Bank card and payment fraud

The main articles are:

• Information security in banks
• Card Payment Systems

Safety measures

By to data Tinkoff March 2020, in order to protect yourself from fraudsters, the following security measures must be observed:

• You should always keep the following data secret: codes from SMS and PUSH notifications, card PIN, security questions, card data, including expiration date and three-digit code. It is also impossible to disclose personal data: patronymic, place and year of birth, passport data.
• If someone called himself, you should not trust him, even if he introduced himself as a bank employee. You need to call the bank back in case of a suspicious call or message from the bank.
• There is no need to download any programs to a smartphone at the request of strangers, and even more so to provide them with access to them.
• You do not need to wear a recorded pin code next to the card. It is better to connect transaction alerts and set spending limits.
• To quickly communicate with the bank, you need to save its numbers in the phone in advance.
• If the card is missing, you need to immediately contact the bank, block the card, check transactions and contact the bank to issue the card.
• If you stole money from your account, you need to contact the bank and describe the situation. Then - write a statement to the police and send a coupon to the bank about accepting the statement
• If the phone is missing, you need to contact the bank to block the application and delete the card data from your smartphone. You also need to immediately contact the cellular operator to block the SIM card and check the latest operations.

2024

The Prosecutor General's Office of the Russian Federation proposed to automatically block the accounts of fraudsters

The Prosecutor General's Office of the Russian Federation proposed to automatically block the accounts of fraudsters. The agency has prepared a number of initiatives involving responsibility for remote theft of funds. This was announced on April 25, 2024 by the press service of the deputy of the State Duma of the Russian Federation and Russian Federation Nemkin, according to the first deputy prosecutor general Anatoly Razinkin.

According to Razinkin, the bill involves the automatic blocking of transfers to accounts that were recognized as fraudulent. So, even if the attacker forced to voluntarily send him funds, the payment system should automatically block such an operation.

The share of crimes committed using information technology has also grown. According to the Ministry of Internal Affairs, every third crime used digital tools. Their total number in 2023 amounted to 677 thousand, and the growth compared to the previous period was almost 30%. Therefore, the problem is relevant, especially in terms of the spread of social engineering methods. According to Positive Technologies, it is social engineering that remains the main threat to individuals - in 92% of cases of successful attacks, this tool was used, the deputy said.

Let me remind you that from the summer of 2024 a similar tool for protecting our citizens will operate - banks will begin to return funds stolen by fraudsters. Thus, the financial institution will be obliged to return them within 30 days after receiving a corresponding application from a citizen. The money will be returned if the bank allowed the transfer of funds to a fraudulent account located in the Bank of Russia database, if the bank did not send the client a notification of the transfer, which was carried out without the user's consent, and if the citizen lost the card and notified the bank about it, - the deputy explained.

At the same time, in order to achieve full-fledged effectiveness of the new norm, it is important to provide for a transparent scheme for determining an account as fraudulent, as well as its earlier detection, the deputy believes.

The Ministry of Internal Affairs found a lot of phishing sites aimed at Kiwi Bank customers

The Ministry of Internal Affairs in its telegram channel in February published a warning^[1] the fact that domain names similar to the Qiwi payment system have been identified in several domain zones to a degree of confusion. Cybercriminals can use several scenarios at once to deceive users with these domain names by extorting personal and payment data from them. Those users who have funds left in the blocked Qiwi payment system and who expect to return them as quickly as possible are at risk.

The fact is that on February 21, 2024, the Central Bank of the Russian Federation revoked the license from Kiwi Bank. As the regulator explained, the credit institution violated the laws and regulations of the Central Bank, and its activities "were characterized by involvement in high-risk operations," including money transfers in favor of crypto exchanges, illegal online casinos, droppers, bookmakers, etc. Read more here.

Fraudsters also began to actively act right on the same day, February 21. As warned in the Ministry of Internal Affairs, on the same day at 14:00 Moscow time, more than 200 domains were registered in the segments.com,.ru,.org,.net,.de,.cn,.ltd. For example, these were the domain names qewi, qi-wi, qi7i, qivi and many others. So far, registered domains are presented in the form of empty pages or platforms for forwarding to other sites, including phishing ones, but at any time they can be used for phishing.

On February 26, a similar warning^[2] for Kiwi Bank clients was also published by the Deposit Insurance Agency (DIA). They noted that at present a large number of Kiwi Bank twin sites and other services appear on the Internet, which offer to withdraw funds from a credit institution for a fee. All these proposals, of course, are illegal and come on behalf of fraudsters for profit. They raise funds for services and stop communicating. Payments will be organized only through the DIA.

Telecom operators in Russia began to offer banks services to identify customers through which they withdraw stolen money

In February 2024, telecom operators in Russia began offering banks services to identify customers through whom they withdraw stolen money. We are talking about recognizing the so-called droppers - citizens who participate in a fraudulent scheme, giving attackers access to their bank account to cash out or transit stolen funds.

According to Kommersant, MTS offers financial organizations a service for checking individuals before providing financial services. The essence of the service is that when opening a bank product, the client enters a phone number, and the bank sends it to the operator to check for suspicious patterns of behavior, such as frequent change of SIM cards, lack of linking the number to the Internet bank, visiting certain Internet resources, etc. The assessment is carried out using scoring models, including for customers of other operators.

Telecom operators in Russia began to offer banks services to identify customers through which they withdraw stolen money

A similar service offers VimpelCom"." The company told the newspaper that the service "has models that, in machine learning particular, assess patterns of behavior and are able to recognize suspicious actions of the client." According to the representative, Tele2 the company is also going to offer a service to identify droppers both among its subscribers and customers of other telecom operators.

According to financial sector Kept Olga Blednova, director of consulting practice for companies, one of the main signs of droppers is a frequent change SIM cards in a short period of time, including in different regions, or the lack of linking a number to an Internet bank.

As Kristina Timofeeva, a lawyer in the intellectual property practice of K&P Group, noted, telecom companies have no right to provide information about subscribers to other operators, as well as transfer this information to banking organizations if there is no consent from the user himself.^[3]

The head of the Central Bank Elvira Nabiullina proposes to fight credit cyber fraud using the cooling procedure

The chairman of the Central Bank Russia Elvira Nabiullina in the framework of the forum "Cyber security in finance" in mid-February summed up statistics on financial fraud and proposed additional methods to reduce damage both from fraudulent transactions and from credit fraud. In particular, she proposed to develop a norm for introducing a cooling period for issuing large loans (from 1 million) rubles by analogy with the requirements of the law No. 369-FZ adopted last year, where fraudulent transactions can be challenged within 30 days with the return of funds. However, for loans, it is proposed to introduce a cooling period of only a day or two.

The norm for challenging suspicious transactions, which is provided for by law No. 369-FZ, should enter into force on July 25 - a year after the adoption of the relevant regulatory act last summer. It amends the law "On the National Payment System" (No. 161-FZ) and provides for the constant interaction of banks with the database created earlier on the basis of FinCERT on cases and attempts to make money transfers without the voluntary consent of the client.

This protection mechanism works as follows: if the next transaction based on the results of analyzing its attributes raises doubts among FinCERT, then the bank is provided with information about this suspicion, and the bank is already obliged to obtain voluntary consent from the client to conduct the operation.

The system was created a long time ago and is already actively used in the practice of the most advanced banks, however, the statistics on damage provided by the Central Bank of the Russian Federation show that opportunities to reduce this risk still remain. In particular, last year, fraudsters still managed to steal 15.8 billion rubles from bank clients, of which banks were able to return only 8.7% of this amount. However, the number of prevented cases of fraud is impressive - blocked by the transaction control system without the consent of customers of operations in the amount of about 5.8 trillion rubles.

Panel discussion of the Central Bank on financial fraud

However, according to the data disclosed by the Central Bank of the Russian Federation, the volume of operations carried out without the consent of customers in 2023 increased by 11.5% compared to 2022, to 15.8 billion rubles, and the number of such transactions increased to 1.17 million - by a third. Therefore, it was necessary to introduce the mandatory use of transaction locks without the consent of the client, which should be earned in the summer in all banks.

However, another trend is gaining momentum - credit fraud, when people take out loans and give them to scammers supposedly in a "safe account." Moreover, bank transactions may not be used for this. Money from the credit account is withdrawn by its owner, and then through the ATM is transferred to the account of the fraudster.

To reduce such risk, Elvira Nabiullina proposed introducing a cooling period for credit operations, that is, their approval after a certain time. In a day or two, victims usually come to their senses and refuse suspicious operations for them.

We independently introduced a cooling period for credit operations, - Vadim Kulik, Deputy President, Chairman of the Board of VTB Bank, said at a round table. - It's enough night for customers to come to their senses. Blocking for 48 hours helps to complete the rest of the problems of fraudulent credit.

Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank, also announced similar measures with a cooling period for issuing loans, where 24 hours of deferral for issuing loans are established. According to the bank's management, this is quite enough.

To limit "cash transfers" - through ATMs - Elvira Nabiullina proposes to introduce restrictions on the amount of funds that can be deposited through an ATM per day. It will also be a kind of cooling period, and the next day the bills will no longer be put on a "safe account." Now the mechanisms are being thought out, at what level such restrictions need to be introduced so that they are quite effective.

2023

Sber helped detain fraudsters in Moscow who issued bank cards for fake documents

Employees of the Security Department Sberbank Moscow Bank assisted law enforcement agencies capitals in the establishment and detention of three visiting men on suspicion of illegal circulation of funds and forgery of documents. TAdviser Representatives have shared information about this since December 8, 2023. Moscow bank Sberbank It was previously established that the attackers in the organized group made fake passports using fictitious ones, personal data after which they turned to the offices of banks to conclude banking agreements and issue plastic cards them for the purpose of their further implementation. More. here

In Russia, money transfers to fraudsters sharply decreased - 8.1 billion rubles in 10 months

In January-November 2023, fraudsters stole about 8.17 billion rubles from Russians, said Vadim Uvarov, director of the information security department of the Central Bank of the Russian Federation, at a seminar on financial security in November 2023. Judging by this figure, bank transfers to swindlers in the Russian Federation have sharply decreased.

For comparison: in 2022, the financial losses of Russian residents were measured at 14.17 billion rubles, which was a record result. In 2021, the losses of Russians were allocated about 13 billion rubles. According to Vadim Uvarov, the average size of transfers to fraudsters in Russia is about 15 thousand rubles, and the maximum one-time damage caused in 2023 reached 105 million rubles. Most often, it is not pensioners who suffer from the actions of fraudsters, but working men aged 24 to 44 years, said the director of the information security department of the Central Bank of the Russian Federation.

One of the reasons for the large earnings of fraudsters in Russia is not associated with the highest level of cyber literacy of the population. At the end of 2022, the Ministry of Digital Development of the Russian Federation published the results of a study according to which almost half (41%) of the surveyed citizens could not name a single cyber threat. Meanwhile, the financial well-being of citizens also depends on awareness of the dangers and the measures taken to protect against them.

The conscious behavior of citizens on the Internet is primarily the reliable protection of their own personal data and funds. But the general level of national security and the pace of economic growth also depend on the personal awareness of Russians, "said Vladimir Bengin, director of the cybersecurity department of the Ministry of Digital Development, according to the results of the study.

Grigory Kovshov, an expert at Gazinformservice, believes that the cyber literacy of Russians is improving: more and more Russians understand that knowledge of elementary norms and rules of digital hygiene is a must-have story.^[4]

Fraud spreads through intraservice calls at well-known ad sites

By, to data VTB fraud is spread related to the theft of users finance through intraservice calls at well-known ad sites. This was announced on November 14, 2023 by the press service of the deputy. State Duma of the Russian Federation Anton Nemkin

The interlocutor, receiving an incoming call from a familiar application, believes that he is addressed in connection with his announcement, and does not suspect deception, - explained in VTB.

Then the attackers offer the seller to transfer either the deposit or the full payment of the goods by transferring to a bank card. After offenders receive the victim's card number, the standard scheme of "begging" the code from SMS begins, with which fraudsters can access online banking through the "restore password" function.

In addition, when transferring bank data to fraudsters, another offender is connected to communication with the user. He is represented by the bank's security service or a representative of law enforcement agencies and reports that suspicious transactions occur on the user's account, reminding the ad site as an unsafe platform. To secure their funds, citizens are invited to make a financial transfer to a secure account. In fact, all the money immediately goes into the hands of intruders.

Fraud in Russia remains an urgent problem, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications.

Despite the fact that the state and business are taking measures aimed at reducing the problem, fraudsters are very flexible and mobile: when a new restriction is introduced, they integrate new strategies. For example, when they began to automatically block unscrupulous numbers, the offenders massively switched to instant messengers, the expert recalled.

At the same time, we can talk about the development of another trend of fraudulent schemes, the deputy noted.

If earlier the key strategy was to steal funds through a regular phone call, now scammers are forced to turn to more thoughtful ways. This is a direct result of the measures taken by both the state and business, including in terms of increasing digital competencies among citizens of the country. In view of this, attackers are forced to use truly multi-level strategies, while using them on a platform unexpected for the user. Let me remind you that fraud also spread on dating apps not so long ago. Unfortunately, fraud on such sites in which the user is not at all ready for such actions is very effective, - stated Anton Nemkin.

Let me remind you that telephone scammers always use "markers" by which they can be identified: they are represented by a bank, security service or government agency; asked to provide a code from SMS; asking to transfer finances to another account. Remember - no official authority or bank will ask you to do this. If you received a call with such offers, then protect yourself - call the bank's support service at the number presented on the official website, - concluded Anton Nemkin.

Bank card insurance will reimburse fraudulent debits

From October 1, 2023, Russian banks will have to offer customers insurance against fraudulent debits of money. The corresponding requirement of the Central Bank of the Russian Federation came into force.

As reported in the regulator's explanation, such voluntary insurance policies should not only protect against the loss of a card or its damage, but also include other risks - for example, fraudulent debiting of money. For such risks, a limit of insurance payment of 100 thousand rubles has been established, within which the insurer will reimburse the client's losses in full. At the same time, cases in which the bank is legally obliged to return the stolen funds are excluded from insurance coverage.

According to the instructions of the Central Bank, the amount of payment during the operation up to 100 thousand rubles is determined by the insurer as equal to the amount of such an operation. But if the transaction amount is more than the specified limit, then the insurance payment should be at least 100 thousand rubles. The insurance payment is made no later than 30 days from the date of receipt of the relevant application, as well as the documents necessary for its implementation.

The All-Russian Union of Insurers (ARIA) explained to RIA Novosti that due to the expansion of insurance coverage due to the inclusion of additional risks, the cost of bank card insurance may increase.

It is still difficult to say how much, since it is necessary to compare the amount of expansion of insurance coverage with the existing one. It is also quite difficult to predict the emergence of new types of fraud associated with the fictitious theft of money from cards to receive insurance payments. There were many cases when it seems that innovations opened loopholes for scammers, but nothing happened. Time and specific cases are needed to draw up the practice, the SCD added.[5]

A new scheme for deceiving customers through photos of bank cards has appeared in Russia

A new Telegram fraud scheme has been recorded in Russia. Representatives of VTB shared information about this with TAdviser on July 19, 2023.

As experts found out, bank under various pretexts cybercriminals they hack into an account messenger in and ask acquaintances and loved ones of the user to transfer funds to their account in a third-party bank, using a fake design maps of large credit institutions. More. [Мессенджер#.2A.D0.92.D0.A0.D0.BE.D1.81.D1.81.D0.B8.D0.B8.D0.BF.D0.BE.D1.8F.D0.B2.D0.B8.D0.BB.D0.B0.D1.81.D1.8C.D1.81.D1.85.D0.B5.D0.BC.D0.B0.D0.BE.D0.B1.D0.BC.D0.B0.D0.BD.D0.B0.D0.BA.D0.BB.D0.B8.D0.B5.D0.BD.D1.82.D0.BE.D0.B2.D1.87.D0.B5.D1.80.D0.B5.D0.B7.D1.84.D0.BE.D1.82.D0.BE.D0.B1.D0.B0.D0.BD.D0.BA.D0.BE.D0.B2.D1.81.D0.BA.D0.B8.D1.85.D0.BA.D0.B0.D1.80.D1.82|here]

Banks will be required to reimburse customers who are victims of fraudsters

Vladimir Putin approved the law^[6]," according to which banks operating in the country are obliged to check all transfers from individuals in case of suspected illegal actions. The law also provides for the possibility of suspending suspicious transactions for up to two days. This became known on July 25, 2023.

In accordance with the introduced rule, if a financial institution makes a transfer to an account that the Bank of Russia previously defined as fraudulent, the bank will be obliged to compensate for the loss of the client. This should happen within 30 days of receiving a complaint from the client.

This law also sets the obligation for banks to stop remotely serving persons suspected of fraud if they receive relevant information from the Ministry of Internal Affairs of the Russian Federation, including information about the initiation of a criminal case or an entry in the register of statements and reports of crimes. The law will take effect a year after the official publication.

According to the Bank of Russia report, in the first quarter of 2023, credit institutions prevented embezzlement of funds in the amount of 712 billion rubles, reflecting 2.7 million transactions without the consent of the client. 252.1 thousand attacks were successful, as a result of which 4.5 billion rubles were stolen. Most of the victims were individuals who lost money in 251.5 thousand cases.

