Tinkoff Protection has revealed a new scenario of telephone fraud, which is used by scammers to deceive residents of Russia. During one of these calls, the Tinkoff client lost 1.5 million rubles, which the bank later compensated for as part of the "Protect or refund money"service. This was reported to CNews by representatives of Tinkoff.
Fraudsters began using a new "hybrid" scenario, which combined several options for deceiving bank customers at once with the participation of pseudo-employees of telecom operators," State Services " and the police. The innovation was not only the combination of several schemes into one, but also the fact that scammers at the very beginning of the conversation admit that they wanted to deceive a person and steal money.
The customer is called allegedly by employees of the mobile operator and informed that the contract for communication services is ending. To extend it, you need to call the code from the SMS. After that, scammers openly declare to the client in a conversation that they have been deceived — this is necessary to intimidate the person and trick him into acting on the instructions of the next callers, who are already introduced as employees of financial monitoring, "State Services" and even the police. All callers give instructions to the client: they will allegedly allow you to save money and catch a gang of scammers who colluded with bank employees. In fact, instead of saving their savings, a person independently deposits money into the account of fraudsters through an ATM.
The number of attacks under this scenario has increased 3.5 times in recent months (March 2024 to January 2024). Fraudsters use psychological tricks, pressure, and intimidation, which causes people to fall into a trance state and give money themselves.
The story of a Tinkoff client-Ivan tells how he was deceived for 1.5 million rubles.
This is a real case that occurred with the Tinkoff client. The bank has agreed on the fact of publication of the article with the client, but does not use recognizable details for security purposes.
"In the evening I came home from work, I received a call. The voice on the phone said that it was an employee of Tinkoff Mobile, and said that the service contract was ending. To extend it, you need to dictate the code from the text message that will be sent to your phone right now. The code came in, but I didn't really read it, so I dictated it. Then a few more codes, I dictated everything. After that, they told me in plain text that Ivan was a fraudster, your personal account on Gosuslugi is with us."
"In fact, no telecom operator will call to renew the contract and even more so request a code from an SMS. Contracts for communication services are open-ended and do not require renewal, " said a representative of Tinkoff Mobile .
"After that, I received a call from another unknown number from employees of Gosuslug. They said that they saw suspicious activity in my personal account, and warned me that they would transfer me to a financial monitoring employee. Later, a finmonitoring employee contacted me and offered to help, but to do this, you need to download the premium Kaspersky antivirus."
"Scammers under various pretexts ask to install a remote access program that allows you to see everything that happens on the mobile phone screen. They may call it an antivirus program or a bank's technical program to allegedly track the actions of unscrupulous employees of this bank who work in conjunction with scammers. Attackers use such programs to see how much money a person has in their account. This helps them to ingratiate themselves more-after all, such information, according to the worried victims, can only be owned by people with a high level of access: employees of special services, banks, etc. In addition, the program allows you to track codes that are displayed in the banking application: they are requested by fraudsters themselves in services for card — to-card transfers in order to withdraw money to their account," said Oleg Zamiralov, deputy head of the Tinkoff Ecosystem Security Center.
"After installing the antivirus, they asked me to go to the applications of my banks. To my surprise, they knew all my account details. Then this person said that they need my help to catch unscrupulous bank employees who help fraudsters. To catch the criminals, a Moscow police officer will contact me and tell me what needs to be done. The caller also warned me about criminal liability if I do something wrong, not according to their instructions. After that, he asked to make transactions on the sale and transfer of assets from an investment account to a settlement account in order to fix the fact of fraud on the part of the bank. Bottom line: they called me a taxi, offered to drive to the ATMs. When I arrived at the ATMs, a police officer told me on the phone that I needed to withdraw money and transfer it to an account in Rosbank."
"Fraudsters use a trick with ATMs, as well as with supposedly safe deposit boxes. They convince a person that their money is in danger and they need to withdraw it, because unscrupulous bank employees have gained access to the account. Another variant of the scenario is allegedly helping the police. Clients in such situations are sure that they are withdrawing not their own money, but the money allocated for special investigation. At the same time, the operations that they see in the app are actually fake," Oleg Zamiralov said.
"After that, an employee of Tinkoff contacted me and reported suspicious transactions. I asked why I couldn't withdraw money using a QR code at an ATM. To which the employee replied that they see strange operations, and asked if I communicate with scammers. At that time, I lost a little more than 1.5 million rubles, I was very upset, because this is a significant part of my capital, my annual income. Then I called the bank myself, asked, and made a request for a refund. I was told: "Yes, this is possible, because you have activated the service "Protect or refund money". After some time, the bank called me and informed me that they had reviewed my request and would return the entire amount to the account."
"Neuroshield technology detects fraud during a call based on characteristic behavior patterns and breaks such a call. And the fraud monitoring program analyzes many factors, detects anomalies in the client's transactions after a suspicious call, and signals danger. In this case, the scammers used a new scenario of telephone deception, which was not yet included in the" Neural Shield", and the nature of operations and client behavior differed from the classic transactional activity in social engineering. As a result, the system missed several transactions and sent a signal later, thanks to which the Tinkoff employee "caught" and suspended further withdrawals at the ATM. The client was connected to the "Protect or refund money" service, which prevents fraud, and in cases where the technology failed to work and the person lost money, we compensate for the losses. We returned 1.5 million rubles to the client, and also added this scenario to the service, and now the protection will work for such situations, " said Oleg Zamiralov.
Earlier, Tinkoff summed up the results of the "Protect or refund money" service, which detects fraud during a call with a probability of more than 99% and uses technology to protect customers from phone scammers. From September 2023 to February 2024, the service saved 170 million rubles, which people tried to give to fraudsters. The amount of compensation to clients in cases where criminals still managed to steal their money amounted to 4.5 million rubles.
