Closed Qiwi Bank opened Pandora's box?
According to Angara Security, the number of ads for buying and selling verified Ozon e-wallets for p2p transfers has tripled in 2024. Analysts noted a significant increase in such offers by the end of April, although they did not disclose exact figures. In the presence of such ads in the Network, Forbes was also convinced.
This growth coincided with the Central Bank's decision to revoke the license of Qiwi Bank, known as the operator of electronic Qiwi wallets. Among the regulator's claims against the bank were high-risk transactions involving settlements between citizens and shadow businesses, such as money transfers to crypto exchanges, illegal casinos and bookmakers, as well as the transfer of stolen funds to so-called "droppers".
After losing the popular tool, the attackers turned their attention to similar services. In addition to announcements about the purchase and sale of Ozon wallets, experts also record the sale of Ozon Bank's personal accounts with maximum verification statuses, as well as offers of services for direct transfer of funds from "stolen personal accounts to other cards for further cashing out". The main platform for such ads was the Telegram messenger.
Scammers offer three ways to purchase e-wallets. First, databases with data from legitimate users, which, according to experts, " creates risks for existing customers of Ozon services." Secondly, the attackers use the capabilities of the service itself, which allows you to link digital cards to an anonymous account, for which a SIM card of a mobile operator is enough to register. Third, direct purchase of wallets in Telegram and the Darknet, where the price reaches 2599 rubles.
Angara Security warns that the financial services of the largest Russian marketplaces are becoming the objects of attention of the gray payment market, providing more opportunities for illegal schemes - from cashing out to financing unwanted organizations.
Monitoring of activity on the dark Web shows a doubling of ads for the sale of Ozon Bank accounts in February compared to January. In some cases, attackers position them as a replacement for Qiwi wallets. The cost of access ranges from 500 to 10,000 rubles, depending on the status ((anonymous, basic, advanced), verification method ((via Gosuslugi, using a passport photo, or via a mobile operator), and the risk of blocking (depending on the time since registration and whether there were any transactions at that time) and the amount of data received by the buyer (minimum set — phone number for Ozon Bank, login and password from the sms receiving service; maximum set — phone number, code word, secret code, passport data, proxy for Ozon Bank, login and password from the sms receiving service). In general, the darknet sells verified wallets of all payment services, and their number depends on their popularity among the population.
Ozon talked about the multi-level process of fraud analysis using special algorithms, machine learning, and a number of other technologies to detect fraudulent activity. If suspicious transactions are detected, funds are blocked and additional identification is performed. The company interacts with regulators to combat systemic fraudulent activity.
According to F. A. C. C. T, after the revocation of the license of the "popular e-wallet service", the number of transfers to the cards of figureheads increased by about 50%. Leading banks and payment systems have strengthened the protection of their systems, Ozon Bank has also tightened fraud monitoring measures in this direction.
According to Angara Security, the number of ads for buying and selling verified Ozon e-wallets for p2p transfers has tripled in 2024. Analysts noted a significant increase in such offers by the end of April, although they did not disclose exact figures. In the presence of such ads in the Network, Forbes was also convinced.
This growth coincided with the Central Bank's decision to revoke the license of Qiwi Bank, known as the operator of electronic Qiwi wallets. Among the regulator's claims against the bank were high-risk transactions involving settlements between citizens and shadow businesses, such as money transfers to crypto exchanges, illegal casinos and bookmakers, as well as the transfer of stolen funds to so-called "droppers".
After losing the popular tool, the attackers turned their attention to similar services. In addition to announcements about the purchase and sale of Ozon wallets, experts also record the sale of Ozon Bank's personal accounts with maximum verification statuses, as well as offers of services for direct transfer of funds from "stolen personal accounts to other cards for further cashing out". The main platform for such ads was the Telegram messenger.
Scammers offer three ways to purchase e-wallets. First, databases with data from legitimate users, which, according to experts, " creates risks for existing customers of Ozon services." Secondly, the attackers use the capabilities of the service itself, which allows you to link digital cards to an anonymous account, for which a SIM card of a mobile operator is enough to register. Third, direct purchase of wallets in Telegram and the Darknet, where the price reaches 2599 rubles.
Angara Security warns that the financial services of the largest Russian marketplaces are becoming the objects of attention of the gray payment market, providing more opportunities for illegal schemes - from cashing out to financing unwanted organizations.
Monitoring of activity on the dark Web shows a doubling of ads for the sale of Ozon Bank accounts in February compared to January. In some cases, attackers position them as a replacement for Qiwi wallets. The cost of access ranges from 500 to 10,000 rubles, depending on the status ((anonymous, basic, advanced), verification method ((via Gosuslugi, using a passport photo, or via a mobile operator), and the risk of blocking (depending on the time since registration and whether there were any transactions at that time) and the amount of data received by the buyer (minimum set — phone number for Ozon Bank, login and password from the sms receiving service; maximum set — phone number, code word, secret code, passport data, proxy for Ozon Bank, login and password from the sms receiving service). In general, the darknet sells verified wallets of all payment services, and their number depends on their popularity among the population.
Ozon talked about the multi-level process of fraud analysis using special algorithms, machine learning, and a number of other technologies to detect fraudulent activity. If suspicious transactions are detected, funds are blocked and additional identification is performed. The company interacts with regulators to combat systemic fraudulent activity.
According to F. A. C. C. T, after the revocation of the license of the "popular e-wallet service", the number of transfers to the cards of figureheads increased by about 50%. Leading banks and payment systems have strengthened the protection of their systems, Ozon Bank has also tightened fraud monitoring measures in this direction.
