. I would like to return to this, so that all this happens itself.
What principle do we work on? First, well, as I already wrote, we only work purely in Europe. Only in Europe. I'll explain why in Europe. There is a very interesting thing there. It's an instant transfer. The transfer arrives within ten seconds. But again, I'll go back to the fact that now it's not as easy as before. This also doesn't work that much, but it does. How do we do it? We simply choose a country, test it for a very long time, and choose a bank.
There is an official list of these banks connected to this system on the Internet. And when you start using them, and they are either disconnected, or, excuse the expression, many work in Europe. The banks' schemes are so well-established, they are already afraid of everyone, the limits are so small. We always choose a bank so that this particular system is available. And we always communicate with colleagues on forums about which country, which banks.
We try to choose a more or less normal bank, which most of the staff, so to speak, haven't gotten around to yet. Well, or we got there, but, so to speak, not everyone works there. We choose this bank and try, as they say, on this side, well, on Europe. For example, if we take Austria. Now in general such a moment that it is a very good country. We buy a database of telephone numbers on this side. And, as a rule, in each country there is a certain top of banks. And it is also worth adjusting to it, based on the previous price list.
We take all this into account.
Fisher:
We call the client, tell him special words, a prepared text. Well, there, about suspicious transactions and so on, and so on. Before that, we call the client for the first time, ask for a telephone number and specifically the person's first and last name. Do you have an account in this bank? We ask this question. Well, in general, you had suspicious transactions, transfers there. Our goal is to find out only the initial information from him. We call, introduce ourselves as banks, well, of course, with a substitution of the number, we ask for passport details, registration certificates, we ask for the date of registration.
Well, and the most important thing is that we are all good, we will check all this information, and will call you back in the near future.
Pavlovich:
In German, respectively, yes?
Fisher:
Yes, yes, of course. We have callers in both English and German. Many people who live in Europe speak English anyway. There are a lot of English-speaking people in Austria. Well, it's 50/50 here. Here, you see, both in English and in German. We found out all the data we need. Let's move on. We called, called back, found out, clarified everything. We found out everything we need. What do we do next? We go to a third-party bank. And the most important thing is that it is desirable that the same client be in this third-party bank.
Well, let's take, for example, look, a client at Raiffeisenbank. We register an account on the neighboring side using the same data. The bank's mandatory requirement was that there be a registration location. This is one of the most important parameters. We register a bank account using the same data that we learned from the client. If we pass registration, if everything is fine, we then check it out. We, how do you mean, well, what do you mean, check it out? We, that is, drive 100, 200 dollars into his account.
About warming up accounts
Fisher:
We drive from account to account. We call it warming up. Warming up.
Pavlovich:
But you register, it turns out, this self-registration using some fictitious data, right? Are you doing a rendering?
Fisher:
Yes, we do a rendering, we roll up all the data. Well, before that, we called the client from the database. But before that, we brought out all the data, the real one. Well, it turns out that he has the same account in a bank in another country using the same data. You can easily open three to five accounts in one name. In Europe, this is allowed, they allow it, it’s like, well, not against the law. So we did this warm-up, and then comes the most interesting part.
Registration on exchanges
Fisher:
We use the same data that we took from the client and register him on the exchange.
And here there are two possible developments. If this account already exists on the exchange, we don’t know whether it’s there or not, whether it’s registered with us or not. If this account already exists, then we go and warm up the next client. As a rule, this happens very rarely.
Pavlovich:
But you can register it, try it out not on one crypto exchange, but on fifty and so on.
Fisher:
It’s possible, I just don’t want to name them, we kind of have our own exchanges where you can easily register. I think you know, yes, which exchanges we’re talking about. Such exchanges exist, believe me. Well, we register it with the same data, with the same exchange, and we start to link the same account to this exchange, which we recently registered. We link it there. If you link it right away and immediately start to defend it, it can be blocked. We don’t need this, we try to keep it alive for as long as possible. So that this system is designed to minimize suspicion of what we are doing.
We also warm it up for a certain amount of time. As a rule, it takes us, well, five working days, let’s say. We check self-registration in a couple of days. So, in general, we linked everything, we warmed up the exchange. We have a client, we have an account to which we can instantly send, which is registered in the same bank. And this same account, which is in the same bank, is linked to the exchange. To the data of the same client.
Then we call and say, remember, we called you, like this and that, like, introduce ourselves, say, well, we called, checked your data, on your account, well, the standard scheme, on your account, a suspicious transaction is going on. Everything depends on many factors. I'm just explaining this to you briefly now. Well, in general, there are many factors, I won't say this now, but we tell him the following - we suggest you do the following.
How the process of deception
Fisher occurs:
We transfer. Well, not that we transfer, we can't do it without you. That's what we don't have the right to create. You can only do it yourself. We explain about the limits and say that such and such amounts can be sent to a safe account. And only after we transfer, we can freeze your account so that no one steals anything from it. And the second option is here. If the client starts to suspect something and is afraid, well, doubts, then we say, well, look, now we will send you a link to a normal bank.
Here is a real link, you follow it, look and see for yourself that what we are talking about. You go to this site, log in to your account, and after you log in, you will have your own personal account there, where you can see everything. And if you register there, then that's it, your accounts will be automatically blocked. And if he does not want to send it voluntarily, and the thing is that the system knows him, we have already created his account there.
Well, you know, such situations were in the most ideal time. Now this often does not work out. And so we do the following. We send him a link, he follows it, goes to the site, enters a login, password, and at this time downloads the application in advance. Well, and of course, then we log in using this login and password. He is still on the loading page, and she has already received an SMS. And we have already linked the application to ourselves.
Pavlovich:
But the SMS is sent to his phone when you log in to the application.
Fisher:
So he confirms it to us. He still enters it into the application, that's it, the SMS came, he entered it, the application was relinked. And look, the most interesting thing is happening. He needs to constantly send in order to log into the application and receive SMS. But look, how can we do this. We can, let's say, pick up as much as possible. But again, this is a different question. Well, it seems to be a fraud system, which I talked about at the beginning. That is, we can, let's say, pick up by IP, well, do something like that.
How many people are led
Pavlovich:
But tell me, we just filmed a lot there, and in general the topic is widespread, they hammer every day, There are a lot of stories from Ukraine about these bank call centers in the Russian Federation, which do not encounter such difficulties.
But let's say you called ten random Austrians, whose full name and phone number you only know. You called, and how many will fall for your fraudulent bait? Will they give you their details, or will they transfer the money themselves. Or 100 people. This is probably a small sample. Out of 100 people, how many will end up parting with their money?
Fischer:
Let's take ten, for example. It's convenient for me. It will be more convenient. Out of 10 people we called, roughly speaking, three or four are easy. We call two or three more people, two or three people don't pick up the phone at all. Well, what's left then? Well, four people. Well, even if we take this, that is, the first two or three bounced, two or three did not pick up, and so on. That is, 10% is the success rate, right?
Well, here's how they show in practice, two people out of ten, if we got through, processed everything according to all the parameters, the person told you everything, showed you, then yes, no problem.
Pavlovich:
20%, I understand IP on normal services, on Proxy, on Luminazi too, now take, the date is called you can select up to the city of the victim.
Fisher:
On digging, literally, listen, it takes a couple of hours.
Pavlovich:
You say you only use the main one. That is, in essence, this is a one-page land-dos, right?
Fisher:
No matter how you look at it, you see the tricks. It still differs slightly from the original. From one account, we were able to pull out a maximum of ten at a time in one transaction.
What are the limits in banks?
Pavlovich:
And what are the limits in practice, plus or minus? It is clear that different banks have different ones, you yourself spoke about this at the beginning, but in practice?
Fisher:
In general, the SEP for instances is provided for up to 15 thousand euros. This is an instant transfer. Besides this, there is a slightly different one, it is up to 100 thousand euros. But this one, yes, is more, but it takes longer. Within five working days.