Finance Minister Anton Siluanov in April 2023 announced the launch of the digital ruble in circulation until the end of 2023. According to Siluanov, the advantages of the digital ruble are that it allows you to track all transactions, so the money will not go "left." The minister said that the Central Bank launched an experiment in 2023, and by the end of the year, after the adoption of the relevant legislation, it will launch a digital ruble into circulation^[7]

New fraud scheme with fake bank applications revealed in Russia

On July 18, 2023, it became known about the appearance in Russia of a new fraud scheme with fake banking applications. She was told in Kaspersky Lab.

The essence of the scam is that attackers began to mask remote access programs as banking applications. To gain access to online banking, they distribute them through instant messengers, posing as support employees.

They change the name of the programs and icons themselves, add the name and visual of the desired bank, as well as inscriptions in some text fields. Legitimate applications are open source programs, so it was not difficult for attackers to create fake applications on their basis, "Dmitry Kalinin, an expert on cybersecurity at Kaspersky Lab, explained to RBC.

At first, attackers call potential victims, posing as employees of the bank's support service, and under various pretexts convince them to install a "support application" of Russian banks. Then they send the application through the messenger as an installation file. If a victim installs this app on their phone, scammers can only get the data they need to access the device remotely. After gaining remote access to the smartphone, attackers can find out the credentials for logging into the bank's mobile application or gain access to the account in order to steal money.

According to Kalinin, earlier attackers tried to convince their victims to directly install a remote access program from Google Play. Then the scheme was changed, since the scammers realized that many were embarrassed by the name and appearance of the software that was not related to banks, the expert noted.^[8]

Banks in Russia were obliged to check all transfers of individuals to fraud and return the funds stolen from their accounts

On July 11, 2023, the State Duma adopted in the third (final) reading a bill that obliges banks to check all transfers of individuals for fraud. The document, as noted by its authors, is aimed at improving the mechanism for countering fraudsters and increasing the amount of money returned by banks that were stolen.

According to the press service of the Central Bank of the Russian Federation, commenting on the adoption of the law, the client will have to be reimbursed if the bank allowed the transfer of funds to a fraudulent account, which is located in a special base of the Bank of Russia. He must do this within 30 calendar days after receiving an application from the victim.

The document also provides for a two-day cooling period during which the bank will not transfer money to a suspicious account. He will notify the client of a dubious operation. During this time, a person under the influence of intruders will be able to change his mind and not confirm the translation.

In addition, banks will be obliged to disable access to remote service to persons who are engaged in the withdrawal and cashing out of stolen money if information about the committed illegal actions came from the Ministry of Internal Affairs of Russia. Currently, banks receive information about the so-called droppers from the regulator's database.

Anti-fraud systems of banks today prevent a large amount of theft of money from customers, however, the number of victims remains significant. The new comprehensive approach will increase the financial responsibility of banks and strengthen the protection of people from cyber fraudsters, - said Vadim Uvarov, director of the information security department of the Bank of Russia.

The Central Bank added that by July 2023, the regulator forms a database "On cases and attempts to transfer funds without the consent of the client" based on information received from banks and other payment systems operators. It contains a large number of parameters - unique identifiers, including data on transactions, payers and recipients of funds. Information from the database is sent to all banks.^[9]

In St. Petersburg, revealed a network of fraudulent online stores that stole 7 million rubles

In St. Petersburg, the investigation of the criminal case of Internet fraud has been completed, the victims of which were 308 residents of different regions of the Russian Federation, and the amount of damage amounted to about 7 million rubles. This was reported in the press service of the Ministry of Internal Affairs of the Russian Federation on June 29, 2023.

Investigators of the Main Investigation Department of the Main Directorate of the Ministry of Internal Affairs of Russia for the city of St. Petersburg and the Leningrad Region have completed a preliminary investigation of a criminal case against members of an organized group. A resident of Ufa, a resident of St. Petersburg and his roommate are accused of fraud under the guise of Internet commerce, - said the official representative of the Ministry of Internal Affairs of Russia Irina Volk.

According to investigators, from December 2020 to April 2021, under the guidance of anonymous foreign curators, they created copies of well-known Internet sites on which they offered to purchase household appliances and electronics at prices significantly lower than market prices.

The condition of the transaction was the full prepayment of the goods. The money was offered to be transferred to a private person's bank card, the details of which were indicated on the site. After the buyer made the transaction, the sellers appropriated funds and stopped communicating.

During the investigation, it was established that the members of the group from St. Petersburg were responsible for finding citizens who issued bank cards in their name. Their data was transmitted to a defendant from Ufa, who forwarded this information for publication on the websites of swindlers. Subsequently, the incoming money was transferred to other accounts and cashed.

After the arrest of the participants in the criminal scheme, searches were carried out in their apartments. Bank cards, means of communication and other items significant for the case were seized. The criminal case with the indictment approved by the prosecutor was sent to the Krasnoselsky District Court of the city of St. Petersburg for consideration on the merits, Volk summed up at the end of June 2023.^[10]

More than half of the stolen bank cards in the world belong to Americans. This data can be obtained for free

In 58% of cases, stolen bank card data belongs to US citizens or residents. Moreover, often such information can be obtained for free. This is evidenced by the results of a study by NordVPN, published on May 23, 2023.

NordVPN specialists analyzed information about approximately 6 million stolen bank cards. It turned out that the owners of about 3.5 million of them are Americans. The cost of a set of data on the darknet averages about $7, but in some cases such confidential information is distributed free of charge. It is also noted that about six out of ten stolen bank cards were put up for sale along with the addresses, names and social security numbers of their owners.

The methods of stealing card data are very diverse. This can be actually theft of a card or obtaining information through phishing other fraudulent schemes on the Internet. In addition, attackers can spy on the card number and pin code, when the victim makes a payment in a public place, for example, in a supermarket. Other known schemes include infecting user devices with malware, ON installing skimmers in ATMs to copy pasted cards and hacking bank accounts on the Internet.

In terms of the number of stolen bank card data, India took second place after the United States, and closes the top three in Britain. Cards from Denmark are offered at the highest price - $11.54; then come Japan, Portugal and Ukraine. At the same time, information about American bank cards is offered at a price slightly below the average - $6.86. The details of the cards from Argentina and New Zealand turned out to be the cheapest - approximately $2.5 apiece.

Bank card fraud often leaves the victim helpless - largely because it is almost impossible to determine how the data was stolen, according to a NordVPN report.[11]

Central Bank of the Russian Federation creates a single base of cyber fraudsters

In mid-February 2023, the Central Bank of the Russian Federation spoke about the creation of a single centralized base of fraudsters based on FinCERT (a center for monitoring and responding to computer attacks in the credit and financial sector, a special structural unit of the Bank of Russia). As the chairman of the Central Bank Elvira Nabiullina noted, the data stored in the system will not be confirmed by the regulator. Read more here.

The cost of stolen cards of Sberbank customers on the black market increased to 100 thousand rubles apiece

The cost of stolen Sberbank cards on the black market has grown to 100 thousand rubles apiece. In this case, we are talking about the "plastic" of premium customers, according to a study by a credit institution published in early January 2023.

As Izvestia writes with reference to the report of Sberbank, in March 2021, on the black market of banking "plastic" for drops, classic bank cards were offered at a price of 9 thousand rubles apiece, gold - from 14 thousand, and premium - from 18 thousand rubles. However, by November 2022, prices for them increased significantly. They began to ask for classic cards from 12 thousand rubles, for gold - from 40 thousand rubles.

The difference in cost is explained by the measures that Sberbank conducts to reduce the number of drops among its clients. According to the representative of the bank, thanks to the anti-fraud mechanism and systematic work to combat droppers, with all its scale, Sberbank does not lead among credit institutions in Russia in the number of cards used by cybercriminals.

Aleksey Pleshkov, deputy head of the information protection department of Gazprombank, in a conversation with the newspaper, confirmed that the average cost of details of plastic bank cards on the black market, regardless of the purpose of their use, has increased in 2023. RTM Group manager Yevgeny Tsarev says that maps for droppers have been rising in price by an average of 30% per year for many years. VTB called the problem of droppers one of the most acute on the market, as the number of such thefts continues to grow.

Since 2022, about 140 posts related to the sale of debit cards have been published monthly on carder shadow forums, Kaspersky Lab told Izvestia. At the same time, the general trend in the number of such messages, added there, is gradually decreasing compared to 2021.^[12]

2022

Financial fraud losses in Britain reach £1.2bn

In 2022, cybercriminals, using various fraudulent schemes, stole more than £1.2 billion in Britain (approximately $1.5 billion at the exchange rate as of May 11, 2023). This is 8% less compared to 2021. The corresponding data are given in the study of the trade association UK Finance, the results of which were released on May 11, 2023.

The report says that at the end of 2022, almost 3 million cases of financial fraud were recorded in Britain. This is 4% less than the previous year. Losses from criminal schemes with payment cards, remote banking and bank checks were recorded at £726.9 million (about $916 million), which is approximately the same as in 2021. Losses from fraud with lost and stolen bank cards increased on an annualized basis by 30% - to £100.2 million ($126.3 million).

The study showed that in 2022, losses from fraud with Authorized Push Payment (APP) in Britain decreased by 17% compared to the previous year - to £485.2 million ($611.4 million). At the same time, 57% of all registered cases in this category are associated with deception of victims when making purchases.

The analysis showed that 78% of APP incidents originate on the Internet, and another 18% are carried out through various telecom services. The shares of e-mail and all other sources combined are 2% each. Social media platforms account for the largest number of online fraud cases - about three quarters of the total.

The banking and financial sectors are at the forefront of efforts to combat this criminal activity. The industry spends billions on detecting and preventing fraud, as well as returning money to victims of criminals, even if the theft occurred outside the banking system, the report notes.[13]

The number of embezzlement of funds from Russian bank accounts decreased by 15.3% to 877 thousand cases

In 2022, about 877 thousand cases of theft of funds from bank accounts were recorded in Russia, which is 15.3% less than a year earlier. Such data in the Central Bank of the Russian Federation led in February 2023.

According to the regulator, the number of embezzlement of funds from Russian bank accounts decreased for the first time in 7 years, while the amount of damage from the actions of fraudsters in 2022 increased - by 4.3%, to 14.2 billion rubles. Most of the damage is associated with remote banking, it amounted to 9.3 billion rubles.

As in previous years, in 2022, the most transactions without the consent of customers in quantitative terms were for payment for goods and services on the Internet. However, in 2022, the activity of cybercriminals in this area decreased and flowed into remote banking services - mobile and Internet banking. Having gained access to services, fraudsters can not only steal funds from a person in an account, but also apply for a loan. That is why the most losses were in remote banking, explained in the Central Bank.

Banks returned to customers about 4.4% of the total volume of thefts (618.4 million rubles) - this is less than in 2021. This level of reimbursement is explained by the preservation of a high share of social engineering, when citizens independently transfer funds to cybercriminals or disclose bank data. The average amount of theft from citizens' bank accounts increased by 30%.

The Central Bank noted that in 2022, fraudsters began to actively use social networks and mobile applications to steal money. From February 2022, the Bank of Russia will initiate the blocking of such materials. For incomplete 2022, almost 2 thousand pages on social networks and several dozen mobile applications were stopped, and the total number of resources aimed at blocking was over 15 thousand.^[14]

Increase in the number of cases of fraud in VTB 4 times, up to 7.8 million

VTB in 2022 recorded 7.8 million cases of fraud faced by the bank's clients, which is almost 4 times more than a year earlier. The credit institution published such data on February 2, 2023. Read more here.

Tens of millions of bank cards put up for sale in the world

In mid-January 2023, researchers from Recorded Future's Insikt reported that almost 60 million compromised payment card records were put up for sale on darknet platforms in 2022. The indicators decreased significantly compared to 2021, which reached almost 100 million.

Hackers physically hack into sellers' devices to steal payment card data to facilitate Card-Present (CP) transactions. While cybercriminals typically use a digital trade-off, often by infecting a Magecart electronic skimmer, to steal card data in online Card-Not-Present (CNP) transactions.

In 2022, Insikt researchers discovered 45.6 million CNP payment card records and 13.8 million CPs for sale in cardinal stores on the dark web. In 2021, there were 60 million CNPs and 36 million CP records.

CP breaches in 2022 overwhelmingly affected small restaurants and bars, but were down 62% from 2021. The researchers said the number of violations has steadily declined over the years "as the global adoption of safer personal payment methods has increased." After the start of a special military operation Russia on the territory, the Ukraine activity of the carding revived a little, but faced new obstacles, for example, the forums were flooded with "low-quality" cards that had already expired.

The biggest hacks involved compromising websites used for online ordering solutions for restaurants and ticketing solutions for entertainment and transportation companies, including sites such as MenuDrive and Harbortouch. The payment card data of 45 amusement parks became known as a result of the hacking of Core Cashless, an online ticketing platform for amusement parks. The company admitted the hack three months after Recorded Future reported it in July 2022. In 2022, 70% of the 59.4 million compromised payment card records were issued by financial institutions in the United States.

In total, the researchers found at least 20.5 million entries with full primary account numbers on dark web forums, shepherds and social media. After checking the numbers, the hackers either carry out fraudulent transactions or receive more personal information that allows them to fully take possession of the financial account to withdraw funds. Most hackers who receive compromised payment cards do not use them for fraud, but usually sell them in "cardinal stores."^[15]

The Russian darknet has a surge in demand for document scan rendering services for banks

On the Russian darknet, there is a surge in demand for document scan rendering services for banks. So, according to Kaspersky Digital Footprint Intelligence, the frequency of mentions of the "know your client" (KYC) procedure in ads on both Russian and foreign resources in 2021 was about 200 messages per month, and in 2022 it increased to 500 messages. Read more here.

Scheme with "moles." Fraudsters began to steal money from new cards of Russians

On December 22, 2022, it became known about a new scheme of fraud with bank cards in Russia. People are called 10-15 minutes after the delivery of "plastic" and offered to activate it. But in fact, attackers are trying to lure data and steal money from the account.

Most often, fraudsters learn about the release of new cards, their functionality (debit, credit, installment card) and fund movements in accounts from "moles" among bank employees, including full-time couriers, Evgenia Lazareva, project manager of the Popular Front "For the Rights of Borrowers" and coordinator of the Moshelovka platform, told Izvestia.

According to our data, attackers pay them from 500 to 1,500 rubles for information about one client, the expert says. - For employees with small salaries who do not have any responsibility for the safety of data, such proposals look tempting. Therefore, the practice of "drains" is spreading rapidly.

These cards can get to fraudsters and other ways. For example, the employer of a bank client who charges him a salary has information about the holder and part of the details. In addition, people themselves indicate the details of cards when shopping in various online stores.

Sometimes scammers call people until they accidentally stumble upon a bank client who recently received a card, added Alexander Ternovtsov, a member of the Public Chamber commission. According to him, this probability is high, since most people use the services of several credit institutions at once.

The difference between a real banking employee and a fraudster is that the first usually calls with a proposal, and the second - in order to obtain information, says Anton Rogachevsky, head of banking analysis at the Synergy University analytical center. Moreover, the attackers demand something from the client, do not give time to think and put pressure on him, he added.^[16]

The darknet found the largest market for viruses to steal money from bank accounts

On November 25, 2022, Resecurity announced the discovery of the largest market for malicious software on the darknet to steal money from bank accounts. Read more here.

Fraudsters stole 25 million rubles from ex-minister Oleg Mitvol, who is in jail, through a clone of simcards

Fraudsters stole 25 million rubles from ex-minister Oleg Mitvol, who is in jail, writes Mash. Everything happened on June 27, 2022, 17 days after the arrest of the official. Yekaterinburg citizen by the name of Yershov with accomplices forged Mitvol's passport. They came to the Beeline salon with the document and made a duplicate SIM card.

Having gained access to the number, they went to the personal account of his online bank. Within two weeks, almost 25 million had evaporated from Mitvol's accounts. The money was cashed through ATMs in Yekaterinburg. Yershov was detained, is in jail.

Britain, USA, Germany, the Netherlands, Poland and Estonia support the work of fraudulent call centers in Ukraine against Russians

At the end of October 2022 Russian Foreign Ministry , he accused Western countries of supporting "hostile" call centers on. To Ukraine A number of Western countries, including,,, and Britain USA, GERMANY Netherlands Poland Estonia are pursuing a policy of infrastructure support for the functioning of Ukrainian call centers engaged in fraud against Russians.

Bank accountant in Krasnoyarsk Territory received 6 years in prison for stealing 13 million rubles from depositors

In the Rybinsk district of the Krasnoyarsk Territory, a former bank employee was convicted of stealing more than 13 million rubles from depositors' accounts. The regional prosecutor's office announced this on October 10, 2022.

It was established that in the period from 2013 to 2020, a woman, being an accountant of the operating office, had admission to the banking program for working with citizens' accounts. The attacker, on behalf of citizens, remotely ordered the issuance of bank cards. After making the cards, the defendant credited them with money in other accounts of the victims. She managed the funds on her own.

If citizens were going to withdraw money, the woman transferred it from the accounts of other depositors. 22 people suffered from her actions. According to the prosecutor's office, the damage caused was compensated by the bank in full.

The court sentenced the woman to six years in prison in a general regime colony. She was found guilty of committing crimes under Part 1, sub-clause "c," "g," part 3, paragraph "b," part 4 of Art. 158 of the Criminal Code of the Russian Federation (theft).^[17]

2 million rubles were stolen from the grandson of the writer Korney Chukovsky

In October 2022, it became known that 2 million rubles were stolen from the grandson of the writer Korney Chukovsky. Someone just took them out of bank cards through terminals in Moscow. The loss of money from the cards of 89-year-old Nikolai Chukovsky, according to the Database, was accidentally discovered by his stepdaughter Svetlana.