Fraudsters began using a new "hybrid" scenario, which combined several options for deceiving bank customers at once with the participation of pseudo-employees of telecom operators," State Services " and the police. The innovation was not only the combination of several schemes into one, but also the fact that scammers at the very beginning of the conversation admit that they wanted to deceive a person and steal money.
The customer is called allegedly by employees of the mobile operator and informed that the contract for communication services is ending. To extend it, you need to call the code from the SMS. After that, scammers openly declare to the client in a conversation that they have been deceived — this is necessary to intimidate the person and trick him into acting on the instructions of the next callers, who are already introduced as employees of financial monitoring, "State Services" and even the police. All callers give instructions to the client: they will allegedly allow you to save money and catch a gang of scammers who colluded with bank employees. In fact, instead of saving their savings, a person independently deposits money into the account of fraudsters through an ATM.
The number of attacks under this scenario has increased 3.5 times in recent months (March 2024 to January 2024). Fraudsters use psychological tricks, pressure, and intimidation, which causes people to fall into a trance state and give money themselves.
The story of a Tinkoff client-Ivan tells how he was deceived for 1.5 million rubles.
This is a real case that occurred with the Tinkoff client. The bank has agreed on the fact of publication of the article with the client, but does not use recognizable details for security purposes.
"In the evening I came home from work, I received a call. The voice on the phone said that it was an employee of Tinkoff Mobile, and said that the service contract was ending. To extend it, you need to dictate the code from the text message that will be sent to your phone right now. The code came in, but I didn't really read it, so I dictated it. Then a few more codes, I dictated everything. After that, they told me in plain text that Ivan was a fraudster, your personal account on Gosuslugi is with us."
"In fact, no telecom operator will call to renew the contract and even more so request a code from an SMS. Contracts for communication services are open-ended and do not require renewal, " said a representative of Tinkoff Mobile .
"After that, I received a call from another unknown number from employees of Gosuslug. They said that they saw suspicious activity in my personal account, and warned me that they would transfer me to a financial monitoring employee. Later, a finmonitoring employee contacted me and offered to help, but to do this, you need to download the premium Kaspersky antivirus."
"Scammers under various pretexts ask to install a remote access program that allows you to see everything that happens on the mobile phone screen. They may call it an antivirus program or a bank's technical program to allegedly track the actions of unscrupulous employees of this bank who work in conjunction with scammers. Attackers use such programs to see how much money a person has in their account. This helps them to ingratiate themselves more-after all, such information, according to the worried victims, can only be owned by people with a high level of access: employees of special services, banks, etc. In addition, the program allows you to track codes that are displayed in the banking application: they are requested by fraudsters themselves in services for card — to-card transfers in order to withdraw money to their account," said Oleg Zamiralov, deputy head of the Tinkoff Ecosystem Security Center.
"After installing the antivirus, they asked me to go to the applications of my banks. To my surprise, they knew all my account details. Then this person said that they need my help to catch unscrupulous bank employees who help fraudsters. To catch the criminals, a Moscow police officer will contact me and tell me what needs to be done. The caller also warned me about criminal liability if I do something wrong, not according to their instructions. After that, he asked to make transactions on the sale and transfer of assets from an investment account to a settlement account in order to fix the fact of fraud on the part of the bank. Bottom line: they called me a taxi, offered to drive to the ATMs. When I arrived at the ATMs, a police officer told me on the phone that I needed to withdraw money and transfer it to an account in Rosbank."
"Fraudsters use a trick with ATMs, as well as with supposedly safe deposit boxes. They convince a person that their money is in danger and they need to withdraw it, because unscrupulous bank employees have gained access to the account. Another variant of the scenario is allegedly helping the police. Clients in such situations are sure that they are withdrawing not their own money, but the money allocated for special investigation. At the same time, the operations that they see in the app are actually fake," Oleg Zamiralov said.
"After that, an employee of Tinkoff contacted me and reported suspicious transactions. I asked why I couldn't withdraw money using a QR code at an ATM. To which the employee replied that they see strange operations, and asked if I communicate with scammers. At that time, I lost a little more than 1.5 million rubles, I was very upset, because this is a significant part of my capital, my annual income. Then I called the bank myself, asked, and made a request for a refund. I was told: "Yes, this is possible, because you have activated the service "Protect or refund money". After some time, the bank called me and informed me that they had reviewed my request and would return the entire amount to the account."
"Neuroshield technology detects fraud during a call based on characteristic behavior patterns and breaks such a call. And the fraud monitoring program analyzes many factors, detects anomalies in the client's transactions after a suspicious call, and signals danger. In this case, the scammers used a new scenario of telephone deception, which was not yet included in the" Neural Shield", and the nature of operations and client behavior differed from the classic transactional activity in social engineering. As a result, the system missed several transactions and sent a signal later, thanks to which the Tinkoff employee "caught" and suspended further withdrawals at the ATM. The client was connected to the "Protect or refund money" service, which prevents fraud, and in cases where the technology failed to work and the person lost money, we compensate for the losses. We returned 1.5 million rubles to the client, and also added this scenario to the service, and now the protection will work for such situations, " said Oleg Zamiralov.
Earlier, Tinkoff summed up the results of the "Protect or refund money" service, which detects fraud during a call with a probability of more than 99% and uses technology to protect customers from phone scammers. From September 2023 to February 2024, the service saved 170 million rubles, which people tried to give to fraudsters. The amount of compensation to clients in cases where criminals still managed to steal their money amounted to 4.5 million rubles.