Average amounts on accounts
Pavlovich:
The average amount for Europeans, so, the average amount for the same Austrians?
Fischer:
On average, about 100 thousand euros.
Pavlovich:
So, when you call, you immediately reject students, someone else? You call, figuratively, men 40+, or what is the fattest crowd?
Fischer:
There we call when, you know, there is already a sample. When we buy a database, let's say, 35+.
Pavlovich:
And men, women?
Fischer:
According to statistics, mostly women.
What are the problems
Pavlovich:
That is, the problem is, in fact, two of them, right? That is, well, in fact, more, but primary. That is, to find the databases of who to call, and you also need this normal person who speaks German, let's say, or English. Well, in fact, this is the same bank fraudster, like the PRF calling, he just speaks English or German. Well, yes, it turns out that way.
It's also interesting, and you also buy databases, figuratively you can find, I don't know, some open telephone directories for Austria, for example, like in the eye of God you can find for the Russian Federation, well, exactly the same, probably, some telephone directories with full names you can find for any European country.
Fischer:
Well, yes, you can. But, listen, it's possible not only in Austria. Maybe, outside the taken directories. Many people simply hack these databases. They are sold. There used to be a very good one. Such a forum, I don't know, have you heard of it or not? It was called Ray.
Pavlovich:
Well, I heard, yes.
Fisher:
Were databases sold there? Any. For spam. Well, listen, you could buy a lot there. I liked it. In the sense that you could buy almost everything there. Now it has become more difficult. In the US, they generally try not to sell databases. There is a huge problem even with the number substitution itself. And therefore, you see, in the US it is a problem, but in Europe, number substitution works great.
Pavlovich:
From my experience, the States monitor this much more seriously, track it down and punish ultimately. It is dangerous to steal from the States in general.
Fisher:
I know that. That is why my partners and I chose Europe. It is also dangerous to listen to Europe. In the West, probably Europe.
Pavlovich:
Well, that means the scheme is that if you finish off this episode, then he himself either transferred it to an alternative account in his name in another country, and you immediately drove the money to a crypto exchange. Well, or if you didn't translate it yourself, then it turns out that you received the login and password from his application, from his personal account, he also gave you the SMS, and you translate all this yourself through the mobile application.
Fisher:
That's right.
What capacity
is Pavlovich:
Okay, 20% is quite a lot there, but what capacity? That's how many people you can figuratively call per day to successfully fish out 20% of yours.
Fisher:
At the peak, we called 37 people. It just happened that all weekend and everyone picked up the phone and there were not 20 people there and to chat a little while he knows, okay, just to chat, he asks you a bunch of questions, while you find out everything, while you write everything down for one client, it can take up to half an hour.
Who is easier to deceive
Pavlovich:
You saw how many work in Russia. Who is easier to deceive with this banking fraud scheme - Europeans, who are more trusting, more sincere, well, they were deceived less, or Russians, or does it make no difference at all?
Fisher:
I have never worked in Russia at all. But judging by what I have heard, it seems to me that Europe and Russia are the same.
Pavlovich:
So it depends on the skill of the caller, probably the most important criterion?
Fisher:
Yes, of course. But how convincingly can he talk, how much can he gain a person's trust. He needs to know a detailed legend, so that he sees it all, knows it all. This is a lot.
What is the second scheme?
Pavlovich:
Okay, the first scheme is related to obtaining databases and calling them. That is, it is not much different from the Russian one. The second scheme, this is how you obtain... You talked about Google, there, advertising companies, etc., etc.
Fisher:
I'll explain now. We are now slowly trying to move away from this, because this topic is becoming more and more complex. What is the situation? A lot of people work in Europe. I know at least a couple of teams that are really big, really large-scale. The thing is that when they make a phishing site, the same, well, any bank, in this regard, the same bank that is written in Google, it comes out several at once, and that is why it is difficult. And by direct keys, so what do direct keys mean? Login some bank, there, mobile bank, all that, they have all been banned for a long time, that is why it is very complicated.
There are echo keys left, the so-called. Well, I think you understand what I am talking about.
Pavlovich:
Well, echo no. Do you mean long tail keys with long tails, two- or three-part?
Fisher:
Yes. That is, well, launch it on it, wait for at least some pairs of clients to appear someday. And sit and be sure that it will not be blocked. Well, it will not fly into the block for you. There is no point at all, if this complexity is often present. Because the main keys, which are the fattest now, which have a really good volume and traffic, they have all been banned for a long time. And it is becoming more and more difficult to find such banks. You need to provide a database, do it for the client.
Either, you see, he, as I said before, sends it himself, or through a phishing link.
Pavlovich:
And while there were no bans on these keywords for advertising campaigns in Google, this traffic volume, of course, was much higher and easier, yes, to work with, than calling the client.
Fisher:
This is in Europe, I apologize, everyone and their dog did it when it was.
Pavlovich:
Well, and Google, well, of course, you need to cloak it, for example, that is, pass it through, so that the Google moderator sees one link, but in fact another one is shown to him there. So you did all this, right?
Fisher:
Well, this is a normal standard scheme. But, look, there, again, there are a lot of nuances.
Pavlovich:
In Europe, you say, there are already a lot of people working, you know, several teams and so on. Basically, yes, who is hammering them? These are Russian-speaking people, that is, Russia, Ukraine, probably, and so on. That is, I don’t think there are any Romanians there. Although the Romanians are also such swindlers, I want to say. They are also constantly hammering.
Fischer:
On this topic, you know, I didn’t really want to talk about nationalities.
Pavlovich:
Well, it’s clear, people from the post-Soviet, Well, from the former USSR, I think, basically, in any case. An American is unlikely to call an Austrian and trick him into giving up a bank account.
Fischer:
We are currently working with some guys, the so-called old-timers. Here is one, one is Ukrainian, and the other is from Italy.
Pavlovich:
Well, is he really a foreigner or is he our Russian-speaking one too?
Fischer:
Lives in Italy.
Which scheme do you like more?
Pavlovich:
Well, like that, yes, which ones did you like more, namely when you were getting information for logging in through Google or by calling.
Fisher:
It was more convenient, you know, when you were using a phishing site. I'll tell you this, the demand was not that strong then. But every year it's getting stronger and stronger. Now there are few people on the phishing site. Where does he log in with his login and password? And an SMS, and so on. You still have to send money there. And now these systems, they have become so complex. They just don't look down to the depth of the screen color. Like, you know, the password hasn't really played a role for a long time now.
Pavlovich:
Well, I know, because the fingerprint, it records the entirety, the screen resolution, the language, the country, the browser, the operating system, the operating system version, the browser version, and so on. That is, in some of my services, of course, I also collect, because, well, people fake IP, yes, IP on normal services, on Proxy, on Illumination, there is BrightData now, you can pick up right down to the victim's city.
And in my cashback, for example, I look, it seems like the users are different, but they have the same behavior model. They hammer there, they try to fraud the same store through me. And it seems like they changed the IP, but I see that their fingerprints are always the same device. And, naturally, banks, well, I do this at my amateur level, banks have all this automated and that's what you're talking about, right?
Fisher:
Yes, but it still depends on many factors. Based on the latest testing, we found out what we were talking about with the guys, consulted with the guys from the forum, there are guys there, well, and much more experienced. I'm telling you, they even check my stories down to the depth of the screen color. There you see, so, you can't guess, only here they tested the method. So, you can't guess, they collect so much data. It used to be easier, there used to be a logger, but now, you see, not only is it used, it's just slowly dying out.
This is, well, based on my experience. It's getting more and more difficult to send with logs.
About cashing out earned funds
Pavlovich:
But if we return to cashing out funds, then you simply, if you managed to transfer money to this self-register, yes, then you simply drive them directly to the crypto exchange, I don’t know, buy some bitcoin with them and the bitcoin, then transfer it to some other exchange or directly to the mixer, yes, and then you receive it cleaned. In approximately this way?