It turned out that from June to the end of September, someone through the terminals in Moscow and the region brought a little more than 2 million rubles from the card. How this could happen, the pensioner himself could not explain - he suffers from dementia and does not talk. Due to the abduction of two million rubles, the police opened a case of theft on an especially large scale.

Russia adopted a law on simplified blocking of bank accounts to combat fraudsters

On October 4, 2022, the State Duma of the Russian Federation adopted a bill on countering theft from bank cards of citizens. The innovations will help to more easily block the entire chain of accounts to withdraw stolen money.

The bill proposes to create a mechanism for information interaction between the Bank of Russia and the Ministry of Internal Affairs. The Ministry of Internal Affairs will transfer data to the Central Bank on actions related to attempts to transfer money without the consent of the client. The Bank of Russia, in turn, will transfer information from the database on attempts to commit illegal transactions to the Ministry of Internal Affairs. This will allow you to immediately start conducting operational-search measures (by October 2022, banks sometimes only after 30 days respond to requests from the Ministry of Internal Affairs for theft).

The investigation will have the opportunity to block the entire chain of accounts within the framework of one criminal case, which will significantly complicate the search for channels for the withdrawal of stolen funds for criminals.

"Attempts by criminals to deceive the funds that citizens keep in bank accounts must be suppressed," said the chairman of the State Duma Vyacheslav Volodin in October 2022. - Since the beginning of 2022 alone, more than 72 thousand crimes have been committed using plastic cards. People receive dozens of calls a day, fraudsters present themselves to them by employees of banks and law enforcement agencies. "

In August 2022, the Central Bank of the Russian Federation spoke about legislative amendments, which, if adopted, will force banks to "pay" customers for transfers they made to fraudsters. The initiative provides that banks that have made a transfer to a fraudulent account will have to return the entire amount to the client within 30 days from the date of receipt of the application from him. In addition, for cross-border fraudulent transfers, the return period will be increased to 60 days.^[18]

Bank customers in Russia can now limit online operations themselves to protect against fraudsters

From October 1, 2022, an order of the Central Bank of the Russian Federation comes into force in Russia, according to which bank customers will be able to limit online operations to protect against fraudsters. In particular, they will be able to establish a ban on Internet lending and the maximum amount of the transaction. You can change the settings at any time.

Such a proactive measure is especially relevant for people most exposed to the influence of cyber fraudsters, for example, for senior citizens. If a ban on remote operations was established, then fraudsters will not be able to issue an online loan or steal your money, even if they were able to access your online banking, - comments Vadim Uvarov, Director of the Information Security Department of the Bank of Russia.

A number of banks reported RIA Novosti"" that they had already implemented the opportunity for their customers to limit either all operations indicated by the Central Bank, or some of them. So, Novikombank they said that they had previously provided customers with the opportunity to limit limits on online operations and the very possibility of connecting to remote banking.

Promsvyazbank They said that the bank's clients already have the opportunity to set restrictions on any online operations, including a ban on online lending. In addition, mobile Internet bank and PSB customers can independently set daily or monthly limits on spending funds on transactions on accounts and cards, the credit institution noted.

For additional protection of customers from the actions of cyber fraudsters, from October 1, 2022, banks will also be required to identify all devices from which citizens perform online operations, confirm their phone numbers and email addresses.^[19]

Google tool lets you steal map data

On September 21, 2022, it became known that according to a Recorded Future report, hackers use Google Tag Manager (GTM) containers to install skimmers that steal payment card data and personal information of buyers on e-commerce sites. Read more here.

In Russia, they plan to introduce criminal liability for drifting

The Ministry of Internal Affairs, together with other departments, on behalf of the government, "is working on the issue of establishing criminal liability for persons who help cyber fraudsters to draw up accounts and issue bank cards for monetary remuneration," said ministry spokesman Roman Bubnov. While the droppers manage to avoid responsibility. This became known on July 12, 2022.

Droppers, or drops for short, are people who either provide their data to scammers to open accounts in order to take stolen money along the chain, making it difficult to reach the original attacker, or do so through their accounts.

The problem requires a solution, experts interviewed by the source confirmed. Such schemes, along with unemployed, marginalized, guest workers and students, involve teenagers who are looking for quick and easy money.

Often, fraudsters use social networks and local district communities to search for droppers, "said Evgenia Lazareva, head of the Moshelovka Popular Front project. It is estimated that the dropper's income can even be up to 40% of the transfer.

With the difficulty of transfers abroad under the conditions of sanctions, the demand for intermediaries increases, since mainly the transfer of funds is carried out through cryptocurrency.

According to Bobunov, the main way to minimize cyber fraud is preventive measures, or prevention.

This activity includes two main aspects. The first is activities to raise awareness and digital and financial literacy of the population. The second aspect of the prevention of IT crimes is the improvement of legislation in the field of digital services, the introduction of various restrictions on the use of personal data and mechanisms for their additional protection, - said the representative of the ministry.

As explained by the lawyer of KA "Yukov and Partners" Jamali Kuliev, as of July 2022, they are prosecuted for this under Art. 172 of the Criminal Code of the Russian Federation ("Illegal Banking"), however, the Ministry of Internal Affairs of the Russian Federation proposes to allocate the drip to a separate composition. This is the right initiative, since the disposition of the 172nd article is quite extensive, Kuliev believes.

If we are talking about a qualified composition - committed by an organized group, income was extracted on an especially large scale - then the punishment should be more severe - up to seven years in prison, - said the expert[20].

The Central Bank of the Russian Federation warned of a new fraud scheme with "compensation for losses from fraudsters"

At the end of May 2022, the Central Bank of the Russian Federation spoke about a new fraud scheme in the country. Attackers began to offer Russians "compensation" if they fell victim to other scammers.

As explained in the regulator's Telegram channel, the scheme works as follows: attackers ask the victim to fill out a form with personal and financial data in order to allegedly check the due amount of the return and issue it. And then, having received this data, they steal money from a person.

To allegedly return the money stolen from him to the victim, fraudsters create special sites, links to which are sent by email, via SMS or instant messengers. Sometimes swindlers call with a proposal to issue compensation for stolen funds.

It is impossible to return them in such a situation, the Central Bank notes. If the money was debited without the consent of the client, he did not transfer it on his own and did not inform the fraudsters of his personal and financial data, it is necessary to block the card and contact the bank.

According to Vadim Uvarov, director of the information security department of the Bank of Russia, at a meeting of the Association of Russian Banks, this is the so-called version of the theft scheme "deception on deception." According to him, since the beginning of May 2022, the Central Bank has initiated the blocking of 38 Internet resources offering "various compensations, including the return of money stolen by fraudsters."

The scammers have built a fairly systematic work. They adapt as a living organism to constant changes in the environment, "Uvarov added.

The Central Bank in May 2022 initiated the blocking of a total of more than 25 thousand fraudulent telephone numbers, which is 13% more than in April, and three times more than in March 2022.^[21]

Hackers stole money from customers of Pakistani bank United Bank Limited

Cybercriminals robbed United Bank Limited (UBL) -, bank Pakistan through - Internet banking, taking advantage of compromised data rows debit cards to conduct fraudulent financial transactions in (dollars instead of Pakistani rupees). This became known on April 26, 2022. More. here

Sberbank stopped a large-scale attack from Ukraine on the cards of Russians

Sberbank stopped attack maps Russians the large-scale on the part of the Ukrainian developer, applications who tried to write off funds throughout the accumulated to base customers. It became known on April 18, 2022 from the words of the deputy chairman of the board bank Stanislav Kuznetsov. More. here

Roskachestvo warned of a new type of fraud with bank cards

Roskachestvo warned of fraudulent sites offering to check compromised bank cards. This became known on March 15, 2022.

After publications MEDIA that attackers leaked Internet data more than 100,000 the Russian bank cards into the shadow, fraudulent sites began to appear on the network that offer to check the user's card data for compliance with the merged one. bases Advertisement such services are actively used social networks in Telegram and -channels. The advertising newsletter affects not only the owners of communities and groups about, but also finance users as far away from bank terms as possible. This means that anyone can get on this fishing rod.

Fake sites have a similar structure: the cardholder is offered to enter the data of their cards, allegedly to check whether they fell into the hands of the attacker. The service uses the most cynical approach. After entering their payment data, the user transfers his data to fraudsters, debiting funds from the card can occur immediately.

Roskachestvo reminds users that there is no single official service for checking compromised bank cards! All such services on the network are fraudulent. Do not enter card data on dubious sites or dictate them when talking by phone with a potential fraudster, "said Sergey Kuzmenko, senior specialist in testing digital products of Roskachestvo.

Also, payment data can fall into the hands of fraudsters if you use the free and unpopular VPN service. There is a risk that after activating the service, your card data will be compromised^[22].

Fraudsters in Russia began to transfer money to potential victims for further deception

In February 2022, it became known that fraudsters in Russia began to transfer money to potential victims for further deception. Stanislav Pavlunin, Security Director of Post Bank, told Izvestia about the new fraud scheme.

Criminals create clone sites of real investment companies for trading on the stock exchange. Then they convince Russians to register in their personal account and transfer funds allegedly to a brokerage account. Then an amount of 10-15 thousand rubles comes to the victim's card. Believing in easy earnings, many fall into euphoria and transfer much larger amounts to the false rocker, including those taken on credit, after which the scammers disappear.

In the wake of euphoria from easy earnings, people are already transferring significant amounts to fraudsters. And the attackers themselves, spending small funds, eventually break the big jackpot, "Pavlunin emphasized.

Representatives, Moscow exchanges, VTB"" Bank's BBB of the broker BCS confirmed that the companies are aware of such a fraud scheme. information security Igor Grachev, head of the BBB Bank department, said that by February 21, 2022, such a scheme is poorly distributed, but future victims themselves can help scale it: having received the first income, a person can advise others to invest in such tools.

Making several payments by fraudsters in favor of potential victims is a new excuse to "raise the check" of the theft, said Alexei Sizov, head of the fraud prevention department at the Jet Infosystems Center for Applied Security Systems. According to his estimates, usually fraudulent sites that are necessary to implement the scheme are blocked after complaints from users or owners of the resources they mimic for several days. However, making payments allows you to pacify the vigilance of customers and increase the "life expectancy" of the portal to several weeks, the expert noted.^[23]

2021

Central Bank proposed to establish a mandatory amount of return to victims of fraudsters

The Central Bank proposed to establish a mandatory amount of return to the victims of fraudsters, which banks must return to individual clients who have become victims of fraudsters, in a simplified manner. This became known on December 6, 2021.

Letters from the Central Bank are issued on behalf of the head of the information security department Vadim Uvarov. Uvarov notes the need to improve the protection system for bank customers, who have recently become more likely to face embezzlement of funds. So, in the third quarter of 2021, fraudsters stole about 3.2 billion rubles from bank customers. Banks were able to return only 7.7% to victims.

The financial regulator proposes to introduce a simplified refund procedure, while the amount will be determined by the Bank of Russia itself. The algorithm of actions will consist in filing a complaint with the bank about fraud by the injured citizen no later than a day. The Central Bank has not yet disclosed the amount mandatory for return, noting only that it will be formed from the calculation of "returning funds to citizens on average 80-90% of all cases of social engineering."

It is also emphasized that the return mechanism will be mandatory for all banks, but its percentage will be higher for those credit institutions that have a low level of theft protection mechanism. According to the current law, banks are obliged to return to the client funds that disappeared through no fault of the client himself ^[24]

Sales of these bank cards in Russia and the CIS fell by 77%

The volume of the carding market (fraudulent extraction and sale of these bank cards) in Russia and the CIS countries at the end of the 12-month period, the end of which fell on June 30, 2021, amounted to $270.9 thousand, which is 77% less than a year ago. The number of bank card data posted for sale on the darknet and attributed to banks decreased by 60% - from 34.8 thousand to 13.8 thousand units. This is evidenced by the data of the Group-IB company, released in early December 2021.

At the same time, the volume of the dump market in the region decreased by 88% - to $115 thousand from $932 thousand, and text data - by 44%, to $155 thousand from $278 thousand. The price in cardshops for "text" slightly increased - to $15.4 for a card from $14, and for a dump (the contents of bank card strips) it halved - to $31 from $62.

At the same time, the number of text data (number, expiration date, holder's name, address, CVV) of bank cards from all over the world has increased. Their number increased by 36% - from 28 million to 38 million, which was the result of an increase in the volume of phishing resources during the pandemic.

Group IB considers the sale of access to corporate networks of companies on the darknet a key threat to cybersecurity. From July 2020 to June 2021, the number of sellers of such access increased relative to the same period a year earlier - three times, to 262, the report says. At a similar pace, the number of offers to sell access to corporate networks increased by ― 204%.

There are two sources of card data on the market: these are skimmers, that is, devices for reading bank card data installed in ATMs, and online stores on whose sites attackers compromise data entered from cards, said Sergey Golovanov, chief expert at Kaspersky Lab. According to him, the activity of both in Russia is falling - this is due to the opposition provided by banks, for example, by introducing systems such as 3-D Secure, which require additional confirmation of payment using a one-time password, even if the correct card data is indicated when paying.^[25]

85% of Russians faced financial fraud

On November 22, 2021, Visa announced that the vast majority of Russians had faced financial fraud at least once. According to the results of the study, 85% of respondents received calls or messages from scammers, ended up on fake sites or otherwise contacted attackers. 8% became victims of deceptive schemes and lost money, while every seventh victim cannot explain how the details of their bank card became known to outsiders. The main reason is that Russians do not know the rules for the safe use of cards well and do not know how to resist the psychological manipulations that fraudsters use.

Usually people face fraud over the phone and on the Internet. Attackers call to allegedly stop suspicious activity on the card - for this they introduce themselves as employees of the Bank, the Bank of Russia or the police and try to find out the code from SMS or force them to transfer money to the so-called 'security account'. Acting on the Internet, scammers send messages asking them to transfer money to help those in need.

Most often (22%), Russians become victims of deception when trying to pay for goods or services on fake sites. Another common method of fraud is appeals from an allegedly familiar person in instant messengers and social networks with a request to lend money (on average 12%)

To protect yourself from fraud, it is not enough to rely only on technical means. The human factor, unfortunately, is the main reason why many people fall victim to deception. Ingenuity and mastery of psychological manipulation skills is what distinguishes fraudsters whose activities know no bounds. Fighting social engineering is not easy, but it is possible. To do this, it is necessary to explain to cardholders how fraudsters act and how to behave in such a situation. This is exactly what we are talking about as part of our "Drop the Phone" campaign in Russia. The simplest thing that everyone can do when faced with fraudsters is to interrupt communication with them: close a fraudulent letter, leave a fake site or drop a phone call, - said Evelina Nechiporenko, head of the Visa risk management department in Russia.

The pandemic provoked an increase in the activity of scammers. More than half of the respondents began to receive calls and messages from fraudsters more often, while representatives of the older generation noted this fact more often than others. 5% of respondents first encountered fraud during this period. During the pandemic, the schemes used by scammers have not changed. But there were scenarios that reflected the current problems at that moment. Attackers can disguise their tricks as offers of social payments, preferential mortgages, medical services, etc. People think that scammers are inventive and come up with something new all the time, but in fact only the scenario of deception changes. For example, do not pay tax allegedly for winning the lottery, but receive benefits and pay tax on it.

Only 0.2% of Russians know how to secure their bank card data

On November 9, 2021, Visa announced that most Russians do not have sufficient knowledge of how to protect their bank card data from fraudsters. According to the results of the study, only 0.2% of respondents know what information on a bank card and who can be provided, as well as how to distinguish a secure website for payment on the Internet. The vast majority of respondents own information only partially, which makes them vulnerable to fraudsters and the use of social engineering techniques.

90% of respondents are familiar with certain security rules: to make payments only on official websites, not to record a PIN code from a card, not to inform third parties of their card details. Younger people under the age of 25 are less aware of this. And those respondents who have already had experience with fraudsters know these rules better. Those who have not yet encountered attackers were the least protected from fraudulent schemes.

Technologies that protect payment data are improving every day, becoming more reliable. However, as the results of the study show, which are confirmed by facts from practice, many users are still not ready to meet with fraudsters, risking losing their own funds, - commented on the results of the study Evelina Nechiporenko, head of the Visa risk management department in Russia. - Fraudsters use social engineering methods, and under the influence of psychological manipulation, people themselves share card data and personal information with fraudsters. With the beginning of the pandemic, we saw a surge in fraud associated with the emergence of new social engineering scenarios, such as the receipt of supposedly "business support benefits," "soft loans," the offer of large discounts on personal protective equipment and much more. But the problem remains acute, and fraudsters are mastering new, digital channels, where they are increasingly conducting their illegal activities. The most effective way to counter attackers is to teach people to recognize social engineering techniques.

Most often, respondents are ready to disclose card details and personal information in a conversation with a person who introduced himself as a bank employee - about 15% agree to provide information about the validity period of the bank card and the phone number to which it is tied. In this matter, the so-called "bank employees" are trusted even more than fraudsters who appear to be law enforcement officers. But at the same time, Russians are more willing to share their home address with allegedly "law enforcement officers" - every fifth person is ready to report this data.

Imaginary representatives of the Central Bank are less trusted. But still, two percent of respondents are ready to tell them even a code for accessing a mobile bank, a three-digit code on the back of the card and a payment confirmation code from SMS. For comparison, with those who call allegedly from "law enforcement agencies," this information is ready to share twice as many respondents.

The number of the bank card and the name of its owner are information that can be reported to these bank employees. However, every second respondent (54%) believes that such data cannot be reported to anyone.

As a Visa study showed, Russians consider two-factor payment authorization to be the most effective for protecting payment data. At the same time, only 55% of respondents trust it (among men this figure is higher - 61%). The most common way to protect payment data was one-time payment confirmation codes - 74% of people use them. But despite this prevalence, only one in four trusts one-time codes and considers them effective.

Biometric methods of protecting information are less common, but the level of trust in them is higher. So, 42% use fingerprint recognition. Moreover, 39% consider this method reliable. It is noteworthy that in St. Petersburg, 62% of respondents use a fingerprint, which is 10% more than the average. Face ID protection is much less common - it is used by 12% of respondents. 14% of Russians trust this technology, and among respondents aged 18-34, this figure was 18%. Another 3% use voice-based protection.

12% of respondents believe that there are no effective ways to protect data.

Payment on the store's website is the most popular way to pay online. It is used by 73% of respondents and 45% consider it safe. But at the same time, only 35% of respondents pay attention to the page address and know that the secure address starts with https and must contain a closed lock icon. Thus, about 65% of Russians could potentially become victims of fraudulent sites when paying for purchases on the Internet. It is worth noting that among respondents from St. Petersburg, as well as among respondents aged 18-24 years, almost every second knows what the address of safe pages should look like.

Confirming payment for purchases with a one-time code from SMS, Russians are highly vigilant. Most pay attention to the amount written off (76%) and the name of the online store (65%). At the same time, 76% of respondents know about the Visa Secure security protocol, which protects online purchases using one-time codes.

Understanding the importance of increasing financial the literacy and awareness of cardholders about anti-fraud measures, Visa launched a Russia educational campaign called "Drop the phone!" In a simple and understandable manner, experts and bloggers tell users how to recognize scammers and use methods of psychological manipulation. The main recommendation in this case is to interrupt communication with the attacker - hang up during a telephone conversation, delete phishing email or SMS, close an unverified, suspicious site.

Fraud in fintech services in the world soared by 70%

On March 21, 2022, Sift (a developer of cyber incident response tools) released a 2021 report that describes the increasingly sophisticated and often automated tactics used by cybercriminals to commit payment systems fraud.

Based on data from the global network, which includes more than 34 thousand sites and applications, the index shows that in 2021 the level of attacks on payment fraud in the fintech sector increased sharply by 70%, which is the highest among all sectors of the network.

The rise in payment fraud also correlates with Sift's massive 121% growth in fintech transactions compared to 2020, making the sector an attractive target for cybercriminals.

According to the report, these growing attacks were primarily aimed at alternative payments, such as digital wallets, where there was a 200% increase in payment fraud, as well as payment service providers (+ 169%) and cryptocurrency exchanges (+ 140%).

This fraud tactic was aimed at buy now/pay later (BNPL) services, in which the number of fraudulent attacks increased by 54% compared to 2020. At the end of 2021, Sift Trust and Safety Architects discovered a growing number of fraudulent Telegram schemes offering unlimited access to BNPL accounts through fake credit card numbers and compromised email addresses, indicating a wide range of methods used by subjects to attack the entire fintech sector.

At the same time, 49% of survey respondents reported that they became victims of payment fraud over the past one to three years, and 41% of victims faced only in 2021. Of those victims, 33% cited financial services sites as the sites that pose the greatest risk, which could negatively impact customer confidence in the industry.

Many brands don't understand that the damage from payment fraud goes beyond the initial financial implications, "said Jane Lee, an architect of trust and security at Sift. - The vast majority of consumers report abandoning brands after facing fraud on the company's website or app, reducing the customer's lifetime value and increasing the cost of attraction.

In addition, potential customers who see unauthorized expenses from a particular company on their bank statements permanently associate the brand with fraud. To combat these attacks and increase revenue, companies should adopt a digital trust and security strategy that aims to prevent fraud and simplify customer experience.[26]

Russians lost 3.15 billion rubles due to fraud with fake payment systems

For the 12-month period, the end of which fell on June 30, 2021, the losses of customers of Russian banks due to fraud schemes with fake payment systems reached 3.15 billion rubles. The corresponding study was published by Group-IB on December 14, 2021.

According to experts, deceived users in the Russian Federation during the specified period made 11,767 payments daily, which totaled 8.6 million rubles per day, which led to damage of 3.15 billion rubles for the reporting period based on the average transaction size, which is multiplied by the number of detected transactions on phishing payment pages.

Security online payments two-factor authentications and user, provides the technology 3-D Secure that all payment systems support, the company points out. However, now fraudsters have learned to fake 3-D Secure pages, experts point out.

The Group-IB company explained that the scheme with a fake payment system is difficult to implement, it is difficult to detect most classic anti-fraud solutions. Attracted by fraudulent advertising, spam mailing, announcement on message boards, the buyer enters the phishing page of an online store, marketplace or online service. After choosing an item or service, the victim enters the details of his bank card on the fraudulent resource into the payment acceptance form. The data goes to the fraudster's server, where the P2P services of various banks are contacted, indicating one of the fraudster's cards as the recipient.

Pavel Krylov, head of Group-IB for countering online fraud, said that the company has repeatedly warned banks about the need to strengthen protection against this scheme, which is usually carried out through direct requests that are generated by fraudsters or using bots. The units of the largest banks in Russia and the CIS have protection against this type of fraud. ^[27]

The Central Bank explained why it will block bank cards of Russians

The Bank of Russia has published guidelines with criteria for determining payment cards and electronic wallets involved in shadow business. Information about this appeared on September 13, 2021.

Banks will be able to identify organizers, financial pyramids illegal forex dealers, cryptocurrency Internet exchangers and illegal online casino payment instruments. The Central Bank posted the recommendations on its official website.

Recommendations of the Central Bank

In particular, according to representatives of the Bank of Russia, two or more signs from the list of recommendations, simultaneously seen on a payment card or electronic account, can be considered a reason to block an unreliable payment instrument.

First, an unusually large number of payers or recipients will be suspicious, for example, more than 10 per day, more than 50 per month.

Secondly, an unusually large number of non-cash deposit or debit transactions that are carried out with individuals, for example, more than 30 transactions per day.

Thirdly, significant volumes of transactions for writing off or crediting non-cash funds, for example, more than 100 thousand rubles. per day, more than 1 million rubles. per month.

Also, the Bank of Russia considers the criteria for a suspicious account to be a low balance of funds in a bank account at the end of the operating day (does not exceed 10% of the average daily volume of transactions in a bank account or electronic means of payment during the specified period).

A cause for concern may be cash write-off transactions that exclude payments to ensure the life of an individual (for example, payment for utilities, communication services, goods).

The list also includes a match of identification information about the device (for example, MAC address, digital fingerprint of the device, etc.), which is used by different individual clients for remote access to the services of a credit institution for transferring funds.

In addition, the bank should pay attention to the time between crediting and writing off funds: if the gap is very short (less than one minute), then this is also suspicious.

The Bank of Russia also stressed that due to transfers to illegal structures, citizens risk not only losing money, but also being involved in fraudster schemes. Methodological recommendations, according to the bank, "are aimed at protecting the interests of consumers and reducing suspicious transactions." They will allow you to quickly identify and block suspicious payment instruments.

The Bank of Russia recommends that banks "ensure the necessary protection of P2P services so that they cannot be used to conduct suspicious transactions." The P2P platform is an intermediary between an investor and a borrower who receives money through an online service. The Central Bank warns that illegal business is connected to services through special program modules.

Electronic wallets and bank cards of shadow business participants are not used to pay for utilities or small purchases, at the same time they are involved in performing transactions unusual in frequency and amount. Such means of payment, as a rule, are issued on dummy individuals.^[28]

How the Bank Can Counter Real-Time Fraud and Money Laundering

Main article: How to counter fraud and money laundering in real time

During the coronavirus pandemic, when global problems are unprecedented and there is a general economic downturn, crimes related to, COVID-19 including fraud, cybercrime, misuse and illegal use of public funds or international financial assistance are increasingly occurring. Today, banks have to take the initiative into their own hands and build a system for protecting bank transactions, taking into account the changed realities and new threats. cyber security

Fraudsters began to create fake copies of bank sites to steal money from Russians

On September 6, 2021, it became known about a fraud scheme used to steal money from bank cards. As the Russian Information Agency in the Ministry of Internal Affairs told TASS, swindlers create "doubles" of banking sites that are difficult to distinguish from the official resources of credit institutions.

A relatively new way to steal money from a bank account is to create and use the bank's "mirror" website. This method is possible when the victim uses his personal account on the bank's website, the agency's press service told the agency.

If a person goes to a "mirror" site and enters a login and password, then fraudsters can enter on this site on behalf of the victim in his personal account. In addition, fraudsters will be able to connect the Mobile Bank service to their number to the victim's account.

According to Nikita Chugunov, head of the digital business department, senior vice president of VTB, the bank is developing a service for checking suspicious sites that will help customers avoid entering fake portals. On this site, unlike fake ones, there is a secure connection via an encrypted communication protocol (https ://), he also recalled in a conversation with RBC. Alfa-Bank constantly blocks fake sites and accounts in social networks, and also plans to conduct a large-scale notification of customers, which will help them recognize such fakes.

According to statistics from the Ministry of Internal Affairs, for seven months of 2021, almost 320,000 cybercrimes were registered in Russia, which is 16% more than the same period in 2020. Almost 180,000 of them are in the category of grave and especially grave.

At the end of August 2021, it became known that fraudsters began to "play" free pizza on behalf of banks. On specially created sites to receive a prize, they are asked to enter the bank card number and phone number, after which they will twice transfer the code from SMS to the attackers. This data allows access to the personal account of online banking.^[29]

Fraud scheme involving 'overseas accounts' and claiming to pay commission

In early August 2021, the Bank of Russia warned of a new fraud scheme. Swindlers, on behalf of the regulator, send letters to Russians stating that large money accounts are allegedly opened for them in foreign credit institutions and citizens need to pay a commission.

The Central Bank of the Russian Federation said that the Bank of Russia, on its own initiative, does not send letters to citizens, does not call or send messages. The regulator asks not to respond to such mailings.

When receiving e-mails of receipt in your name of a large sum of money from a foreign bank or organization, the origin of which you do not know and/or raise doubts, as well as with an offer to pay a commission/tax/insurance, etc., to receive it, we strongly recommend not to respond to such messages and in no case transfer money, since this is a common type of fraud, the Central Bank said in a statement quoted by Vedomosti.

According to the Federal Tax Service, by 2021, Russian individuals and legal entities have about 700 thousand accounts in foreign banks, which hold more than 13 trillion rubles. True, we are talking about accounts that are known to the tax authorities thanks to the automatic exchange of information with other countries. In fact, Russians keep much more money abroad, according to the Federal Tax Service. By 2021, 99 out of 108 countries participating in international exchange will exchange tax information with Russia.

The Central Bank also warned that fraudsters can also call on behalf of the Bank of Russia, write SMS messages and in instant messengers with a proposal to receive compensation for previously purchased medicines - for example, medical devices, dietary supplements.

In order not to become victims of intruders, be vigilant, always check the information for accuracy and do not succumb to provocations, the Central Bank emphasized.[30]

The Bank of Russia explained how to return the money stolen from the account

In July 2021, the Central Bank of the Russian Federation talked about how to return the funds stolen from the bank account. The algorithm cited by Artem Sychev, First Deputy Director of the Information Security Department of the regulator, is as follows:

• Step one. Write an application to the bank and indicate how much was stolen from the account;
• Step two. Contact the police. This action should be performed in case of voluntary transfer of personal or banking data;
• Step three. Go to court. If the client made a payment himself or informed the fraudsters of the PIN-code of his card or SMS-code, it turns out that he violated the agreement with the bank. And then it will be possible to return the money only in court.

The user of financial services is protected by law and can in any case return his money, but there are certain subtleties. If in the course of communication with attackers, the client performed the action on his own, then in this case it will be much more difficult to return the money, - explained the representative of the Central Bank in an interview with Sputnik radio.

The Central Bank reported that in 2021, fraudsters began to practice new tactics: they inform their victim about the threat of embezzlement of funds, then force her to go to a bank branch and withdraw one or another amount, after which they transfer it through a payment terminal or ATM of another bank. And, thus, the bank that serves this client sees just a withdrawal of money, and where the funds went, he does not know, Sychev said.

Compliance with certain rules can help the abyss from the field of view of telephone fraudsters, says Pavel Myasoyedov, director of IT-Reserve. He advised installing an incoming call recognition app and not answering numbers marked as malicious. In a conversation with an unknown subscriber, you should hang up at the slightest suspicion.^[31]

Swindlers began to withdraw money from banks with fake passports of Russians

In early July 2021, it became known about a new fraud scheme in Russia. The police and specialists of the Group-IB company stopped the activities of the group that was engaged in such a scam.

Fraudsters posted ads on popular Internet sites for the sale of real estate, premium cars and medical masks. The accomplices who were interested in the proposals of citizens asked to confirm their solvency.

To do this, they were asked to transfer a certain amount to any of their acquaintances or relatives using certain payment systems, and then provide the seller with a receipt for a financial transaction.

Having thus received the personal data of the recipients of transfers, fraudsters made fake passports in their names, with which they visited banks and withdrew money from citizens' accounts.

In the Moscow region alone, according to police, they committed more than 30 similar frauds. Seven criminal cases have been initiated. Nine suspects were detained on the territory of Moscow, Moscow, Saratov and Volgograd regions. By July 5, 2021, four of them were detained. A recognizance not to leave the place and proper behavior were taken from the rest.

Searches were carried out at the addresses of the actual residence of the suspects, during which fake passports, stamps, forms of temporary stay of citizens, bank and SIM cards, computer equipment and communications equipment of evidentiary importance for criminal cases were found and seized, the Ministry of Internal Affairs said.

According to preliminary data, the scammers acted for 3-4 years. According to the source Businessman"," so far we are talking about damage in the amount of 20 million, rubles but during the investigation with the appearance of new episodes in the case, this figure will certainly increase significantly.^[32]

Theft of money from maps of Russian citizens using Google Photos

In early February 2021, it became known about a new fraud scheme in Russia. Swindlers began to use the Google Photos service. Read more here.

A scheme of fraud with duplicate bank cards has appeared in the Russian Federation

On January 24, 2021, it became known about a new scheme of fraud with bank cards in Russia - by creating their duplicates. For this scam, attackers previously steal victim data, for example, from databases leaked to the network.

According to Artyom Tuzov, executive director of the capital market department of Univer Capital investment company, in an interview with the Prime agency, fraudsters usually call their victims, posing as bank security officers. They allegedly simply check the data with the database of the credit institution. During the conversation, they ask for the card number, its validity period and CVV/CVC code on the back. Then they ask for the password from the mobile application and write off the money.

While the victim has time to notice the outflow of money, the transaction is already taking place and it is very difficult to return the funds, the expert said.

In some cases, scammers can change the primary phone number to which the card is linked to withdraw money to other people's accounts. In turn, duplicate cards can be used to conduct transactions to deceive third parties.

To protect yourself from problems, it is important not to inform outsiders of your personal data, Tuzov emphasized. If there are suspicions, then it is worth contacting the bank's hotline or one of the offices.

Deputy Chairman of the State Duma Committee on Information Policy, Information Technology and Communications Andrei Svintsov advised to open two or three bank cards. One of them, according to the parliamentarian, should be used as a salary, reserve savings should be postponed for the second, and a minimum of funds should be kept on the third and money should be transferred there only for small household purchases.

Mikhail Kogan, head of the analytical research department of the Higher School of Financial Management, believes that the increase in the growth of bank card counterfeits is caused by the wide penetration of banking services into the regions and the low level of awareness of citizens about how they can avoid the risk of becoming victims of fraudsters.^[33]

2020

Banks returned to customers only 11.3% of the volume of transfers written off by fraudsters

Banks in 2020 were able to reimburse their customers 11.3% of the total amount of money transfers made without their consent, the Central Bank reported. In 2019, the return rate of funds stolen by fraudsters was higher - 14.6%. The real indicator is even worse, bankers do not give the regulator some of the information.

Detention of suspects suspected of embezzlement of 122 million rubles from the accounts of Sberbank customers

The police detained suspects in the theft of more than 122 million rubles from the accounts of Sberbank customers. This was reported on December 12, 2020 by the Ministry of Internal Affairs of the Russian Federation. Read more here.

80 cell phones seized when trying to import them into Butyrka

In December 2020, Butyrka was not allowed to carry a batch of mobile phones to organize a call center. Employees of the isolation ward found and seized more than 80 cell phones. They were hidden  in paint cans  and bags of dry mixtures.

Prohibited items were found during the inspection of the Citroen van , which imported building materials to the territory of the insulator for repair work.

Earlier , a fraudulent call center was already discovered in the cells of prisoners of the Moscow SIZO "Matrosskaya Tishina." The inmates called bank customers and tried to steal money from them. Usually such call centers work with the sanction of the leadership of the pre-trial detention center and the FSIN. They generate hundreds of millions of profits. Scammers are in every second pre-trial detention center in  Russia. One call center of 50 "employees" makes about 20 thousand calls a week,  in half of the cases the subscriber picks up the phone.

Group-IB together with Europol prevented damage to banks for €40 million

Group-IB, an international company specializing in prevention, cyber attacks on November 26, 2020 announced that it had taken part in the international operation of Europol and the Great Britain police Holding Action 2020, aimed at combating the underground market for the sale of stolen data. bank cards The details of the special operation Carding Action 2020 were revealed by the representative of the structural unit of Europol - the European Center for Combating cyber crime (EC3) - Tobias Vilokh.