Fisher:
Of course, I won’t say which exchange we do this on.
Pavlovich:
Well, plus or minus, that is, the schemes are general, of course,
Fisher:
There is a well-known mixer, I take a bitcoin, and then cash it out.
Pavlovich:
And how much percent does the mixer take for itself?
Fisher:
It varies, listen, to those that we sing, it takes one and a half percent.
Pavlovich:
I've just seen mixers that, depending on how dirty your money is, yes, the first criteria, and the second, on how deeply you want to clean it, I've seen them take from one to five percent. And it also depends on the amount.
Fisher:
Well, I'll put it this way, so that it can be cleaned well later.
Pavlovich:
Well, 5% means that you receive money not necessarily in the same bitcoin, but in the same USDT, in different transaction sizes, not in one amount, but, say, in two amounts. Different amounts come directly from crypto exchanges, figuratively from Binance to different wallets, and absolutely clean money, because it comes from Binance, for example. And that costs 5%. I don't know if that's a lot or a little, but probably, in order not to sit for 10 years, probably give a little 5% and sleep peacefully.
Like the tax slogan.
Fisher:
Interest in general is something relative, so to speak. Interest is very relative. 50% of a million or 10% of 100 thousand? How do they value you here?
How to quickly clone a site
Pavlovich:
I was always interested in how to quickly clone, figuratively, a website of some bank. Because when you lure people to fake banks, crypto exchanges, payment systems, that is, for this you need to do what, clone their site, so that all sorts of data falls there for you and falls quickly, and at the moment of input, then you need to choose a domain that is as similar as possible to the domain of the bank's address, for example, just in a different jurisdiction, figuratively speaking, domain zone, and also there, well, probably install some SSL certificate so that the browser does not scold.
Fisher:
Yes, but we do not copy the exchange, we copy sites. On the digging, literally, listen, it takes a couple of hours. Well, and there are all sorts of additional tweaks. Change, so that you, well, are not burned by the system. Now, too, you see, the system is easy. Here, well, look, the same Google. We do not understand on what principle, but here it compares pictures. You see, pictures, fonts, if something is a little similar, it already blocks it. All this, you see, you need to take it all into account, change everything, it all changes so that it is as similar to the original as possible.
Pavlovich:
You say you only use the main page. That is, it is essentially a one-page landing page, right?
Fisher:
Well, the main page of the form. Well, we try to make it so that a person immediately goes to the authorization page. That is, a person goes to the main page, well, we understand what he wants to do. He will want to register. Well, although, maybe he wants to read some information, or something else. He came up, maybe he saw it, he was distracted by something there. So that he immediately gets to the authorization page. So that, well, he immediately enters his login and password. Yes, you see, when, for example, a person enters the name of a bank, login, that is, in any other similar login, so that he immediately gets an authorization page.
Of course, it happens when we make complex fishes. Yes, we have to. A whole page, yes, we have to make.
Pavlovich:
Well, do you do this with the efforts of your teams or outsource, figuratively speaking, order it to save time?
Fisher:
Oh, listen, well, of course, our own team. We have our own developers, our own traffickers, our own callers. That is, well, and those who call.
Pavlovich:
Well, in general, it's a team effort, I see, in any case, right?
Fisher:
Listen, we have sixteen people on the team.
How is the money divided between the team members
Pavlovich:
It's a lot. And how, for example, you hit the jackpot, let's say, 100 thousand euros, yes, and, by the way, let's talk now about what the biggest jackpot was, and here are 16 people, 100 thousand euros, how do you, in what proportions do you divide it, that is, equally to each member of the team, or there is one who performs some complex functions, more, one less, and so on. Can you talk about this?
Fisher:
Listen, everything is going smoothly here, absolutely smoothly. Everything is divided equally among absolutely everyone. We don't have anyone who is cooler, who did something harder or anything else. We don't have that, everything is smoothly divided among us.
The biggest jackpot
Pavlovich:
The biggest jackpot that you managed to hit, let's say, one-time and in a month?
Fisher:
You mean one-time from one account? The maximum we managed to get from one account was ten at a time in one transaction.
Pavlovich:
Well, let's say this account only allowed you to make one transaction, you couldn't empty it completely.
Fisher:
As a rule, if you made a second similar transaction, there is a 90% chance that your first transaction will be frozen as well. It's better not to do that with SB. One account, one transaction, and the next.
Pavlovich:
And up to 15 thousand euros, yes, because this is an instant CPU.
Fisher:
Of course, it depends on the bank, you see these fast transfers. There are banks we work with, well, that is, it’s normal 15k euros. There are up to 50, but it’s very complicated there.
Pavlovich:
Let’s say one account, okay, 10 thousand euros. I thought, to be honest, more, when you started talking about hundreds of thousands of euros. Okay, ten.
Fisher:
No-no-no, that is, you see, that’s... I’ll interrupt you now, that’s SEP, there are SEP-transfers, and there are SEP-Insta. SEP-transfers, that is, to the European zone, that’s up to 100 thousand euros. You can transfer in one operation. Yes, now it’s a second, if I’m not mistaken, I think, even a day. But it takes 3-5 days. And for the fast payment system, this is an operation where you just transfer 10 seconds, that’s it, and they’ve already arrived.
Pavlovich:
And how much do you make in a month, it's clear that there are more successful ones, less successful ones?
Fisher:
Let's put it differently, look, we're taking it clean. There were times when we actually withdrew serious amounts, the most serious ones were withdrawn in a month, I'll tell you now, no, I can't say for sure, of course, I'll tell you, approximately, it was 100, I think, 115 thousand euros, if I'm not mistaken.
Pavlovich:
Well, not much, if you spread it out among 16 people, it's 8,000 euros figuratively speaking, well, it's not that much money.
Fisher:
Well, that's the first question about what it is, who gets what percentage, you see, it depends on which team, the developers get less.
About the phishing industry
Pavlovich:
And the volumes, you say, the team is big, in my opinion it is big, and you know the competing teams and so on, And in your opinion, in general, the volume, well, the industry of this phishing of Russian-speaking cybercriminals, how big is it? Are there hundreds of people involved, thousands, there, tens of thousands?
Fisher:
Well, listen, it's not dozens, not hundreds, exactly, it's, you know, how can I tell you, how is it done? It's done on a crazy scale. I only know two teams with whom, you know, we communicate more or less. And I also know how many other teams there are, but we don't communicate with them, but they work there as a whole, there really are whole teams. We can say this, look, we had a turnover. The turnover, well, look, what we withdrew, but didn't have time to take it clean, which was frozen somewhere, lost somewhere.
This is from 2.5 million euros. This is just for us. You can't imagine how much other teams have. This is per month, this is for millions of photos, probably 100 euros.
Pavlovich:
And how did it happen that out of all the criminal areas, yes, on the Internet, there, all sorts of carding, Samara, GBA and everything else, Robin Hoods, I think you understood why Robin Hoods. And you got into phishing.
Fisher:
Well, I initially said that I got into Brute, but Brute is difficult, these are databases, it was difficult. And then I met a person, there is such a topic, phishing. Well, we then made a website, some coupons there, we started all this, then we started to design it all, enter it, then we linked Google Play, Apple Pay, everything went off and on. Listen, I fell in love so much that I realized, well, here it is, the scheme. It is simple, and you don’t have to do anything. I’m telling you, again, if Google lets you through, if you are also a handy programmer, then, listen, I don’t want to work.
Well, you see, unfortunately, gradually all this is more and more. The system is more and more complex. Even despite this, what you see, there is a lot of experience. I looked at some directions, then at other directions.
How to avoid phishing
Pavlovich:
And how to avoid phishing? Because this concerns not only Europeans who do not watch us, but also Russian-speaking residents. Because, as I said, fake sites also get through in Yandex.Direct, and quite often.
Fisher:
If only to say, you know, carefully-carefully-carefully look at the dominions. Very-very-very carefully. When going to a site, you must definitely... For example, well, in addition to phishing, go to any other search engine. Open the same bank. Compare how it all looks. Look at how they are with each other... No matter how you twist it, you see a chip, it still differs slightly from the original. In Tinkoffs, font. There the gamut can always be slightly different. Well, I'm keeping quiet about that dominion, but this one is different.
Somewhere letters, somewhere something. At one time we were so unable to work that we simply took the left-wing domin. And there people didn’t even look at the name. They just switched. They switched on pure faith.
Pavlovich:
You know how they fought against it before, for example, figuratively Tinkov, yes, for example, a lot of money. Well, before there were domain zones, I don’t know, well a hundred. There are COM, NET, ORG, RU, SU and so on, well 100-200 for the whole world, TV, there are all sorts of others, but now I buy domains in namechip, there are 1200 domain zones only in namechip, and that’s not including the Russian ones, there are Cyrillic ones and so on.
If earlier a bank could easily buy out its domain there in 100-200-300 zones, that you can't directly Tinkoff, you can't register Tinkoff RU, I don't know about Tinkoff, AIO for example, yes, they bought out, but now it seems to me that with such a number of domain zones this is simply losing its relevance, I just haven't seen anyone with very big money buying up all the domains with their name in recent years.
Fisher:
Well, to be honest, I haven't seen anything like that at all, but I saw, I saw that you bought up the most basic ones, for example, ru, com.
Pavlovich:
That is, in principle, you take a domin, well, if you need tenkov there, then you won't take tenkov ru, but tenkov there, whichever is free, figuratively speaking, ai-o, yes, that is, the brand matches the brand letter for letter, right?
Fisher:
It all depends on the specific situation. If there is a possibility to replace one letter in the domino itself, then it should be done. If you leave, for example, the ending, I don’t know, there, well, let’s say, okay, Tinkoff take, let’s say, 3 and put it. You see, it all works on a person’s attentiveness. You call and say that such and such a thing. He doesn’t look, he doesn’t check, he wants everything faster, faster, faster. This is, I’m telling you, social engineering, this is you, well, scaring a person. If, so to speak, a person is, well, not particularly smart, he will immediately lead. If a person has a head, as they say, he will think about it. Or he will check and double-check.
Why did decide to stay in crime
Pavlovich:
That’s why you seem to be a developed young man, you could succeed in the same arbitration and in something else, right? So what is cybercrime for you? Is it a way of life? Or did you try it, did you get sucked in? Or are you perhaps planning to leave there, having earned enough, I don’t know, for some legal business? What do cybercrime and phishing mean to you now?
Fisher:
In real life, I’ll tell you this: I tried to do something in parallel, but, unfortunately, I couldn’t. I just found a way out. Well, I think, well, like everyone else, the goal is to earn money in business.
Pavlovich:
But I once had an obsession. Remember how, for example, Bender asked Balaganov how much money you, Shura, need to be happy. And he says that it’s 6,400 or something rubles. I had this at one time, when I was doing carding, DFX is like, earn a million dollars and get out. Well, I don’t know why a million, but I liked the figure. It wasn’t justified by anything, I just liked it.
And did you define for yourself some amount of cash, after which you would leave the terminal forever?
Fisher:
Listen, 2 million euros. I’ll earn it and that’s it.
Did you imagine what would happen if they put you in jail?
Pavlovich:
Have you ever thought about what would happen if you were suddenly put in jail for something? Have you ever imagined such situations, what would you say to your parents, girlfriend, wife, etc.?
Fisher:
What would I say to my relatives, friends, close people, I didn’t really imagine. I figured it would be very difficult. If something happens somewhere, it's at least 15 years, yes.
Pavlovich:
How about not traveling around the world?
Fisher:
Well, I've clearly decided for myself that I won't go where I don't need to. In principle, I don't travel anywhere. I'll earn the money I want. Well, and where I am now, there are a lot of beautiful places.
Pavlovich:
Well, I want to say, in fact, that it's not easy. Since 2000... The last time I was abroad was in 2008. Although I was lucky, because I've been wanted by Interpol since 2004, as it turns out. But from 2008 to 2023, what time is it now, 15 years have passed. And I already have money, and a family that also wants to go somewhere. And to Italy, and there, and to the Maldives. This is already becoming a problem. That is, well, this is already really depressing and so on.
And maybe the case will finally be closed and I'll go somewhere. But if I'm simply not allowed to leave there for the rest of my days at a young age, well, okay, yeah, then over the years you realize that, damn, the money I had there for the whole time, 1-2 million dollars, well, they weren't even close to worth it. Not only is there prison, but then I'm also deprived of the opportunity to calmly cross paths around the world.
So we can only wish you to earn money for this dream of yours as soon as possible and leave this criminal activity and do something more useful.
Fisher:
You see, you're reasoning from your side, because that's the experience. Well, you've already been in places not so distant for this case, so to speak. Maybe not only for this case, maybe for another. You... In short, you've had a lot of time to think. In any case, you've gone through this path and realized that all this can be done differently. See? But I didn't have such experience. And, you see, for myself I see only this direction.
Results
Pavlovich:
Friends, write in the comments whether you have encountered phishing in your life, whether you have come across fake websites of banks, payment systems, crypto exchanges and maybe some others that we simply did not pay attention to in the issue or your friends, maybe including and in general what you think about this specifically criminal topic. Hugs, bye.
Enjoy reading!
Contents:
- In this topic
- Introduction
- How the guest got into the sphere
- What is phishing?
- How Phishing Used to Work
- How information is obtained
- About warming up accounts
- Registration on exchanges
- How does the process of deception work?
- How many people are being led
- What are the limits in banks?
- Average amounts in accounts
- What are the problems?
- What are the capacities?
- Who is easier to deceive?
- What is the second scheme?
- Which scheme do you like better?
- About cashing out earned funds
- How to clone a website quickly
- How money is divided between team members
- The biggest jackpot
- About the phishing industry
- How to avoid phishing
- Why did you decide to stay in crime?
- I imagined what would happen if I was jailed
- Results
In this topic
Fisher:
We call the client, tell him special words, a prepared text.
Pavlovich:
You called, say, ten random Austrians. How many will fall for this fraudulent bait of yours?
Fisher:
We are trying to get him to Australian authorization right away.
Pavlovich:
Who is easier to deceive with this particular banking fraud scheme?
Fisher:
Your developers, your traffickers, your calls. The biggest jackpot that we managed to hit? 20 million euros. That's just us. You can't imagine how much other teams have.
Introduction
Pavlovich:
Friends, hello! Today we will talk about phishing. Phishing is such a beast that I first encountered personally in 2003, probably, or even in 2002. And, in general, this is when they make a fake website of your bank, crypto exchange and some other valuable thing and you think that you are on a normal legal site, but you are on a fraudulent one and give away all your data, and then your money disappears on its own, so to speak.
Is that right?
Fisher:
Yes, that's right.
How did the guest get into the field
Pavlovich:
Please tell us how you got into this field and how long ago?
Fisher:
I got into this field, let's say, in 2016. It all started with the fact that we were looking for a way to bypass, well, they didn't let block-making offices into the system, we were looking for a way to bypass this, and ended up on one shadow plan. We looked for shares, looked, looked. We found nothing, really nothing. Nothing worked. And after some time I met a person who invited us to the topic.
In his own way. He wrote software. He had his own person. He needed an extra person in the team. That is, he took accounts for software, then sold them. Then they took another person in the team. Through a certain office. There is their own, now it is called by another name. By login and password it is tied to the offices. We worked and worked for a certain time, so then experience happens, experience comes.
You start reading more, learning and being interested, and here you are on the topic of phishing. We really liked it. It is relatively simple and at the same time very complex.
What is phishing
Pavlovich:
And what is phishing in your understanding, if you briefly describe the type of activity?