The operation itself lasted three months and, in addition to Europol, police took part in it, Italy Hungary the UK, in particular, the department for combating payment crimes of the Metropolitan Police Service London and the City Police.

Group-IB, the only private cybersecurity company involved in the operation, provided European law enforcement agencies with information about 90,000 bank cards compromised using phishing websites, banking Trojans for PCs, Android, as well as JS sniffers that attackers inject into the website of online stores to intercept user-entered data - bank card numbers, names, addresses, logins, passwords, etc. All this huge array of disparate information was carefully collected from closed sources of the hacker underground - cardshops, forums, botnets, JS sniffers, and analyzed by the system to study cyber threats and hunt for attackers Group-IB Threat Intelligence & Attribution.

To prevent the illegal use of stolen data, Europol employees coordinated in real time the exchange of information between law enforcement agencies in Italy, Hungary, Great Britain, banks and payment systems. As a result of the Carding Action 2020 operation, European financial institutions, according to Europol, managed to prevent potential losses of about €40 million.

The volume of the market for sales of stolen bank card data approached $2 billion

Group-IB, an international company specializing in the prevention of cyber attacks, investigated the key changes that have occurred in the field of cybercrime in the world and on November 25, 2020 shared its forecasts for the development of cyber threats for 2021. Read more here.

According to the Group-IB Hi-Tech Crime Trends 2020-2021 report, the carding market volume for the study period grew by 116% - from $880 million to $1.9 billion - compared to 2019. High growth rates are characteristic of both text data (number, expiration date, holder name, address, CVV) and dumps (contents of magnetic strips of cards). The number of text data offered for sale increased by 133% - from 12.5 to 28.3 million cards, and dumps by 55% - from 41 million to 63.7 million. The average price for text data of a bank card is $12, dumps - $17. The maximum price for text is $150, for a dump - $500.

The main way to compromise magnetic stripe data is infection computers with POS special connected terminals trojans that collect from data RAM. During the reporting period, the activity of 14 Trojans used for this purpose was detected. The main target of fraudsters are bank cards issued: banks USA they account for more than 92% of all hacked cards, then they go by a wide margin. India During South Korea the study period, the volume of the dump market grew from $700 million by 119% and reached $1.5 billion.

Text data is stolen using phishing sites, banking Trojans for PCs, Android, as well as as a result of hacks of e-commerce sites and the use of JavaScript sniffers. Each family of JS sniffers is a set of samples with minor differences in the code that are injected by attackers into the site to intercept data entered by the user - bank card numbers, names, addresses, logins, passwords, etc. Over the past year, it was the use of JS sniffers to steal bank cards that became one of the main ways to obtain large amounts of payment information. Their growth was also influenced by the trend in the resale of access to various sites and organizations on the darknet. In total, as of November 2020, Group-IB specialists track 96 families of JS sniffers, which is 2.5 times more than in 2019, when only 38 families were known. In general, according to Group-IB, over the past year, almost 460 thousand bank cards were found, compromised with the help of JS sniffers. In general, during the study period, the volume of the text data market of bank cards increased from $179 million by 101% to $361.

The threat of theft of bank card data is most relevant for classic retail, which has an online sales channel, for eCommerce companies selling products and services via the Internet, as well as for banks that are involved in the incident, both in terms of leveling the consequences for their customers and in terms of potential measures by regulators.

The main schemes for obtaining bank cards and the attacked countries (USA, India, South Korea, etc.) will remain unchanged. A region with growing carder activity can be Latin America, where the hacker community and the experience of using Trojans for these purposes are already strong enough.

The doctor of the Sklifosovsky Research Institute transferred 6.6 million rubles to VTB false workers

In mid-November 2020, it became known that fraudsters lured almost 6.7 million rubles from an employee of the Sklifosovsky Research Institute of Emergency Medicine. Read more here.

Fraudsters began to pay with other people's cards and receive cash from buyers

On November 17, 2020, the Moscow Ministry of Internal Affairs warned of a new type of fraud in stores. At the checkout, a person comes up from the queue to the buyer who offers to pay for purchases with a bank card, and in return from a potential victim to receive money in cash.

The fraudster explains this by the fact that the ATM does not work, and he urgently needs money, the press service of the metropolitan police told TASS. Often the request comes from a young charming woman. Many meet halfway, since most people have been in similar situations when the ATM does not work, and it is necessary to pay for the purchase. However, the cards used by the swindlers are stolen. They do not know the PIN-code and pay with someone else's money, also receiving someone else's availability in return.

Thus, you contribute to a fraudster by giving money out of your own pocket, "the agency's interlocutor explained.

The police advised not to be gullible, even if the person is sincerely sympathetic.

During the COVID-19 coronavirus pandemic, the number of customer deception schemes has increased. Banks report to the automated system of the Central Bank data on all attempts at transactions made without the knowledge of customers. The regulator collects data on attacks and forwards them to banks in a generalized file. Such processing of information takes several hours and even days, said Vice President of ABRAlexey Voilukov. And a fraudster sometimes takes about an hour to withdraw money from a card. After that, the bank cannot return them.

To solve this problem, the Association of Banks of Russia (ADB) proposed the Central Bank to create a centralized system for the direct exchange of information about attempted thefts from client cards. This will allow you to speed up the response to theft of money five times and prevent its withdrawal from the account. The time to receive important information can be reduced to 20-30 minutes, the association is sure.^[34]

How in Russia they steal money from Zoom users

On October 6, 2020, it became known about a new fraudulent scheme aimed at users of the video conferencing service. Zoom The company told about the cyber threat. Group-IB More. here

Only 8% of cases of theft of funds from a bank account are revealed

According to the prosecutor's office, every fifth fact of theft in Russia is associated with the theft of funds from a bank account - primarily calls from a fake security service. According to the results of January - August 2020, 10,7200 thefts were detected. This is double last year's figures. Only 8% of such crimes are solved.

A new type of fraud in the Russian Federation - theft of money using fake QR codes

On August 10, 2020, it became known about a new type of bank card fraud in Russia. We are talking about a scheme using QR codes. It was told about in the plot of Channel One.

One of the victims told reporters that she was planted with a leaflet advertising an electronics store, which said that the buyer could get a discount by scanning a QR code.

The phone is hanging,... and at that moment I receive an SMS about debiting all money from my (bank) account, - said the interlocutor of the TV channel, which suffered at the hands of swindlers.

Another victim of such a fraud scheme was a drinking establishment. The bar decided to simplify the procedure for paying for the order for visitors: a QR code was placed on the menu. The attackers pasted their code over the bar code and received visitors' money instead of the establishment. As a result, over the weekend, the owners of the bar lost about 30 thousand rubles - visitors transferred this money to the attackers, according to the plot of Channel One.

In the context of an increase in the number of such crimes in Russia, experts recommend using special applications that weed out "suspicious" QR codes, checking if one is glued to another, or completely refrain from scanning codes that arouse suspicion.

Fraud using QR codes was noticed during the period of self-isolation in the context of the COVID-19 cornavirus pandemic. Swindlers under the guise of social workers turned to bank clients, especially elderly people, with a proposal to "help" issue the necessary permission to move around Moscow and the Moscow region through a QR code. At the same time, the true purpose of the call is to obtain the personal data of the interlocutor for their further criminal use.^[35]

Gref: Cyber fraudsters stole $2,000 from me

At the end of June 2020, German Gref said that once after a foreign trip, cyber fraudsters stole $2 thousand from him. The head of Sberbank managed to return the money, but immediately. Read more here.

Residents of the Voronezh region stole 1.5 million rubles. with the help of "clones" of bank cards

Two residents of the Voronezh region are accused of illegally "cloning" bank cards with which they tried to steal funds from other people's bank accounts. This became known on June 8, 2020.

As reported on the website, with the MINISTRY OF INTERNAL AFFAIRS OF THE RUSSIAN help harmful ON of in 2015-2016, the defendants stole data bank cards information and about accounts belonging to unidentified persons. Then they made 32 duplicate cards and came to the Republic Belarus to cash out with their help. As a result of illegal actions and their to banks clients, material damage totaling about 4 million rubles could be caused. However, ATMs did not always issue money using fake cards, so the attackers managed to steal only 1.5 million rubles.

During the investigation, it was possible to establish the whereabouts of the suspects. They were elected a preventive measure in the form of a recognizance not to leave the place and proper behavior, but one of them violated the condition and fled to Lithuania. Nevertheless, in February 2019, the fugitive was extradited to the Russian Federation and detained.

The defendants are accused of committing crimes under Part 1 of Article 187 ("Illegal circulation of funds for payments"), Part 3 of Article 30 ("Preparation for a crime and attempted crime") and paragraph "b" of Part 4 of Article 158 ("Theft committed on an especially large scale") of the Criminal Code of the Russian Federation.

On June 8, 2020, a criminal case with an indictment approved by the prosecutor was sent to the Novousmansky District Court of the Voronezh Region for consideration on the merits^[36].

Detained 5 suspected of stealing 20 million rubles. from bank cards

On May 27, 2020, it became known that the St. Petersburg police detained five suspects in the theft of funds from bank cards totaling 20 million rubles.

As reported on the website of the Ministry of Internal Affairs of Russia, the attackers sent SMS messages to their victims, which claimed to block the bank card. Fraudsters under the guise of bank security officers offered to "unblock," but for this it was necessary to call the number indicated in the SMS message and indicate their bank details. Thus, the suspects stole funds from cash accounts.

To carry out a fraudulent scheme, members of a criminal group developed special software that generated the numbers of recipients of messages. One of the members of the group provided accomplices with about 5 thousand. SIM cards issued for non-existent persons. Calls came from temporarily rented apartments in St. Petersburg.

During searches in the apartments of the detainees, police officers seized 1.5 thousand. SIM cards, mobile phones, GSM modems and laptop computers.

Criminal cases were initiated on the grounds of crimes under Part 3 of Art. 158 of the Criminal Code of the Russian Federation (theft). Two intruders are in custody, three are under recognizance not to leave^[37].

Three fraudulent call centers in Kyiv "disguised" as Sberbank security services exposed

Ukrainian cyber police exposed three fraudulent call centers that "disguised themselves" as bank security services. Mainly Sberbank.

The attackers called the victims, introduced themselves as employees of the security service of the banking institution and checked out complete information about the bank card details: number, CVV code, validity period. In addition, the defendants encouraged cardholders to install software for remote control of a mobile phone on the phone.

Subsequently, unauthorized debiting of funds from victim cards to controlled accounts was carried out.

Cyber ​ ​ police found that the organizers of criminal activity are three persons - residents of the Dnipropetrovsk and Kyiv regions. Fraudulent call centers, where more than 150 people worked, they placed in Kyiv.

Group-IB revealed the "Double deception" scheme for stealing bank card data

On April 9, 2020, a company Group-IB specializing in prevention cyber attacks reported the spread of a wave of fraud in which users who have already suffered from - Internet criminals are offered to receive compensation for damage, but instead write off money and steal bank card data. Attackers operate under the guise of non-existent organizations - the International Service "Unified Return Center," "National Lottery Commonwealth," "Center for Financial Protection," etc. In addition to the standard attraction of victims through mailing, in to mail or, messengers social networks fraudsters use MEDIA fake ones with interviews of those who have allegedly already received a refund to form trust. CERT-GIB Computer Emergency Response Team - Group-IB continues to block fraudulent resources and encourages users to be vigilant.

Cynicism was getting stronger: they don't beat them in the nose for the survey

Against the background of an alarming news agenda caused by the coronavirus pandemic and financial difficulties in certain business segments, Internet scammers are actively using proven psychological techniques with social engineering. One of the most successful Internet scams remains the Double Deception scheme, which intensified on the Internet this spring.

The essence of the scheme is that people who have once become victims of Internet scammers are offered help in obtaining compensation for damage. The scheme has several scenarios - fraudsters offer to reimburse money for participating in popular fake polls, give away or "unscrupulous" lotteries. In another case, they promise VAT compensation for the cost of buying foreign goods: medicines and dietary supplements, clothing and shoes, food, fuel, building materials, household appliances, etc. Fraudsters actively use the "deceived depositor syndrome" - for example, in the 90s, victims of financial pyramids, succumbing to viral advertising of the return of lost funds, voluntarily carried the remaining money into structures like "MMM" and again turned out to be victims of a scam.

CERT-GIB investigated the infrastructure of one of the fraudulent resources - the International Service "Unified Return Center" (ECP), and discovered a whole network of related sites, including more than 170 domain names registered to the same person. In parallel with the ECN, its clone scheme works: on behalf of the'National Lottery Commonwealth', visitors are promised an insurance payment for the'unfair' activities of lottery organizers.

Trying to avoid blockages, scammers leave the Runet. If two years ago the domain zone ru. only a few sites were registered with the offer of compensation, then at the end of 2019 about 200 domains appeared in the international.xyz domain zone (this is where educational, engineering and legal resources are often registered, - approx. Group-IB) to avoid quick blocking. In March 2020, three dozen new domains appeared under the VAT compensation scheme.

Calculate the payment and you will be happy

The attack, as a rule, begins with mailing in instant messengers, by mail or in social networks. CERT-GIB experts suggest that fraudsters conduct their mailings, both "cold" and targeted, on victims of past scams, since in various schemes (for example, "Rabbit Hole") attackers specifically collect user data - full names, phones or email addresses to use them to re-send spam or links to new fraudulent actions.

In the case with VAT compensation, a more sophisticated promotion model was chosen: fraudsters advertised a fake interview in the local.yandex groups from a specially created clone site of the popular publication Лента.ру: "A 76-year-old pensioner received 170,000 rubles of VAT compensation and spent all the money on a streptizer" (spelling saved). The publication was accompanied by news about the coronavirus, self-isolation and reviews of the "lucky" people who received the money. From the interview, the link led to the landing page, where visitors were offered to calculate the amount of VAT compensation - to the website of the Center for Financial Protection.

The website "Unified Return Center" says that the maximum amount of compensation was 250,000 rubles. In the "lottery scheme," victims of the non-existent "National Lottery Commonwealth" are promised to pay a little more - up to 280,000 rubles, on the website of the "Center for Financial Protection" - up to 300,000 rubles.

To receive a refund for participating in a survey or lottery, visitors need to calculate the amount of compensation by typing the last 4 digits of their bank card (on the website of the Financial Protection Center - 6 digits). According to the legend of the scammers, the return amount is allegedly calculated based on the IP address of the visitor and his location (country, city), which, of course, is a fake.

By introducing fictitious figures, Group-IB specialists found that they could count on a refund of 231,926 rubles (compensation 181,700 rubles + 50,228 rubles "insurance"). The presence of such a "vulnerability" - absolutely any numbers can be introduced - indicates that fraudsters not only lured real victims of past campaigns, but also simply curious visitors who decided to experience fate. It is clear that the payments were approved by absolutely everyone. For greater persuasiveness, numerous positive reviews and "success stories" of those "lucky" who allegedly were able to receive compensation and did not hide their joy were published on the sites..

After calculating and approving the amount of compensation, the user needs to answer the questions of the "lawyer of the insurance payments department." His avatar appeared immediately in the pop-up window of the "chatbot" - the lawyer offered the user to fill out the questionnaire, indicating the name and phone number, and then pay for his "services" for paperwork. Of course, a conversation with a "lawyer" is an imitation of a live dialogue, all messages are a pre-prepared script for a chatbot, which once again testifies to the manufacturability of the invented scheme.

So that the victim does not have a desire to leave the site, the attackers threaten to lose money, referring to a non-existent document - "On Insurance Claims No. 319" p22, according to which, if the deceived user does not receive money within 24 hours, the entire amount will allegedly be returned to the organizers of the Internet survey.

The continuation is classic: to receive compensation, the victim needs to pay a small amount - as a rule, up to 1000 rubles for legal assistance in filling out the questionnaire. By clicking on the link to a new page, the user got to the phishing site. Here, the organizers of "Double Deception" are already requesting bank card details - number, name of the owner, validity period, CVV code. Thus, as in earlier fraud schemes, a small "contribution" is debited from the victim's account, and the bank card data remains in the hands of internet criminals.

Recently, the creation of fake resources, promising a fantastic payment of 200 000 - 500 000 rubles for passing a survey and give away from the Rabbit Hole scheme, filling out a lottery or questionnaire, is a rather profitable business for Internet scammers. Together with the promised payments, they collect from gullible visitors to sites under the guise of taxes, commissions for opening an account or test payments amounts from 350 rubles to 3500 rubles, in parallel steal bank card data. The fraudulent scheme revealed by CETR GIB targets those who, faced with internet surveys, questionnaires or lotteries, have once already lost money and the cynicism of fraudsters in cheating them again. - considers the head of CERT-GIB Alexander Kalinin

Group-IB experts warn that the sites of the Double Strike scheme continue to appear on the Internet: the most active resources, some of which are blocked, some during the blocking process, are listed below:

r24compencationscenter.xyz rmoneybackservice.xyz rvozvratmoment.xyz rcashbackk0.ru rdengikompencation.ru rloteryhappy.ru rvozvratonline1.ru rcashpower.ru rchep1pc.ru rcashe.ru rcsmxpqh.ru rcpi51roc.ru rc0p9xvc.ru rhappywinner2020.ru

Fraudsters who stole 25 million rubles from cards were detained in Moscow

On April 7, 2020, the Ministry of Internal Affairs of Russia announced the detention in Moscow of suspects in the theft of more than 25 million rubles from bank cards. The attackers invested most of the stolen amounts in the purchase of cryptocurrency.