Fisher:
These are fake pages on the Internet of the original site, to a bank, to some deplorable system. Only a fake site. A person comes, he goes to an unofficial site, and to the fake one by a link. He leaves his data, and after that we are already working. That's it. The person himself does not understand this. Only over time he understands.
How phishing worked before
Pavlovich:
The first time I personally used phishing was in 2003, we had huge, simply gigantic databases of cards, well, dumps, yes, and it was possible in principle to steal something from an ATM, but there was no PIN code and there were just phishers like you back then in 2003, who simply sent out forms en masse to clients of all banks, they hung up these fake sites there and people entered the
card number and PIN code, but we didn’t know whether it was in our database or not, we didn’t have any emails, no contact information, we only had the Dump card number and the PIN code itself and there were about 5-10 PIN codes out of a million, that is, we directly saw what the phishers were supplying us with, and that’s it, we have a dump, we can steal, and from the phishers we receive a PIN code for it for a percentage, we just go to the ATM, stupidly withdraw.
That was the first time I encountered phishing.
Fisher:
Then, I'll be honest, everything was much simpler, now everything is much more complicated. In my understanding, personally equipping myself, in my understanding everything is more complicated. It's a code system, it's not enough to get a person's data. First, you have to lure him in, conduct a competent Well, in a word, talk the person into believing it. Sending him, for example, the necessary link - it's not enough for him to send the login and password or link it to a mobile application.
You also have to send this money. And the system works completely differently there. Everything has become so complicated there. Before, it was enough to just change. I don't know, insert the card into the ATM, and that's it. But now it's all over.
Pavlovich:
Well, in the case I'm talking about, just banking information, so to speak, it was obtained through random spam, you know, but I don't know how it is now, I have a friend who complained that she saw an ad in Yandex Direct.
Well, many people, I don't do that, I usually remember the addresses of my exchanges, crypto exchanges, and other banks by heart and type them into the browser directly, but for some reason most people go there, I don't know, they need Tinkoff Bank, yes, and they type it directly into Yandex, it's some kind of nonsense, actually. That's how she caught a fake link, there, someone pushed a fake Binance through Yandex advertising, and, basically, she lost all her money, albeit small, there.
How do they get information
Pavlovich:
So how do you get information, and what kind of information are you interested in? You said banks, payment system.
Fisher:
Well, first of all, we don't work with Yandex.Direct at all, this is a certain principle. Secondly, we work only with Google, we launch advertising through it. And only then I will return to this, everything is not so simple there. In fact, there are two development paths. Thirdly, what kind of dump data do we need? Login and password. And we definitely catch the SMS to link it to the mobile application. I would like to return to this, so that all this happens itself.
What principle do we work on? First, well, as I already wrote, we only work purely in Europe. Only in Europe. I'll explain why in Europe. There is a very interesting thing there. It's an instant transfer. The transfer arrives within ten seconds. But again, I'll go back to the fact that now it's not as easy as before. This also doesn't work that much, but it does. How do we do it? We simply choose a country, test it for a very long time, and choose a bank.
There is an official list of these banks connected to this system on the Internet. And when you start using them, and they are either disconnected, or, excuse the expression, many work in Europe. The banks' schemes are so well-established, they are already afraid of everyone, the limits are so small. We always choose a bank so that this particular system is available. And we always communicate with colleagues on forums about which country, which banks.
We try to choose a more or less normal bank, which most of the staff, so to speak, haven't gotten around to yet. Well, or we got there, but, so to speak, not everyone works there. We choose this bank and try, as they say, on this side, well, on Europe. For example, if we take Austria. Now in general such a moment that it is a very good country. We buy a database of telephone numbers on this side. And, as a rule, in each country there is a certain top of banks. And it is also worth adjusting to it, based on the previous price list.
We take all this into account.
Fisher:
We call the client, tell him special words, a prepared text. Well, there, about suspicious transactions and so on, and so on. Before that, we call the client for the first time, ask for a telephone number and specifically the person's first and last name. Do you have an account in this bank? We ask this question. Well, in general, you had suspicious transactions, transfers there. Our goal is to find out only the initial information from him. We call, introduce ourselves as banks, well, of course, with a substitution of the number, we ask for passport details, registration certificates, we ask for the date of registration.
Well, and the most important thing is that we are all good, we will check all this information, and will call you back in the near future.
Pavlovich:
In German, respectively, yes?
Fisher:
Yes, yes, of course. We have callers in both English and German. Many people who live in Europe speak English anyway. There are a lot of English-speaking people in Austria. Well, it's 50/50 here. Here, you see, both in English and in German. We found out all the data we need. Let's move on. We called, called back, found out, clarified everything. We found out everything we need. What do we do next? We go to a third-party bank. And the most important thing is that it is desirable that the same client be in this third-party bank.
Well, let's take, for example, look, a client at Raiffeisenbank. We register an account on the neighboring side using the same data. The bank's mandatory requirement was that there be a registration location. This is one of the most important parameters. We register a bank account using the same data that we learned from the client. If we pass registration, if everything is fine, we then check it out. We, how do you mean, well, what do you mean, check it out? We, that is, drive 100, 200 dollars into his account.
About warming up accounts
Fisher:
We drive from account to account. We call it warming up. Warming up.
Pavlovich:
But you register, it turns out, this self-registration using some fictitious data, right? Are you doing a rendering?
Fisher:
Yes, we do a rendering, we roll up all the data. Well, before that, we called the client from the database. But before that, we brought out all the data, the real one. Well, it turns out that he has the same account in a bank in another country using the same data. You can easily open three to five accounts in one name. In Europe, this is allowed, they allow it, it’s like, well, not against the law. So we did this warm-up, and then comes the most interesting part.
Registration on exchanges
Fisher:
We use the same data that we took from the client and register him on the exchange.
And here there are two possible developments. If this account already exists on the exchange, we don’t know whether it’s there or not, whether it’s registered with us or not. If this account already exists, then we go and warm up the next client. As a rule, this happens very rarely.
Pavlovich:
But you can register it, try it out not on one crypto exchange, but on fifty and so on.
Fisher:
It’s possible, I just don’t want to name them, we kind of have our own exchanges where you can easily register. I think you know, yes, which exchanges we’re talking about. Such exchanges exist, believe me. Well, we register it with the same data, with the same exchange, and we start to link the same account to this exchange, which we recently registered. We link it there. If you link it right away and immediately start to defend it, it can be blocked. We don’t need this, we try to keep it alive for as long as possible. So that this system is designed to minimize suspicion of what we are doing.
We also warm it up for a certain amount of time. As a rule, it takes us, well, five working days, let’s say. We check self-registration in a couple of days. So, in general, we linked everything, we warmed up the exchange. We have a client, we have an account to which we can instantly send, which is registered in the same bank. And this same account, which is in the same bank, is linked to the exchange. To the data of the same client.
Then we call and say, remember, we called you, like this and that, like, introduce ourselves, say, well, we called, checked your data, on your account, well, the standard scheme, on your account, a suspicious transaction is going on. Everything depends on many factors. I'm just explaining this to you briefly now. Well, in general, there are many factors, I won't say this now, but we tell him the following - we suggest you do the following.
How the process of deception
Fisher occurs:
We transfer. Well, not that we transfer, we can't do it without you. That's what we don't have the right to create. You can only do it yourself. We explain about the limits and say that such and such amounts can be sent to a safe account. And only after we transfer, we can freeze your account so that no one steals anything from it. And the second option is here. If the client starts to suspect something and is afraid, well, doubts, then we say, well, look, now we will send you a link to a normal bank.
Here is a real link, you follow it, look and see for yourself that what we are talking about. You go to this site, log in to your account, and after you log in, you will have your own personal account there, where you can see everything. And if you register there, then that's it, your accounts will be automatically blocked. And if he does not want to send it voluntarily, and the thing is that the system knows him, we have already created his account there.
Well, you know, such situations were in the most ideal time. Now this often does not work out. And so we do the following. We send him a link, he follows it, goes to the site, enters a login, password, and at this time downloads the application in advance. Well, and of course, then we log in using this login and password. He is still on the loading page, and she has already received an SMS. And we have already linked the application to ourselves.
Pavlovich:
But the SMS is sent to his phone when you log in to the application.
Fisher:
So he confirms it to us. He still enters it into the application, that's it, the SMS came, he entered it, the application was relinked. And look, the most interesting thing is happening. He needs to constantly send in order to log into the application and receive SMS. But look, how can we do this. We can, let's say, pick up as much as possible. But again, this is a different question. Well, it seems to be a fraud system, which I talked about at the beginning. That is, we can, let's say, pick up by IP, well, do something like that.
How many people are led
Pavlovich:
But tell me, we just filmed a lot there, and in general the topic is widespread, they hammer every day, There are a lot of stories from Ukraine about these bank call centers in the Russian Federation, which do not encounter such difficulties.
But let's say you called ten random Austrians, whose full name and phone number you only know. You called, and how many will fall for your fraudulent bait? Will they give you their details, or will they transfer the money themselves. Or 100 people. This is probably a small sample. Out of 100 people, how many will end up parting with their money?
Fischer:
Let's take ten, for example. It's convenient for me. It will be more convenient. Out of 10 people we called, roughly speaking, three or four are easy. We call two or three more people, two or three people don't pick up the phone at all. Well, what's left then? Well, four people. Well, even if we take this, that is, the first two or three bounced, two or three did not pick up, and so on. That is, 10% is the success rate, right?
Well, here's how they show in practice, two people out of ten, if we got through, processed everything according to all the parameters, the person told you everything, showed you, then yes, no problem.
Pavlovich:
20%, I understand IP on normal services, on Proxy, on Luminazi too, now take, the date is called you can select up to the city of the victim.
Fisher:
On digging, literally, listen, it takes a couple of hours.
Pavlovich:
You say you only use the main one. That is, in essence, this is a one-page land-dos, right?
Fisher:
No matter how you look at it, you see the tricks. It still differs slightly from the original. From one account, we were able to pull out a maximum of ten at a time in one transaction.
What are the limits in banks?
Pavlovich:
And what are the limits in practice, plus or minus? It is clear that different banks have different ones, you yourself spoke about this at the beginning, but in practice?
Fisher:
In general, the SEP for instances is provided for up to 15 thousand euros. This is an instant transfer. Besides this, there is a slightly different one, it is up to 100 thousand euros. But this one, yes, is more, but it takes longer. Within five working days.
Average amounts on accounts
Pavlovich:
The average amount for Europeans, so, the average amount for the same Austrians?
Fischer:
On average, about 100 thousand euros.
Pavlovich:
So, when you call, you immediately reject students, someone else? You call, figuratively, men 40+, or what is the fattest crowd?
Fischer:
There we call when, you know, there is already a sample. When we buy a database, let's say, 35+.
Pavlovich:
And men, women?
Fischer:
According to statistics, mostly women.
What are the problems
Pavlovich:
That is, the problem is, in fact, two of them, right? That is, well, in fact, more, but primary. That is, to find the databases of who to call, and you also need this normal person who speaks German, let's say, or English. Well, in fact, this is the same bank fraudster, like the PRF calling, he just speaks English or German. Well, yes, it turns out that way.
It's also interesting, and you also buy databases, figuratively you can find, I don't know, some open telephone directories for Austria, for example, like in the eye of God you can find for the Russian Federation, well, exactly the same, probably, some telephone directories with full names you can find for any European country.
Fischer:
Well, yes, you can. But, listen, it's possible not only in Austria. Maybe, outside the taken directories. Many people simply hack these databases. They are sold. There used to be a very good one. Such a forum, I don't know, have you heard of it or not? It was called Ray.
Pavlovich:
Well, I heard, yes.
Fisher:
Were databases sold there? Any. For spam. Well, listen, you could buy a lot there. I liked it. In the sense that you could buy almost everything there. Now it has become more difficult. In the US, they generally try not to sell databases. There is a huge problem even with the number substitution itself. And therefore, you see, in the US it is a problem, but in Europe, number substitution works great.
Pavlovich:
From my experience, the States monitor this much more seriously, track it down and punish ultimately. It is dangerous to steal from the States in general.
Fisher:
I know that. That is why my partners and I chose Europe. It is also dangerous to listen to Europe. In the West, probably Europe.
Pavlovich:
Well, that means the scheme is that if you finish off this episode, then he himself either transferred it to an alternative account in his name in another country, and you immediately drove the money to a crypto exchange. Well, or if you didn't translate it yourself, then it turns out that you received the login and password from his application, from his personal account, he also gave you the SMS, and you translate all this yourself through the mobile application.
Fisher:
That's right.
What capacity
is Pavlovich:
Okay, 20% is quite a lot there, but what capacity? That's how many people you can figuratively call per day to successfully fish out 20% of yours.
Fisher:
At the peak, we called 37 people. It just happened that all weekend and everyone picked up the phone and there were not 20 people there and to chat a little while he knows, okay, just to chat, he asks you a bunch of questions, while you find out everything, while you write everything down for one client, it can take up to half an hour.
Who is easier to deceive
Pavlovich:
You saw how many work in Russia. Who is easier to deceive with this banking fraud scheme - Europeans, who are more trusting, more sincere, well, they were deceived less, or Russians, or does it make no difference at all?
Fisher:
I have never worked in Russia at all. But judging by what I have heard, it seems to me that Europe and Russia are the same.
Pavlovich:
So it depends on the skill of the caller, probably the most important criterion?
Fisher:
Yes, of course. But how convincingly can he talk, how much can he gain a person's trust. He needs to know a detailed legend, so that he sees it all, knows it all. This is a lot.
What is the second scheme?
Pavlovich:
Okay, the first scheme is related to obtaining databases and calling them. That is, it is not much different from the Russian one. The second scheme, this is how you obtain... You talked about Google, there, advertising companies, etc., etc.
Fisher:
I'll explain now. We are now slowly trying to move away from this, because this topic is becoming more and more complex. What is the situation? A lot of people work in Europe. I know at least a couple of teams that are really big, really large-scale. The thing is that when they make a phishing site, the same, well, any bank, in this regard, the same bank that is written in Google, it comes out several at once, and that is why it is difficult. And by direct keys, so what do direct keys mean? Login some bank, there, mobile bank, all that, they have all been banned for a long time, that is why it is very complicated.
There are echo keys left, the so-called. Well, I think you understand what I am talking about.
Pavlovich:
Well, echo no. Do you mean long tail keys with long tails, two- or three-part?
Fisher:
Yes. That is, well, launch it on it, wait for at least some pairs of clients to appear someday. And sit and be sure that it will not be blocked. Well, it will not fly into the block for you. There is no point at all, if this complexity is often present. Because the main keys, which are the fattest now, which have a really good volume and traffic, they have all been banned for a long time. And it is becoming more and more difficult to find such banks. You need to provide a database, do it for the client.
Either, you see, he, as I said before, sends it himself, or through a phishing link.
Pavlovich:
And while there were no bans on these keywords for advertising campaigns in Google, this traffic volume, of course, was much higher and easier, yes, to work with, than calling the client.
Fisher:
This is in Europe, I apologize, everyone and their dog did it when it was.
Pavlovich:
Well, and Google, well, of course, you need to cloak it, for example, that is, pass it through, so that the Google moderator sees one link, but in fact another one is shown to him there. So you did all this, right?
Fisher:
Well, this is a normal standard scheme. But, look, there, again, there are a lot of nuances.
Pavlovich:
In Europe, you say, there are already a lot of people working, you know, several teams and so on. Basically, yes, who is hammering them? These are Russian-speaking people, that is, Russia, Ukraine, probably, and so on. That is, I don’t think there are any Romanians there. Although the Romanians are also such swindlers, I want to say. They are also constantly hammering.