Swindlers called citizens' cell phones and introduced themselves as bank security officers. Then it was reported that a suspicious payment for a large amount is made on the client's card. To stop him, the callers asked to immediately transfer the funds to a reserve account. If the victim carried out this operation, all money was debited from her card.^[38]

The investigative unit of the Investigative Department of the Internal Affairs Directorate for the South-Western Administrative District of the Main Directorate of the Ministry of Internal Affairs of Russia in Moscow initiated criminal cases under Article 158 of the Criminal Code of the Russian Federation (theft).

The suspects were detained, as a result of searches, bank cards, more than 25 million rubles, computer equipment, mobile phones, firearms and documents were seized from them. The attackers are in custody. The police are carrying out a set of measures aimed at identifying all episodes of illegal activities.

The Ministry of Internal Affairs told about one of the cases of fraud with the registration of online loans. On one of the sites, the woman left an application, indicated all personal data. At the end of February 2020, a woman called her, introduced herself as a bank employee and said that in order to receive a loan, it was necessary to make an initial contribution in the amount of over 5 thousand rubles. Then the victim was required to name the details of the bank card and said that it was necessary to pay the insurance part in the amount of more than 13 thousand rubles, the next step was to activate the card, which required an amount of 10 thousand rubles, after which the woman was informed that there was a failure and it was necessary to make a similar amount of funds. Only by the beginning of March did the woman realize that she had been deceived. The damage to her amounted to about 45 thousand rubles.

Central Bank of the Russian Federation spoke about ways to steal money from cards under the pretext of coronavirus

On March 7, 2020, the Central Bank of the Russian Federation spoke about new methods of fraud that are used to steal money from bank cards under the pretext of the coronavirus COVID-19. The schemes are based on the principles of social engineering - psychological methods of luring information from citizens necessary for fraudsters.

According to the Bank of Russia, fraudsters call the victims by phone and promise them "deferrals in the payment of loans, various kinds of compensation, benefits, refunds for air tickets, services for diagnosing coronavirus infection, volunteering." Thus, they are trying to find out the bank card details or password from SMS, as well as independently make a payment to a third-party account.

Attackers also send emails with links to phishing sites. Often these sites fake the brand and corporate identity of financial organizations and structures of the health care system: Ministry of Health, Rospotrebnadzor, Bank of Russia, etc. Thus, users are lured out of bank card information.

In order not to become victims of fraudsters, the Central Bank recommends not to inform strangers and not to enter your bank card data, passwords from SMS on unknown sites, under whatever pretext they try to find out this data.

Deputy Chairman of the Bank of Russia Dmitry Skobelkin, whose words are quoted in the message, noted that the topic of the virus can be used by attackers throughout the pandemic, while new methods of misleading citizens are not excluded. The regulator continues to monitor the situation and is in constant contact with banks and other financial market organizations, he added.

The Central Bank also said that bursts of cybercrime against the background of coronavirus are recorded in other states.^[39]

Typical and atypical deception schemes

As of to data Tinkoff March 2020, there are several typical cheating schemes:

In case of voluntary transfer of funds by the client

Purchases in. InternetThe customer finds an advertisement for the sale of goods or services. Transfers money, scammers stop going to. communication

Purchases on the Internet with form substitution. This scheme is common when shopping on various ad sites. Fraudsters do not ask to transfer money for the goods, but send the client a link with a form for payment - it causes more trust. Using vulnerabilities in the protocol, scammers replace the name of the outlet. The client assumes that he is making a purchase, but in fact transfers money to the card.

"A loved one is in trouble." A relative or friend writes on social networks. He is in a difficult situation and urgently needs money. This is how scammers act by hacking accounts.

When disclosing bank data

Bank Security. The client receives a call or SMS with a request to call back. Fraudsters appear to be the bank's security service, say that an attempt to write off money from the client's account is recorded, find out the card data and confirmation codes and write off money from the account.

Lottery or survey. The client sees advertising on the Internet or targeted mailing: you can get a reward by participating in the lottery or pass a survey. To do this, you need to fill out a small form. The client enters the card data - fraudsters write off funds, or receive data for subsequent attempts at deception.

Sale on the Internet. The customer places an advertisement for the sale of the item. Fraudsters call and find out the details of the seller's card under the pretext of having to make a transfer for the goods. Next, they write off the money from the card after learning the confirmation code from the seller (supposedly it is needed for enrollment). Another option for this scheme is the use of a fake "secure transaction" service on the Internet.

The following atypical deception schemes were also identified in Tinkoff:

Black brokers. The client receives an offer to make money on investments. He contacts false brokers and transfers money to them to play on the stock exchange. The amount in the "brokerage" account begins to grow rapidly. The client wants to withdraw funds, but for this you need to pay an additional commission. He transfers money - scammers disappear.

Remote Access Programs. The "bank security service" is calling: a virus has been detected on the client's device, you need to download the antivirus and scan the gadget. During scanning, the device, allegedly, cannot be used, since the virus can spread further. In fact, the client downloads the remote access program, and during the "check" fraudsters gain access to mobile banking and withdraw the client's funds.

Safe account. Call from "security": there was a data leak, employees were involved in it. It is necessary to withdraw money through the secure ATM of the partner bank and transfer it to a special insurance account.

Another option for this scheme is a scenario where criminals offer to immediately transfer money to an account without withdrawing it from an ATM. A reward is offered to the client for the inconvenience caused. Scammers ask not to turn off the phone during operations. They warn that the "bank" is not responsible for the safety of money under the terms of account service: if they are not withdrawn, they may disappear.

Online dating. On the dating site, the girl offers to go to the movies. Sends a link to the one-day site of the VIP cinema. The client buys tickets, this completes the acquaintance.

Automatic Bank Voice Service. Call from the "bank": the entrance to the personal account from another city or country was recorded. As part of the security measures, it is necessary to name the card number for identification. Fraudsters warn that a code will now be sent via SMS, but it cannot be called to anyone. Then it is switched to voice service. The client trusts the voice of the robot and enters the code in tone mode. Fraudsters change the password and login in his personal account and withdraw money.

In Russia, there is a new scheme for stealing money from bank cards. It's called "White Rabbit"

On March 10, 2020, it became known about the new scheme of theft of money from bank cards, which is gaining popularity in Russia. It is called "White Rabbit" - by analogy with the fairy tale "Alice in Wonderland," as it all begins with harmless steps.

As the head of the innovative brand protection department of Group-IBAndrei Busargin told Izvestia, it begins with the fact that in social networks scammers on behalf of stars or using fake videos in a news format offer a potential victim to take a survey on some branded site, promising a reward.

After passing the survey, people receive a message about winning. The link leads to a site without logos, where a fraudster can ask for a "test" payment for hundreds of rubles, as well as clarify the CVC code or login and password from the Internet bank. This scheme is dangerous because each individual stage is not suspicious and is difficult to track to the bank's security service. Attacks according to this scheme are targeted: information is collected from the client  to the processor, device, Internet provider, language, geolocation, based on which a one-time link is formed for a specific user.

To convince the client, not only stars are used, but videos similar to the television news of the country's main television channels. Sites designed as official pages of government agencies can also be used.

Mikhail Ivanov, Director of the Information Security Department of Rosbank, confirmed to the newspaper that this phishing scheme is known to most credit institutions that constantly monitor social networks, collecting information about new types of cyber threats and frauds, and also control the misuse of the brand.

Vladimir Zhuravlev, director of the information security department of Otkritie Bank, told the publication that the stolen amounts are often small, and the victims then do not always complain to law enforcement agencies.^[40]

Ex-VTB employee and his mother went to prison for bank card fraud worth 57 million rubles

At the end of February 2020, the Angarsk City Court of the Irkutsk Region sentenced a former VTB employee and his mother to prison terms for bank card fraud.

According to Interfax, citing the press service of the court, while working as the head of the sales department of one of the offices of the VTB-24, the accused organized the release of salary and credit cards according to fictitious documents with credit limits set on them up to 300 thousand rubles. As part of this fraudulent scheme, which was implemented from 2013 to 2016, 624 bank cards were issued in the name of 415 fictional citizens.

The mother of the accused withdrew money from these cards at ATMs in Angarsk and Irkutsk, mainly at night, so as not to arouse suspicion. For three years, over 57 million rubles were cashed in this way. For a while, criminals managed to hide their scam by making small credit card payments. The attackers spent the money stolen in this way on their own needs.

As a result, the accused were found guilty under Part 4 of Art. 159 of the Criminal Code (fraud). The ex-VTB employee was sentenced to four years and six months in prison and paid a fine of 300 thousand rubles. His mother was sent to prison for six years, she will also have to pay a fine of 700 thousand rubles. Mother and son will serve in a general regime correctional colony.

The court satisfied the claims of VTB Bank, recovering 56 million rubles from the perpetrators as compensation for damage: apartments, a car, a garage box, mobile phones and watches were seized from the perpetrators. At the same time, as mitigating circumstances, the court took into account the partial recognition of guilt by the defendants, repentance for the deed and partial compensation for damage.^[41]

Fraudsters in Russia began to steal money from bank cards in a new way

On February 0, 2020, it became known about a new fraud in which money from bank cards is stolen from Russians.

As Izvestia writes with reference to the Central Bank of the Russian Federation and representatives of banks, according to the new scenario, swindlers call the victim and tell her that the bank received a statement from her to close the account. When a client denies that he wrote such a statement, attackers offer to withdraw all funds from the card to a "safe account" in order to exclude theft. To do this, they ask for all the details on the map.

According to Vasily Solodkov, director of the Banking Institute of the Higher School of Economics, it is possible that bank customers are specially lured to a certain branch for the purpose of robbery.

Deputy Director of the Department of the Central Bank of the Russian Federation for Information Security Artem Sychev says that the regulator already knows the new scheme of communication between fraudsters and it does not imply any physical contacts.

The press service of Otkrytie Bank told the publication that the new target mechanism does not differ from the previous one, since the main task of criminals is to find out personal data for the withdrawal of funds.

This is a special case of social engineering, which, according to Ekaterina Tikhonova, head of the BCS Premier customer experience department, is today the main threat to bank clients' wallets. At the same time, it is quite natural that fraudsters modify scenarios for communicating with potential victims, she stressed.

The new technique is more dangerous than previous schemes, since some banks sometimes actually call customers to report the closure of the nearest branch, while suspicious transactions with the account are not warned about calls, experts noted. If a call arrives, it is necessary not to inform the interlocutor of the codes for confirming operations, the CCV code and the validity period of the card - all this data can be used to steal funds.^[42]

Every year 1 billion rubles are stolen from the bank accounts of Russians

Every year, about 1 billion rubles are stolen from the bank accounts of Russians, said on January 22, 2020, an expert of the Ural Department of the Central Bank of the Russian Federation, Alexander Salnikov, at a meeting at the Main Directorate of the Ministry of Internal Affairs of the Russian Federation for the Sverdlovsk Region.

He also cited statistics according to which 7 out of 10 adult Russians have at least one bank card. The volume of transactions on card accounts is estimated at 100 trillion rubles. For comparison, the budget of Russia is 15 trillion rubles.

As Salnikov clarified, there are difficulties in an objective assessment of the scale of fraud, because not all victims go to the police. He also noted the tendency to reduce the amount of one crime, but increase their scale.

The representative of the Ural State Institution of the Bank of Russia reported on the active use of the so-called social engineering (manipulation of human behavior using social and psychological skills). The crimes, according to Alexander Salnikov, are based on the leakage of personal data and the lack of understanding among citizens how to store them correctly.

He noted that in just six months of 2019, over 13 thousand offers for the sale of various databases were discovered.

This is exactly the same data about you and me, which are compiled into a variety of collections and are a tidbit for organized communities that in one way or another massively attack our financial resources, "Salnikov emphasized.

Irina Arefieva, head of the public relations department of the Ural Department of the Central Bank of the Russian Federation, confirmed the increase in the number and volume of unauthorized transactions using a payment card. So, in 2018, the volume of such operations increased by 44%, and the number - by 33%, she said, referring to data from FinCERT (Center for Monitoring and Response to Computer Attacks).^[43]

2019

Social engineering techniques

A typical fraud of this kind is as follows: the victim is called by a criminal posing as a bank employee. According to him, the user's money is in danger: they just tried to hack his personal account, funds were withdrawn from the account. The security service is ready to save the situation with the little assistance of the bank's client himself: for example, he should install a remote control program. After that, the fraudster himself gains access to applications and withdraws money from the account. As a rule, criminals call from "bank numbers" using special programs to change the phone, and also tell the victim some personal information to get into trust - such data can be easily bought online.

By contacting the victim, the attackers mislead her and lure out bank details and passwords. Often they even directly ask to make a money transfer. They have a lot of tools: there are cases of deception through SMS messages, social networks, telephone calls. An additional trend is the installation of a remote control mechanism: robbers persuade to download a certain program to the phone and run it, and through it they completely capture the mobile device^[44].

Users on the Internet are promised a large sum for participating in a particular action or passing a survey. But, to get the money, a person must first pay a "commission" or "service fee" (usually the amount is small, so as not to arouse suspicion. After that, the user not only does not receive a win, but also says goodbye to the "commission," and his payment data is in the hands of cybercriminals. Most often, scammers pretend to be large companies and banks, but there are also cases with celebrities.

In 2018, scammers were limited to sending such content mainly through mail. In 2019, they began using other platforms - social networks, video services, blogs, as well as exploiting the names of famous people. Kaspersky Lab analysts included in the top 3 proposals from scammers: large polls from large sponsors, including banks, "like of the year" - a victory in the course of random selection and the return of social charges^[45].

Experts are confident that this popular type of fraud will remain the most common in the near future. According to them, this is due to the fact that such earnings have become the most profitable for criminals - minimum costs at the maximum "income." At the same time, only large banks are ready to track suspicious activity in systems, which unties the hands of attackers.

As Alexey Golenishchev, director of Alfa-Bank's electronic business monitoring directorate, noted, fraudsters are actively exploiting vulnerabilities that telecom operators "presented" to the market in the uncontrolled sale and replacement of SIM cards, and "the banking community is waiting for solutions to protect against fraudulent calls from telecom operators." In turn, Sergey Khrenov, Director for the Prevention of Fraud and Loss of Income of MegaFon, pointed out that today calls with changing the bank's number have been reduced to a minimum, and this problem has been solved by telecom operators. So, MegaFon blocks 300-500 thousand such calls every day^[46]

At the same time, as noted by the head of the revenue guarantee department Rostelecom"" Fedor Kuts, operators can identify fraudulent calls, but cannot block them on their own. Giving telecom operators such powers could be a solution to the problem. Relevant amendments Ministry of Digital Development, Communications and Mass Media are developed jointly with other federal bodies.

However, while there are no legislative amendments, banks themselves need to look for a solution that should be simple and not require unnecessary actions from the client. Experts see a solution to the problem in the use of biometrics.

However, in their opinion, behavioral biometrics as a way to confirm transactions can only be used for active users with a large set of statistics. Photobiometry, which is used by banks in the case of non-standard transactions, for example, the unexpected closure of a deposit or transfer of funds to another bank, has one significant drawback - the photo can be forged. Voice biometrics can be used to confirm the identity of the client, but already when communicating with. call center

Most of the payment data records are compromised in the catering sector (54.3%)

On July 17, 2020, the InfoWatch Group of Companies expert and analytical center published the results of an annual study on leaks of confidential information in the world.

For 2019, the vast majority of PD and payment data records in the industry group under consideration were compromised in the field of trade, and only 2.5% accounted for the total of hospitality and catering. However, if we highlight the compromised payment information in the world (data of debit and credit bank cards), then the picture is different: the largest share fell on the catering sector - 54.3% of records, followed by retail with a share of 44.5%, in third place the hotel business - 1.2%. This situation may indicate serious gaps in the protection of the payment infrastructure by many participants in the catering market. Read more here.

Ministry of Internal Affairs: The number of bank card forgeries in Russia increased by 57.2%

On March 6, 2020, information appeared that in Russia, one and a half times more often began to fake bank cards. Such data for 2019 were provided by the Ministry of Internal Affairs of the Russian Federation.

According to the department, the number of crimes under the article "Fraud" in 2019 increased by 14% (219 thousand). At the same time, the number of bank card fakes increased by 57.2%, seals and stamps - by 15.3%, in the field of car insurance - by 26.7%, RIA Novosti reports with reference to the Ministry of Internal Affairs of the Russian Federation.

In total, fraud accounts for 10.8% of all crimes in Russia. At the same time, more than half of them were committed using information and telecommunication technologies.

Earlier it was reported that fraudsters began to write off accumulated points from bonus cards of Russians more often. Hackers hack into a person's personal account and then pay him with bonuses for their purchases. In 2019, the number of such illegal operations increased several times.^[47]

In 41% of cases, victims themselves transfer money to attackers

March 10, 2020 Tinkoff announced a TAdviser large-scale study of fraud Russian banking in the field. The company's analysts identified the most common methods of embezzlement of funds from customers, the Russian banks calculated the average amount of losses for various criminal scenarios, compiled the Fraud Index for different social groups, and also described typical deception schemes.

The share of fraud using social engineering in 2019 amounted to about 70% of all cases of fraud with real customer losses. Social engineering in this case means scenarios when the client transfers to fraudsters on his own or provides them with payment data of his own free will.