Fischer:
On this topic, you know, I didn’t really want to talk about nationalities.
Pavlovich:
Well, it’s clear, people from the post-Soviet, Well, from the former USSR, I think, basically, in any case. An American is unlikely to call an Austrian and trick him into giving up a bank account.
Fischer:
We are currently working with some guys, the so-called old-timers. Here is one, one is Ukrainian, and the other is from Italy.
Pavlovich:
Well, is he really a foreigner or is he our Russian-speaking one too?
Fischer:
Lives in Italy.
Which scheme do you like more?
Pavlovich:
Well, like that, yes, which ones did you like more, namely when you were getting information for logging in through Google or by calling.
Fisher:
It was more convenient, you know, when you were using a phishing site. I'll tell you this, the demand was not that strong then. But every year it's getting stronger and stronger. Now there are few people on the phishing site. Where does he log in with his login and password? And an SMS, and so on. You still have to send money there. And now these systems, they have become so complex. They just don't look down to the depth of the screen color. Like, you know, the password hasn't really played a role for a long time now.
Pavlovich:
Well, I know, because the fingerprint, it records the entirety, the screen resolution, the language, the country, the browser, the operating system, the operating system version, the browser version, and so on. That is, in some of my services, of course, I also collect, because, well, people fake IP, yes, IP on normal services, on Proxy, on Illumination, there is BrightData now, you can pick up right down to the victim's city.
And in my cashback, for example, I look, it seems like the users are different, but they have the same behavior model. They hammer there, they try to fraud the same store through me. And it seems like they changed the IP, but I see that their fingerprints are always the same device. And, naturally, banks, well, I do this at my amateur level, banks have all this automated and that's what you're talking about, right?
Fisher:
Yes, but it still depends on many factors. Based on the latest testing, we found out what we were talking about with the guys, consulted with the guys from the forum, there are guys there, well, and much more experienced. I'm telling you, they even check my stories down to the depth of the screen color. There you see, so, you can't guess, only here they tested the method. So, you can't guess, they collect so much data. It used to be easier, there used to be a logger, but now, you see, not only is it used, it's just slowly dying out.
This is, well, based on my experience. It's getting more and more difficult to send with logs.
About cashing out earned funds
Pavlovich:
But if we return to cashing out funds, then you simply, if you managed to transfer money to this self-register, yes, then you simply drive them directly to the crypto exchange, I don’t know, buy some bitcoin with them and the bitcoin, then transfer it to some other exchange or directly to the mixer, yes, and then you receive it cleaned. In approximately this way?
Fisher:
Of course, I won’t say which exchange we do this on.
Pavlovich:
Well, plus or minus, that is, the schemes are general, of course,
Fisher:
There is a well-known mixer, I take a bitcoin, and then cash it out.
Pavlovich:
And how much percent does the mixer take for itself?
Fisher:
It varies, listen, to those that we sing, it takes one and a half percent.
Pavlovich:
I've just seen mixers that, depending on how dirty your money is, yes, the first criteria, and the second, on how deeply you want to clean it, I've seen them take from one to five percent. And it also depends on the amount.
Fisher:
Well, I'll put it this way, so that it can be cleaned well later.
Pavlovich:
Well, 5% means that you receive money not necessarily in the same bitcoin, but in the same USDT, in different transaction sizes, not in one amount, but, say, in two amounts. Different amounts come directly from crypto exchanges, figuratively from Binance to different wallets, and absolutely clean money, because it comes from Binance, for example. And that costs 5%. I don't know if that's a lot or a little, but probably, in order not to sit for 10 years, probably give a little 5% and sleep peacefully.
Like the tax slogan.
Fisher:
Interest in general is something relative, so to speak. Interest is very relative. 50% of a million or 10% of 100 thousand? How do they value you here?
How to quickly clone a site
Pavlovich:
I was always interested in how to quickly clone, figuratively, a website of some bank. Because when you lure people to fake banks, crypto exchanges, payment systems, that is, for this you need to do what, clone their site, so that all sorts of data falls there for you and falls quickly, and at the moment of input, then you need to choose a domain that is as similar as possible to the domain of the bank's address, for example, just in a different jurisdiction, figuratively speaking, domain zone, and also there, well, probably install some SSL certificate so that the browser does not scold.
Fisher:
Yes, but we do not copy the exchange, we copy sites. On the digging, literally, listen, it takes a couple of hours. Well, and there are all sorts of additional tweaks. Change, so that you, well, are not burned by the system. Now, too, you see, the system is easy. Here, well, look, the same Google. We do not understand on what principle, but here it compares pictures. You see, pictures, fonts, if something is a little similar, it already blocks it. All this, you see, you need to take it all into account, change everything, it all changes so that it is as similar to the original as possible.
Pavlovich:
You say you only use the main page. That is, it is essentially a one-page landing page, right?
Fisher:
Well, the main page of the form. Well, we try to make it so that a person immediately goes to the authorization page. That is, a person goes to the main page, well, we understand what he wants to do. He will want to register. Well, although, maybe he wants to read some information, or something else. He came up, maybe he saw it, he was distracted by something there. So that he immediately gets to the authorization page. So that, well, he immediately enters his login and password. Yes, you see, when, for example, a person enters the name of a bank, login, that is, in any other similar login, so that he immediately gets an authorization page.
Of course, it happens when we make complex fishes. Yes, we have to. A whole page, yes, we have to make.
Pavlovich:
Well, do you do this with the efforts of your teams or outsource, figuratively speaking, order it to save time?
Fisher:
Oh, listen, well, of course, our own team. We have our own developers, our own traffickers, our own callers. That is, well, and those who call.
Pavlovich:
Well, in general, it's a team effort, I see, in any case, right?
Fisher:
Listen, we have sixteen people on the team.
How is the money divided between the team members
Pavlovich:
It's a lot. And how, for example, you hit the jackpot, let's say, 100 thousand euros, yes, and, by the way, let's talk now about what the biggest jackpot was, and here are 16 people, 100 thousand euros, how do you, in what proportions do you divide it, that is, equally to each member of the team, or there is one who performs some complex functions, more, one less, and so on. Can you talk about this?
Fisher:
Listen, everything is going smoothly here, absolutely smoothly. Everything is divided equally among absolutely everyone. We don't have anyone who is cooler, who did something harder or anything else. We don't have that, everything is smoothly divided among us.
The biggest jackpot
Pavlovich:
The biggest jackpot that you managed to hit, let's say, one-time and in a month?
Fisher:
You mean one-time from one account? The maximum we managed to get from one account was ten at a time in one transaction.
Pavlovich:
Well, let's say this account only allowed you to make one transaction, you couldn't empty it completely.
Fisher:
As a rule, if you made a second similar transaction, there is a 90% chance that your first transaction will be frozen as well. It's better not to do that with SB. One account, one transaction, and the next.
Pavlovich:
And up to 15 thousand euros, yes, because this is an instant CPU.
Fisher:
Of course, it depends on the bank, you see these fast transfers. There are banks we work with, well, that is, it’s normal 15k euros. There are up to 50, but it’s very complicated there.
Pavlovich:
Let’s say one account, okay, 10 thousand euros. I thought, to be honest, more, when you started talking about hundreds of thousands of euros. Okay, ten.
Fisher:
No-no-no, that is, you see, that’s... I’ll interrupt you now, that’s SEP, there are SEP-transfers, and there are SEP-Insta. SEP-transfers, that is, to the European zone, that’s up to 100 thousand euros. You can transfer in one operation. Yes, now it’s a second, if I’m not mistaken, I think, even a day. But it takes 3-5 days. And for the fast payment system, this is an operation where you just transfer 10 seconds, that’s it, and they’ve already arrived.
Pavlovich:
And how much do you make in a month, it's clear that there are more successful ones, less successful ones?
Fisher:
Let's put it differently, look, we're taking it clean. There were times when we actually withdrew serious amounts, the most serious ones were withdrawn in a month, I'll tell you now, no, I can't say for sure, of course, I'll tell you, approximately, it was 100, I think, 115 thousand euros, if I'm not mistaken.
Pavlovich:
Well, not much, if you spread it out among 16 people, it's 8,000 euros figuratively speaking, well, it's not that much money.
Fisher:
Well, that's the first question about what it is, who gets what percentage, you see, it depends on which team, the developers get less.
About the phishing industry
Pavlovich:
And the volumes, you say, the team is big, in my opinion it is big, and you know the competing teams and so on, And in your opinion, in general, the volume, well, the industry of this phishing of Russian-speaking cybercriminals, how big is it? Are there hundreds of people involved, thousands, there, tens of thousands?
Fisher:
Well, listen, it's not dozens, not hundreds, exactly, it's, you know, how can I tell you, how is it done? It's done on a crazy scale. I only know two teams with whom, you know, we communicate more or less. And I also know how many other teams there are, but we don't communicate with them, but they work there as a whole, there really are whole teams. We can say this, look, we had a turnover. The turnover, well, look, what we withdrew, but didn't have time to take it clean, which was frozen somewhere, lost somewhere.
This is from 2.5 million euros. This is just for us. You can't imagine how much other teams have. This is per month, this is for millions of photos, probably 100 euros.
Pavlovich:
And how did it happen that out of all the criminal areas, yes, on the Internet, there, all sorts of carding, Samara, GBA and everything else, Robin Hoods, I think you understood why Robin Hoods. And you got into phishing.
Fisher:
Well, I initially said that I got into Brute, but Brute is difficult, these are databases, it was difficult. And then I met a person, there is such a topic, phishing. Well, we then made a website, some coupons there, we started all this, then we started to design it all, enter it, then we linked Google Play, Apple Pay, everything went off and on. Listen, I fell in love so much that I realized, well, here it is, the scheme. It is simple, and you don’t have to do anything. I’m telling you, again, if Google lets you through, if you are also a handy programmer, then, listen, I don’t want to work.
Well, you see, unfortunately, gradually all this is more and more. The system is more and more complex. Even despite this, what you see, there is a lot of experience. I looked at some directions, then at other directions.
How to avoid phishing
Pavlovich:
And how to avoid phishing? Because this concerns not only Europeans who do not watch us, but also Russian-speaking residents. Because, as I said, fake sites also get through in Yandex.Direct, and quite often.
Fisher:
If only to say, you know, carefully-carefully-carefully look at the dominions. Very-very-very carefully. When going to a site, you must definitely... For example, well, in addition to phishing, go to any other search engine. Open the same bank. Compare how it all looks. Look at how they are with each other... No matter how you twist it, you see a chip, it still differs slightly from the original. In Tinkoffs, font. There the gamut can always be slightly different. Well, I'm keeping quiet about that dominion, but this one is different.
Somewhere letters, somewhere something. At one time we were so unable to work that we simply took the left-wing domin. And there people didn’t even look at the name. They just switched. They switched on pure faith.
Pavlovich:
You know how they fought against it before, for example, figuratively Tinkov, yes, for example, a lot of money. Well, before there were domain zones, I don’t know, well a hundred. There are COM, NET, ORG, RU, SU and so on, well 100-200 for the whole world, TV, there are all sorts of others, but now I buy domains in namechip, there are 1200 domain zones only in namechip, and that’s not including the Russian ones, there are Cyrillic ones and so on.
If earlier a bank could easily buy out its domain there in 100-200-300 zones, that you can't directly Tinkoff, you can't register Tinkoff RU, I don't know about Tinkoff, AIO for example, yes, they bought out, but now it seems to me that with such a number of domain zones this is simply losing its relevance, I just haven't seen anyone with very big money buying up all the domains with their name in recent years.
Fisher:
Well, to be honest, I haven't seen anything like that at all, but I saw, I saw that you bought up the most basic ones, for example, ru, com.
Pavlovich:
That is, in principle, you take a domin, well, if you need tenkov there, then you won't take tenkov ru, but tenkov there, whichever is free, figuratively speaking, ai-o, yes, that is, the brand matches the brand letter for letter, right?
Fisher:
It all depends on the specific situation. If there is a possibility to replace one letter in the domino itself, then it should be done. If you leave, for example, the ending, I don’t know, there, well, let’s say, okay, Tinkoff take, let’s say, 3 and put it. You see, it all works on a person’s attentiveness. You call and say that such and such a thing. He doesn’t look, he doesn’t check, he wants everything faster, faster, faster. This is, I’m telling you, social engineering, this is you, well, scaring a person. If, so to speak, a person is, well, not particularly smart, he will immediately lead. If a person has a head, as they say, he will think about it. Or he will check and double-check.
Why did decide to stay in crime
Pavlovich:
That’s why you seem to be a developed young man, you could succeed in the same arbitration and in something else, right? So what is cybercrime for you? Is it a way of life? Or did you try it, did you get sucked in? Or are you perhaps planning to leave there, having earned enough, I don’t know, for some legal business? What do cybercrime and phishing mean to you now?
Fisher:
In real life, I’ll tell you this: I tried to do something in parallel, but, unfortunately, I couldn’t. I just found a way out. Well, I think, well, like everyone else, the goal is to earn money in business.
Pavlovich:
But I once had an obsession. Remember how, for example, Bender asked Balaganov how much money you, Shura, need to be happy. And he says that it’s 6,400 or something rubles. I had this at one time, when I was doing carding, DFX is like, earn a million dollars and get out. Well, I don’t know why a million, but I liked the figure. It wasn’t justified by anything, I just liked it.
And did you define for yourself some amount of cash, after which you would leave the terminal forever?
Fisher:
Listen, 2 million euros. I’ll earn it and that’s it.
Did you imagine what would happen if they put you in jail?
Pavlovich:
Have you ever thought about what would happen if you were suddenly put in jail for something? Have you ever imagined such situations, what would you say to your parents, girlfriend, wife, etc.?
Fisher:
What would I say to my relatives, friends, close people, I didn’t really imagine. I figured it would be very difficult. If something happens somewhere, it's at least 15 years, yes.
Pavlovich:
How about not traveling around the world?
Fisher:
Well, I've clearly decided for myself that I won't go where I don't need to. In principle, I don't travel anywhere. I'll earn the money I want. Well, and where I am now, there are a lot of beautiful places.
Pavlovich:
Well, I want to say, in fact, that it's not easy. Since 2000... The last time I was abroad was in 2008. Although I was lucky, because I've been wanted by Interpol since 2004, as it turns out. But from 2008 to 2023, what time is it now, 15 years have passed. And I already have money, and a family that also wants to go somewhere. And to Italy, and there, and to the Maldives. This is already becoming a problem. That is, well, this is already really depressing and so on.
And maybe the case will finally be closed and I'll go somewhere. But if I'm simply not allowed to leave there for the rest of my days at a young age, well, okay, yeah, then over the years you realize that, damn, the money I had there for the whole time, 1-2 million dollars, well, they weren't even close to worth it. Not only is there prison, but then I'm also deprived of the opportunity to calmly cross paths around the world.
So we can only wish you to earn money for this dream of yours as soon as possible and leave this criminal activity and do something more useful.
Fisher:
You see, you're reasoning from your side, because that's the experience. Well, you've already been in places not so distant for this case, so to speak. Maybe not only for this case, maybe for another. You... In short, you've had a lot of time to think. In any case, you've gone through this path and realized that all this can be done differently. See? But I didn't have such experience. And, you see, for myself I see only this direction.
Results
Pavlovich:
Friends, write in the comments whether you have encountered phishing in your life, whether you have come across fake websites of banks, payment systems, crypto exchanges and maybe some others that we simply did not pay attention to in the issue or your friends, maybe including and in general what you think about this specifically criminal topic. Hugs, bye.