For two years, the share of social engineering in the total structure for all types of fraud increased almost 2 times - at the beginning of 2018 it was 36%.

According to the beginning of 2020, 41% of all cases of successful fraud are social engineering schemes, in which clients independently transfer money to cybercriminals. In 2019, the share of such scenarios in the overall structure of fraud doubled, in 2018-2019 - quadrupled.

In 29% of all successful cases of fraud, bank customers themselves disclose bank card data and SMS codes to fraudsters, with the help of which the attackers themselves write off the money.

12% of fraudulent cases occur in friendly fraud, when friends or relatives of customers fraudulently access their card data or smartphones. Another 11% are transactions without the presence of a card, which are carried out in retail outlets that do not require SMS codes for payments.

A share of 7% is occupied by cases of fraud with stolen or lost cards. Skimming (using special technical devices to read customer card data) - has practically disappeared from the market due to the high cost and complexity for fraudsters. Its share in the total structure is about 1% as of March 2020.

Social portrait

Floor

43% of all cases of successful fraud fall on women (the average check is 12,700 rubles), 57% - on men (the average check is 11,600 rubles).

Men also transfer money more often of their own free will than women (59% vs 41%). At the same time, women more often independently provide data to fraudsters in social engineering scenarios (SMS codes and card data) - 58% of cases and 42% in men.

Age

Most often, bank clients in the age category of 28-37 years become victims of fraud - they account for 39% of all successful cases of fraud with an average check of 10 thousand rubles.

Fraud Index is an indicator that characterizes the exposure of a social group of customers to fraud. To calculate it, analysts chose the category with the lowest fraud rates per total number of customers and assigned it a unit. The remaining categories belong to it in direct proportion. For example, in the 1.30 category, customers fall victim to scammers 30% more often than the 1.0 group.

The most vulnerable group of customers is 18 to 22 years old. So, for example, they become victims of intruders 60% more often than clients in the group from 48 to 62 years old. People from 68 to 72 years old - 40% more often, from 23 to 27 years old - by 35%.

Young people are much more likely than mature and older clients to transfer money to fraudsters voluntarily. For example - for the purchase of non-existent goods on the Internet or under the pretext of a "profitable" investment. So, for example, Fraud Index in the category of 18-22 years is 4.37.

Age clients, on the contrary, more often provide attackers with SMS codes and card data: older clients are easier to deceive than middle-aged people. The higher the age, the higher the Fraud Index for this social engineering scenario.

Education

Clients with higher education education fall victim to scammers as often as those with primary and secondary education. Clients with advanced degrees are 1.5 times more likely to be targeted by criminals than those with higher, primary or secondary education. People with two or more higher educations are 30% more likely.

At the same time, people with primary and secondary education most often disclose to cybercriminals the data of SMS codes and cards. But clients of banks with a degree most often independently transfer money to criminals - for example, 2.3 times more often than clients with primary and secondary education.

Marital status

Married people are less susceptible to fraud, a study has found. Single and unmarried, as well as divorced and widowed clients become victims of criminals more often by 40-50%.

People who are officially married tend to have a shared family budget - unlike many couples living in a civil marriage. They often consult on financial issues with spouses and both can influence their decision.

Channels of interaction between customers and fraudsters

Different scenarios of social engineering are characterized by their own schemes for fraudsters to reach customers of Russian banks.

So, for example, in scenarios when clients disclose SMS codes and card data, in 83% of cases, attackers call their victims by phone, and in 17% of cases they find them in instant messengers, lure them through ads, by email, etc. The average check for phone fraud for such scenarios is 34,000 rubles, for other channels - 16,000 rubles.

In schemes related to voluntary transfer of funds, the structure is different: in 32% of cases, clients of Russian banks and fraudsters find each other on social networks - for example, sell or buy goods on the Internet. In 31% - as a result of searching the Internet - for example, they fall for promises of easy earnings on the network. The telephone channel here accounts for only 16%, the other channels - 21%. The average amount of losses in these channels is: 5,500 rubles. (social networks), 14,500 rubles. (Internet search), 59 thousand rubles (phone), 13,600 rubles. (ads, instant messengers, e-mail, etc.).

Prevalence of fraud schemes

In 42% of cases when fraudsters try to lure out SMS codes and card data from customers, they are presented by the security service of third-party banks - that is, not the bank whose card they plan to perform operations on. In 25% of cases, they are submitted by the security service directly to the bank, on the card of which they will subsequently request information. 11% of fraudulent cases occur in schemes with the purchase and sale of goods on the network. 22% - for other scenarios (investments, winnings, poll fees, etc.)

52% of cases when customers of Russian banks transfer money voluntarily fall on schemes with sales of goods on the network. For example - fraudsters direct their victims to fake payment gateways when trying to conduct a deal on large classifieds.

Scenarios with calls to customers of Russian banks with number substitution according to data at the beginning of 2020 have sharply decreased - their number has decreased 10 times compared to the beginning of 2019 and is now about 5% of all cases using social engineering. At the beginning of 2019, the share of cases with number substitution from all social engineering was about 18-20%

Average amount of fraud

The average check of successful fraud per client (may include several transactions) at the end of 2019 amounted to 9,300 rubles. Over the year, this amount decreased by 13%.

Customers lose the most money when they provide card data and SMS codes - about 27,700 rubles. The least fraudsters steal using online stores that do not verify customers - 4,300 rubles.

In 2019, the share of cases with voluntary transfers to fraudsters increased, the share of the rest fell. There are several reasons for this. The main thing is that banks learn to react quickly and prevent theft. Tinkoff introduces modern technologies and adapts to an aggressive criminal environment. But banks still don't have enough tools to stop defrauded customers from transferring money to criminals. Fraudsters use techniques of psychological pressure, which is why a deceived client independently transfers money to them. There are cases when bank employees consider transactions suspicious and contact the client for confirmation, he can mislead them by acting on the instructions of fraudsters. The client understands his mistake only when the money can no longer be returned. What technologies we use: Machine Learning. Tinkoff, using algorithmic machine learning, tracks transactions that are atypical for the client. More than 300 features can show that the operation is not performed by the client. In this case, the client is contacted by the security service. In 2019, we began to gradually introduce machine learning into the anti-fraud system and became 40% better at preventing fraud cases when a client discloses card data. Plus, by 35%, we have lowered the level of 'needlessly disturbed customers'. Digital fingerprint technology of the device (fingerprint). Identifies the device with which the client uses Tinkoff services. This allows you to determine when the services are used by another person. Based on this data, additional methods of authenticating payments and logging into your personal account are used. Cross-channel event monitoring in 24/7 mode. The anti-fraud system checks all customer operations in real time. It takes into account the activity of customers in all channels: in online banking, mobile application, when paying with plastic cards, etc. For suspicious transactions, the bank's security service contacts customers within 1-2 minutes. Geolocation in the antifrod system. As part of this technology, trusted coordinate clouds are compiled for each client - operations in these areas are considered less risky, said Aleksei Baklanov, Head of Fraud Prevention and Claims Management at Tinkoff

Ministry of Internal Affairs of the Russian Federation: bank card forgeries in 2019 increased by 57%

In 2019, the number of cases of bank card forgery in Russia increased by 57.2% compared to 2018, the Ministry of Internal Affairs of the Russian Federation reported.

According to him, one of the most popular ways to steal money from bank customer accounts is the method of social engineering, when attackers deception during a conversation with a victim recognize SMS codes to gain access to savings.

Another popular way is to infect an electronic device (smartphone or PC) with virus programs to access remote banking services . The virus is often contained in messages from unfamiliar numbers.

If the money is written off, an algorithm for the actions of the victim has been developed. It is necessary to immediately stop any actions with the cell phone, disconnect it, remove the SIM card. Ensure the safety of the phone as a possible means of committing a crime, - said the Ministry of Internal Affairs.

There you need to request details of the settlement account. It will show which bank the scammers transferred funds to. You should submit an application there to suspend the payment and return the money.

On the same day, the victim must report the theft to the Ministry of Internal Affairs. Documents confirming the fact of withdrawal of money should be attached to the application: an account statement, a certificate from a credit institution, etc.

According to the department, the total crimes under the article "Fraud" in 2019 increased by 14% - 219 thousand. Crimes are gradually moving into this area - they make up 10.8% of all illegal actions committed, the Ministry of Internal Affairs told RIA Novosti.

More than half of all frauds committed are crimes using information and telecommunication technologies. The Ministry of Internal Affairs said that the number of counterfeits of seals and stamps increased by 15.3%, and in the field of car insurance - by 26.7%.^[48]

Ministry of Internal Affairs: the number of cases of fraud with the use of payment cards increased by 280%

According to statistics from the Ministry of Internal Affairs of Russia, the number of cases of fraud using payment cards in the country increased in 2019 by 280% compared to the same period in 2018.

Also in the materials of the Ministry of Internal Affairs it is noted that the total number of crimes using payment cards amounted to just over 16 thousand.

In total, according to the department, since the beginning of 2019, about 300 thousand crimes committed using the Internet have occurred in Russia, a quarter of which are using the phone. This is almost 70% more than in 2018. The largest increase was recorded in the cities of St. Petersburg, Kaliningrad, as well as the Republic of Kalmykia.^[49]

Sberbank named the most popular schemes for stealing money from cards

On December 6, 2019, Sberbank named the most popular schemes for stealing money from cards. All of them are related to telephone fraud, the volume of which, according to the largest credit institution in Russia, has increased 15 times since 2017.

The most common method of deception is that the swindlers, posing as security officers, inform the victim about the allegedly suspicious operation with the card, and then ask to name its full data, the security code on the back of the card and the code from SMS. With such a call, customers are advised not to perform any operations on the instructions of the caller. At the same time, as soon as the interlocutor asks to provide the data of the card or Internet bank, it is worth immediately ending the conversation, Sberbank said.

Also, fraudsters often imitate a "call from a buyer" on an advertisement posted by a client and for payment asks to indicate not only the card number, but also its security code or code from an SMS message. To pay a real buyer, you only need a card number or a phone linked to it, the bank warns.

In addition, an attacker can impersonate an employee of a brokerage or dealer company and offer to invest money with high returns. As soon as the client agrees to open an account and transfers money to the fraudster, he simply disappears, and the money cannot be returned.

Sberbank recommends that its clients, before making any transfers, check the company's license on the Central Bank website , as well as check who owns the details - the account of these brokerage or dealer companies must belong to a legal entity.

Another method used by phone tricksters to steal money from a card is online surveys they conduct allegedly on behalf of the bank. For its passage, the interlocutor promises to transfer a monetary reward to the card.^[50]

The card in the ATM is left on purpose: in Russia they began to extort money in a new way

At the end of November 2019, it became known about a new way to steal money from bank cards in Russia. Fraudsters allegedly accidentally forget the card at an ATM and ask it to pull out a person who turned out to be nearby. After he returns the card, the attacker checks its balance and claims that money has disappeared from his account and demands that the amount be returned.

The fraudster begins to threaten, which will call the police, as fingerprints remain on the card, the one who pulled it from the ATM. At the same time, a witness to the process is found in the queue, which confirms the version of the attacker.

Lawyer, retired Interior Ministry colonel Yevgeny Chernousov, in a conversation with Izvestia, compared this method with a scheme with a thimble game, where there are also witnesses and an actor, and a scene is also played out. He says that usually scammers prefer to operate at ATMs when they have some people going. Potential victims, he said, are chosen by their appearance, such as lonely elderly people. Most often, Chernousov said, people prefer to give money, since fraudsters call small amounts - about 5-10 thousand rubles.

A frightened bank client prefers to withdraw money and give it so as not to deal with the police. However, experts interviewed by  the publication advised residents of Russia who found themselves in a similar situation not to succumb to psychological pressure.

Nothing terrible happened. There is no need to succumb to psychological pressure, even if your prints are on the map. Calmly call the police. Remember that  ATMs have cameras, and all transactions on a specific card are recorded by the bank. In other words, fraudsters will not be able to prove your alleged "guilt." Most likely, they will hide even  before the arrival of the police, - Nikolay Sokolov from   BCS Premier is sure. [51]

A new way of stealing money from bank cards has appeared in Russia

In mid-November 2019, it became known about a new method of stealing money from bank cards in Russia. Fraudsters withdraw funds using online services to send money from card to card (card2card system).

Using a card2card scheme, attackers enter the card data from which they want to debit funds and the account to which they intend to credit them. After that, they call the cardholders under the guise of bank security officers and ask to name the code from the message. As a result, the funds end up on virtual cards like Yandex.Money, QIWI or Webmoney.

According to a Izvestia source in the information security service of one of the regional banks, if in 2018 there was not a single case of theft of money through card2card, then in 2019 this happens up to four times a month.

According to the publication in the press service of Sberbank, in 80% of cases, fraudsters who manage to steal money from someone else's card using social engineering methods transfer them to virtual "plastic."

According to Ilya Suloev, deputy director of the information security department of FC Otkritie, this method of stealing money from cards is explained by the simplified identification of the client and the availability of ways to bypass it to gain access to financial services by third parties.

The newspaper reports that in judicial practice there are cases when, with the participation of banks, the affected client manages to return the money. At the same time, due to the fact that fraudsters use electronic means of payment for various services, they have to spend more time searching and returning money.

The technical director of DeviceLockAshot Hovhannisyan noted that previously the most popular ways to cash out among fraudsters specializing in stealing money from plastic cards was to buy things in foreign online stores to the address of intermediaries.^[52]

Visa: Bank card fraud in Russia is one of the lowest in the world

The level of bank card fraud in Russia is one of the lowest in the world, said Evelina Nechiporenko, head of the risk management department of the Visa payment system in Russia, on the air of the Fears/Errors podcast in mid-October 2019.

We have statistics on Visa cards, and Russia actually... she has excellent statistics on the level of fraud, one of the lowest. We explain this by the good work of our banks, which conduct both explanatory work with their clients and work on information security, protection of their systems. It also plays a very big role, "she said.

According to her, people often leave their data themselves on the sites of scammers. These are sites offering a lottery, sites with draws of some prizes, sites with some profitable offers at a very low price of goods, when people try to "stick" to some very profitable offers.

For example, fraudulent sites are used to collect data about phones, about cards and all other personal information and payment information, the expert warned.

As Nechiporenko noted, banks already know how to independently defend themselves against hacks and cyber attacks. If the bank's client suspected that fraudsters were trying to contact him, you need to immediately call the bank at a well-known phone number. Bank employees never ask for a card number and CVV code.

A Visa spokeswoman stressed that fraud has gradually turned into social engineering. Sometimes, people do not even suspect that they are talking with fraudulent call centers.

According to the Prosecutor General's Office of the Russian Federation, from the beginning of 2019 to October, more than 18.8 thousand crimes in the banking sector were registered in Russia, the damage exceeded 154 billion rubles.^[53]

Kaspersky Lab warned of viruses at ATMs that steal money

At the end of September 2019, Kaspersky Lab announced a new virus that attackers install in ATMs to steal money from bank cards. Read more here.

Cashier remembered 1,300 bank cards and paid for their purchases

On September 9, 2019, it became known about the detention of the cashier of one of the stores in Japan, Yusuke Taniguchi, who, thanks to his photographic memory, remembered the data of more than 1,300 credit cards and then used it for his purchases. Read more here.

Siloviki most often become victims of fraudulent lotteries

Middle-aged men with experience in law enforcement agencies are most often victims of bogus lottery fraud, when a person is asked to provide bank card details to win. This was announced on September 5, 2019 by the First Deputy Director of the Information Security Department of the Central Bank of the Russian Federation Sychev at the autumn session of the Ural Forum for Information Security of the Financial Sphere in Moscow.

This "wiring" is very simple: take part in the lottery - you will receive a prize. You will not believe it, but in this age category, men, especially those who somehow had to do with power structures, come across much more often than everyone else. It's funny when a man, a respected colonel, says: "I know, damn me, I pulled one and a half thousand to give all the data of my card."

He noted that Internet scammers began to choose more often as a potential victim of people aged 32 to 48 years - that is, "economically active" citizens who may have a large amount in their account. Because older people usually keep funds on deposits, and they have little money on the card.

Callers are sitting on a percentage, so it is important for them that the amount of money withdrawn is large. Guess what population the amount on the account at the moment may be large? Only economically active, - explained the representative of the regulator.

At the same time, 65% of victims of social engineering are women of economically active age, because at the time of calling by scammers they are more busy with business.

These are women who have children, and, as a rule, are young. Moreover, women are active, their head still hurts about work. Or married - they still have a head about the house hurts. Or these are unmarried, which means that the problems of the actual personal order, - said Sychev.

How scammers deceive Russians on the phone by pretending to be state attorneys

In early September 2019, the Russian Ministry of Justice warned of a new type of telephone fraud. Criminals call citizens allegedly from the official numbers of the Ministry of Justice and, under the guise of civil servants, extort money from bank cards.

Unknown persons call the Russians and, posing as investigators of law enforcement agencies or other state bodies of Russia, report the possibility of reimbursing the cost of lawyer services, as well as receiving moral compensation for purchased falsified dietary supplements.

Fraudsters offer people to send an application to the Ministry of Justice or other departments with a request to provide a free state lawyer for the criminal process, after which the "defender" calls them. With the help of special software, its number is displayed as that of the Department of Justice.

The fraudster, who presented as a lawyer, under various pretexts reports that it is necessary to transfer money to him through payment systems, including through the fast payment system.

The Ministry of Justice noted that they received over 3 thousand applications from citizens from various regions of Russia with a request to provide a free lawyer. The Investigative Committee also receives numerous statements of similar content. The established damage from such scams by September 3, 2019 is not called - the police understand the situation, the Prosecutor General's Office is monitoring the investigation.

The department warns that persons offering to send funds to the accounts of courts and other state institutions through fast money transfer systems cannot be employees of the Ministry of Justice and other federal executive bodies of the Russian Federation, as well as law enforcement agencies performing their official duties.^[54]

Member of the hacker group TipTop, which crumbled funds from bank cards, sentenced to 2 years in prison conditionally

On August 28, 2019, the company Group-IB announced that Chuvashia it had sentenced a member hacker of the group, for several years attacking clients of the largest. the Russian banks The group, which received the working name TipTop, committed theft of funds bank cards from citizens using the harmful program. The member of the group was detained as a result of a special operation of the "K" department Ministry of Internal Affairs for the Chuvash Republic together with the "K" Department with Ministry of Internal Affairs of Russia the assistance of Group-IB experts. More. here

Calls on behalf of well-known analysts in Russia began to be used to steal money

At the end of August 2019, it became known about a new phone fraud scheme. Attackers appear to be well-known financial analysts and lure money from citizens.

About this fraud Kommersant told in large. banks At the same time, they did not name the experts whom the scammers impersonate, because they fear more damage to their reputation. It is only known that we are talking about analysts who often comment in the media. After hearing a familiar name, people begin to trust the swindlers.

Judging by the complaints, basically two schemes can be distinguished. The first is the transfer of funds to the brokerage accounts of pseudo-investment companies, whose name is similar to the well-known one. For example, in the non-existent Alfakapitalkapital, consonant with Alfa-Capital Management Company. After the money is transferred, the analyst disappears, and the account is not owned by the specified company.

As part of the second scheme, they called those who had already invested in a pseudo-investment platform and wanted to return them. "Analyst" promised "the safety of the procedures performed in the process of forming an account, the safety of the client's finances and ensuring trading operations in the accounts of a broker working under the legislation of the Russian Federation and licensed by the Central Bank." At the same time, the caller argued that the withdrawal of money is possible only through a Qiwi wallet, and said that 50-100 thousand rubles should be transferred to this wallet .

According to Maxim Kovyazin, senior investment consultant at BCS Broker, such calls spoil the reputation of companies and analysts themselves, since not only novice investors can become victims of such deception. Anastasia Baykova, head of the analytical department at Raiffeisen Bank, noted that financial analysts never contact private clients by phone.^[55]

Fraud with cards and online banking in Russia has become 8 times more

In the first half of 2019, 6613 criminal cases of fraud related to electronic payments were registered in Russia (Article 159.3 of the Criminal Code of the Russian Federation), which is 8 times more compared to the same period in 2018. This is evidenced by the statistics collected by the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia and published on August 20, 2019.

In addition, in the first six months of 2019, the number of registered crimes increased by 28% (to 4441) under the article on fraud in receiving payments.

As a fraud with electronic money, any illegal actions are usually considered, primarily non-cash transfers. Among the common types of attacks, the leading antivirus expert of Kaspersky Lab, Sergei Golovanov, calls phishing, social engineering, banking Trojans and attacks on Internet banking systems.

Natalya Ryabova, deputy head of the legal service of the business ombudsman's office, linked the increase in the number of crimes under Article 159.3 of the Criminal Code with the intensification of fraudsters in the field of electronic payments and the decision of the plenum of the Supreme Court of November 2017, which explained the peculiarities of the application of the article on fraud.

Perhaps law enforcement agencies more clearly understood what is understood by this composition, and more actively began to apply this article, - said Ryabova.

Oleg Nikulenko, a lawyer for the Ekkorp-Zashchita Bar Association, says that Article 159.3 of the Criminal Code of the Russian Federation does not include withdrawing money from an ATM from a stolen or forged card and withdrawing money from a card if the victim herself reported a pin code from her. The expert added that the article applies to the theft of money using a stolen or forged card, when this card is presented to a bank or store employee. The fraudster is waiting for up to ten years in prison when committing a crime by an organized group or on an especially large scale.^[56]

Fraudsters came up with a new way to deceive Russians by phone on behalf of banks

On August 12, 2019, it became known about a new method of bank card fraud in Russia. Attackers do not ask victims of personal data and thereby do not arouse suspicion.

According to Rossiyskaya Gazeta, the attackers in a telephone conversation introduce themselves as bank employees and inform users that their funds are trying to unauthorized withdraw from an account in another region.

Fraudsters tell the victim that they have blocked an attempt to write off money, and offer to check devices that have access to a personal account. They then find out if the client is using a device running Android or iOS. After that, attackers offer to help disable a system that the client does not use using the TeamViewer access delegation program.

This software allows you to connect to a smartphone by a special number (ID) and perform any operation on behalf of the owner. The chances of proving a hacking attempt are minimal, since the user provides access voluntarily.

The Rossiyskaya Gazeta correspondent did not install a third-party application, but instead filed an application for suspected fraud with the Main Investigation Department of the Ministry of Internal  Affairs. Three days later, the journalist's appeal was redirected to the Bureau of Special Technical Measures of the Main Directorate of the Ministry of Internal Affairs. A few days later, a certain employee contacted a reporter to clarify the address of residence.

Reports of new fraud schemes appear regularly, and in most cases criminals try to take advantage of the inattention and gullibility of citizens. According to the Central Bank of the Russian Federation, in almost every third case, Russians lose funds in their accounts due to their own carelessness when handling Internet services and mobile devices.^[57]

Central Bank spoke about a new fraud when transferring money through an ATM

On July 5, 2019, the Central Bank of the Russian Federation spoke about a new type of fraud when transferring funds through an ATM. This method is based on the "imperfection of the scenarios for processing transfers" and is associated with the transfer of money from card to card, according to the review of the  Center for Monitoring and Responding to Computer Attacks in the Credit and Financial Sector (FinCERT - a structural unit of the Bank of Russia) for 2018. 

The person selects a transfer from the client to the client (P2P) at the ATM, after which he dials the recipient's card number. The bank then sends authorization messages to the receiving bank and the sending bank. The client is almost simultaneously notified of the approval of the transaction from both banks.

An actual transfer is then made when the balance on the recipient's card is increased. The transfer amount is frozen on the sender's card at this time.

The ATM then "asks" the sender for consent to charge the transaction fees. The sender does not agree, so the initiating bank sends a return message to the sending bank and the receiving bank, - explains the Central Bank.

The funds frozen on the sender's card are unlocked, but by this time the recipient has time to withdraw the funds sent to him.

To minimize the risks of attacks, the Central Bank recommended checking the correctness of ATM scenarios, first of all, sending a message about the return of funds to the sender's bank should occur only after the successful completion of the return operation towards the recipient's bank.

The FinCERT report also states that in 2018, hacker groups Cobalt (also known as Carbanak and FIN7) and Silence managed to steal more than 58 million rubles from Russian banks. This is more than 17 times less than the results of 2017 - then FinCERT reported on the losses of Russian banks in the amount of more than 1 billion rubles.^[58]

In Khabarovsk, a fraudster stole money from bank cards in an unusual way

In May 2019, information appeared that officers of the Russian MIA Administration for the Khabarovsk Territory detained a 23-year-old native of Nikolaevsk-on-Amur, suspected of involvement in a series of thefts from bank accounts of citizens^[59].

According to the report^[60] of the press service of^[61], the attacker acted in different areas of the city, mainly in large shopping centers and in stores. He chose ATMs where there were small queues, and then, using a contactless bank card, transferred money to a phone number, but did not complete the operation and left. The person following the fraudster inserted his bank card and the system automatically completed the previous operation and debited the specified amount from the victim's account.

In the future, the suspect, through electronic payment systems, transferred the stolen funds to his account or to a friend's card and cashed out.

During the search at the place of residence of the suspect, bank cards, electronic media, SIM cards, as well as mobile phones were seized. The preliminary amount of damage is estimated at 50 thousand rubles. A criminal case was initiated against the young man under Part 3 of Art. 158 of the Criminal Code of the Russian Federation ("Theft"). The article provides for a maximum sentence of up to 6 years in prison.

2018: Bank card theft became a separate crime

The State Duma adopted a bill toughening the punishment for theft of funds from bank cards in the second, final reading. Theft of funds from bank cards will now be considered fraud - the corresponding amendments will appear in the Criminal Code of the Russian Federation. For such a crime, violators face up to 6 years in prison^[62].

To avoid severe punishment to this day, the attackers wrote off the money in small amounts, however, the total amount of theft becomes comparable to serious crimes, in connection with which the deputies decided to toughen the punishment and make it criminal.

In addition, if fraudsters use someone else's electronic means of payment when stealing funds, they will face up to three years in prison for such an act.

2017

The Supreme Court of the Russian Federation explained the intricacies of the qualification of bank card fraud

Supreme Court of the Russian Federation explained to the judges how cyber fraud and bank card fraud should be qualified. The Plenum of the Armed Forces of the Russian Federation issued a resolution "On judicial practice in cases of fraud, misappropriation and embezzlement," which for the first time explains in what cases and how the new articles on fraud added to the Criminal Code of the Russian Federation in 2012 should be applied, the TASS^[63] of the Russian^[64] in November 2017^[65]

The article "Fraud in the field of computer information" (159.6 of the Criminal Code of the Russian Federation) provides for the use of software or software and hardware to influence servers, computers (including portable ones) or information and telecommunication networks in order to illegally seize someone else's property or obtain the right to it. Such actions should be qualified additionally under the articles of the Criminal Code on unlawful access to computer information or on the creation, use and distribution of malware.

The use of other people's credentials is subject to qualification under the article "Theft." The use of other people's credentials means the secret or fraudulent use of the victim's phone connected to the Mobile Bank service, authorization in the Internet payment system under stolen credentials, etc.

As an ordinary fraud provided for by Art. 159 of the Criminal Code of the Russian Federation, theft of property should be considered by disseminating deliberately false information on the Web (creating fake sites, online stores, using e-mail).

The article "Fraud using payment cards" (159.3 of the Criminal Code of the Russian Federation) should be resorted to in cases where the fraudster posed as the true owner of a bank card when paying for purchases or banking operations. Cashing funds through ATMs qualifies as theft.

As explained in the resolution of the Armed Forces of the Russian Federation, theft of non-cash funds with the help of the owner's personal data, password, card data obtained by the criminal from its owner by deception or breach of trust should also be considered by the court as theft.

The manufacture, storage, transportation of fake payment cards, technical devices and software for illegal reception, issuance, transfer of funds should be considered a preparation for a crime (if the crime was not committed for reasons beyond the control of the attacker).

The sale of unsuitable fake payment cards, technical devices and software, allegedly to steal money, is regarded as fraud or petty theft.

The manufacture or purchase of fake bank cards for the purpose of theft on a large or especially large scale without bringing intent to the end (for reasons beyond the control of the attacker) is both preparation for theft and the completed crime provided for by Art. 187 of the Criminal Code of the Russian Federation ("Illegal circulation of payment funds").

The State Duma will increase the term of imprisonment for theft of funds from bank cards

The State Duma of the Russian Federation in October 2017 adopted in the first reading amendments to the Criminal Code (Criminal Code), establishing a separate punishment for theft of funds from a bank account and electronic money. According to the bill, the punishment for such a crime can be changed from the current four months to three years in prison.

The corresponding bill was introduced by a group of deputies headed by the chairman of the committee of the lower house of parliament on the financial market Anatoly Aksakov ("Fair Russia").

The document provides for amendments to Article 159.6 of the Criminal Code of the Russian Federation (Fraud in the field of computer information) of qualifying signs - theft of funds from a bank account, as well as electronic funds, as well as amendments to Article 159.3 of the Criminal Code of the Russian Federation (Fraud using electronic means of payment).

In particular, it is proposed to consolidate responsibility in the Criminal Code of the Russian Federation for "theft of someone else's property committed using a fake or another person's electronic means of payment, including a credit, settlement or other payment card, by deceiving an authorized employee of a credit, trade or other organization." The maximum penalty for this crime must be increased from the current four months to three years in prison

The initiative also provides for a decrease in the threshold values ​ ​ of large and especially large damages for crimes provided for by these articles (250 thousand rubles and 1 million rubles, respectively). According to the current criminal legislation, the maximum punishment for embezzlement of funds from a bank account on an especially large scale is 10 years in prison.

2016

Theft from bank cards is feared by 65% of Russians

According to VTsIOM, 65% of Russians are wary of the possibility of stealing their funds and personal information from electronic accounts and bank ^[66]

Experts from the All-Russian Center for the Study of Public Opinion also found that plastic users are afraid of losing money due to information spread by cybercriminals via SMS or e-mail (56%).

In addition, every third Russian has faced illegal actions related to cellular communications and Internet services. The highest proportion of such cases among young people (36% of 18-34-year-olds), Muscovites and Petersburgers (37%), active Internet users (38%) and residents of medium-sized cities (43%).

Only 36% of respondents experience a sense of security when using bank cards, 58% rather feel defenseless.

Bank card hacking prices

Dell SecureWorks, which specializes in assessing and analyzing the information security of computer systems, published a price list for hacker services around the world in the summer of 2016.

"Services" for hacking bank cards fell significantly in price. So access to Visa and Master Card cards of an American bank will cost $7, a European bank - $40. Hacking the Premium Visa and MasterCard credit card will cost $30-80.

The scale of unauthorized bank card transactions is impressive - in 2015 there were completely more than 260 thousand fraudulent transactions in Russia in the amount of 1.14 billion rubles.

See also: Prices for user data in the cybercriminal market

2015

Credit card fraud in Britain has risen

According to Experian in Britain, the level of current account fraud in 2015 increased more than 2 times, from 73 for every 10,000 applications in January to 156 for 10,000 applications in December. The rise in current account fraud has also contributed to a shift in the relationship between first-person fraud and identity theft. At the beginning of 2015, 51% of applications for all financial products recognized as fraudulent and rejected were classified as first-person fraud, and 49% as an attempt to steal personal data (third-party fraud). By the end of the year - this ratio has changed significantly - in December, personal data theft accounted for 59%.

Credit card fraud in January 2015 amounted to 36 for every 10,000 applications in Britain, but increased to 55 per 10,000 applications during the year. Similarly, insurance policy fraud was 37 for every 10,000 claims at the start of the year, but rose to 68. As with current account fraud, credit card fraud was largely linked to identity theft.

"Current

account fraud came to the fore in 2015. The main role in it was played by criminals stealing personal data. The positive aspect is that the published figures relate to detected and prevented fraud, that is, they indicate the reliability of systems that protect financial products, - comments Frolova Natalia, Marketing Director of Experian, Russia and the CIS. "However, we all still need to be vigilant and try to follow the not so difficult rules for maintaining the security of our personal data."

How to protect yourself from identity theft

• Always vomit or otherwise destroy unnecessary documents containing your personal data, in no case throw them away in their entirety.
• In no case should you respond to "cold calls" and electronic messages in which you are asked to provide account details, PINs, passwords or personal data.
• Don't share too much information on social media, such as pet names, which you can use as passwords.
• Regularly monitor your mail to know when to expect important financial or other documents that may contain your personal data and take action if they are not available.
• When moving, do not be too lazy to reach the mail and warn them about the need to forward your mail.
• Always use strong unique passwords for as many Internet accounts as possible, and ideally an individual password for each of them. As a last resort, come up with unique passwords for each type of service provider, such as financial institutions, online retailers and email.
• Do not store your login and password on your smartphone: in an e-mail message, as a note, or for "automatic filling" when opening an Internet site or application. This information will become a gold mine for scammers if your phone is lost or stolen.
• Don't be too lazy to check bank and card statements for suspicious transactions.
• Check your Credit history regularly: all your credit activities are indicated there, so you can identify expenses that are not related to you.

2013: Russia leads in terms of growth in losses from bank card fraud (+ 27% per year )

Russia ranked first in Europe in terms of the growth rate of losses from fraudulent transactions with bank cards in 2013. The volume of these losses in Russia in 2013 increased by 27.6% compared to a year earlier and, accordingly, 10 times in comparison with the data of 2006, and by 365% - 2008.

In terms of the volume of these losses, which increased by 22.5 million euros and reached 104.1 million euros last year, Russia is in fourth place among 19 European countries. She is ahead of her:

• Britain (€534.9m),
• France (€428.9m) and
• Germany (€116.3 million).

These are the data presented on the interactive map"The Evolution of Card Fraud in Europe 2013" developed by FICO.

At the same time, in Russia, card fraud in the so-called Card Not Present method is much lower than in Western European countries (in our country its share is only 3% of losses). One third of Russian losses (1683.8 million rubles) falls on Counterfeit Cards and about the same (1599.4 million rubles) - on Lost and Stolen. Fraud in the ID Fraud method in Russia brought losses in the amount of 685.2 million rubles.

"FICO notes that in conditions where the market is not yet saturated and the distribution of cards in Russia continues, the threat of fraud is not so obvious - but the speed with which losses from it increase is alarming. FICO experts warn that when the growth rate of the card market aligns and losses increase, the decision to implement anti-fraud developments may be late - after all, it can take six to eight months to install and obtain a result, "says FICO head in Russia Shtemanetyan Evgeny

.

In 2013, cumulative losses from card fraud in 19 European countries totaled €1.55 billion, even slightly exceeding the 2008 figure, when the last peak was observed.

See also

• Hacking ATMs
• Misseling (bank deception)
• Email fraud (business email compromise, BEC, invoice fraud)
• Fraud in advertising
• Cryptocurrency fraud

Notes