Telephone fraud

Main article: Crime in Russia

Social engineering

Main article: Social engineering

To deceive their victims, telephone scammers use social engineering techniques.

Vishing (voice phishing, voice phishing)

• Vishing (voice phishing, voice phishing)

Bank card fraud

• Bank card and payment fraud

Victims of phone scammers

Main article: Victims of phone scammers

Fighting phone fraud

Main article: Fighting phone fraud

2024

Fraudsters began to attack Russians under the guise of financial monitoring officers, Public services and the police

Fraudsters began to attack Russians under the guise of financial monitoring officers, Public services and the police. The victims of this scheme are asked to install a special antivirus on the device, while in fact an application with remote control is hidden under it. In most cases, scammers force the victim to go to a specially prepared site, where you can download an application with remote control, which provides hackers with access to a person's device. Also, a link to an infected application can be dropped through an SMS message, Dmitry Khomutov, director of Ideco, told Gazeta.Ru.

According to the press service of the State Duma deputy RFAnton Nemkin on April 16, 2024, such a scheme is dangerous because fraudsters using remote access can not only intercept any information and use it for blackmail, but also manage finances - for example, transfer all savings to their accounts. In addition, by completely "cleaning" the device, they can turn it into a "brick," depriving you of access to all personal information, Anton Nemkin emphasized.

On average, new fraudulent schemes in Russia appear almost every week. Moreover, fraudsters do not even try to make their schemes convincing - the main thing on which they rely is the human factor.

The main thing for a fraudster is to keep you off balance. In this state, a person is not able to thoughtfully analyze his actions and often commits such actions that would seem to him something impossible in a calm state, the deputy emphasized.

First of all, the attackers are trying to use the stress factor - they intimidate citizens that their device is already infected, and all data can be deleted, report theft of funds or an incident that happened to one of your relatives, Anton Nemkin recalled.

My main advice is to always stay calm and not give in to stress if information comes to you from an unverified source. If you feel that the second side is trying to put pressure on you, intimidating, showing impatience and nervousness - it is better to put the tube right away. The longer you talk with the attacker, the more chances of still losing your personal data or even finances, the parliamentarian added.

As Nemkin recalled, according to the data, Ministry of Finance RUSSIAN FEDERATION almost every resident of Russia has encountered financial fraudsters at least once in the last year. Moreover, telephone fraud is still one of the most popular.

In Russia, using eSIM, they began to "steal" phone numbers from ordinary SIM cards

On March 14, 2024, F.A.C.C.T. (formerly Group-IB in Russia) announced the identification of a new scheme for stealing mobile numbers from Russian users to gain access to their online banking. Attackers have learned to "steal" phone numbers using eSIM - a built-in SIM card. Read more here.

Fraud schemes with the function of broadcasting a smartphone screen have appeared in Russia

In early March 2024, it became known about the appearance in Russia of new fraud schemes with the function of broadcasting a smartphone screen. They were told about them in "Sberbank."

As Izvestia writes with reference to a representative of a credit institution, swindlers call customers from a fake account using a name similar to 900 and the bank's logo, and ask if they have updated their banking mobile application. If the victim says "no," then the false worker of the bank says about the need to wait for a call from a specialized specialist to update the application.

It became known about the appearance in Russia of new fraud schemes with the function of broadcasting the screen

Then another fraudster calls through the messenger, where there is a function of broadcasting the screen during a video call. As explained in "Sberbank," such a scheme is used to confuse the victim of deception and force her to fulfill the requirements of criminals. The second "employee" explains that he calls via video link to establish the identity of the client by biometrics. Then he asks to turn on the screen demonstration mode to connect a certain "robotic system for diagnosing the account." After that, the victim of the fraud is asked to go to the bank's mobile application, which, as the criminals assure, is "absolutely safe," since only the robot will see the screen.

However, in reality, after turning on the broadcast and switching to the application, fraudsters get the opportunity to see card numbers, amounts on accounts and codes in SMS from the bank. The swindlers can then use the findings to steal money and arrange loans in the names of the victims.

According to experts interviewed by the newspaper, fraudulent schemes using the broadcast of a smartphone or computer screen have been used in Russia before, but in 2024, attackers began to introduce themselves as bank employees. One of the victims of such fraud in 2024 lost 210 thousand rubles.^[1]

Russians are lured by advertisements for paid voice acting of films to steal samples of their voice. Then they steal money from their relatives

Russians are lured by advertisements for paid voice acting of films to steal samples of their voice. Then they steal money from their relatives and friends. Angara Security, a company specializing in information security, spoke about the new fraud scheme in early March 2024.

Telephone scammers began to deceive Russians on behalf of MPSC employees

Telephone scammers began to deceive Russians on behalf of MPSC employees. This was reported in February 2024 by the Security Code company.

Swindlers in a conversation on the phone inform the victim that a letter has come to his name. At the same time, the correct last name, first name and patronymic, its address and the address of the MPSC, from which the call comes, are called. Fraudsters ask a person if he will come for a letter to the MPSC or can be sent by mail at the place of registration. If the victim chooses the second option, the caller says that the number of this message will come to SMS and asks to name it.

Telephone scammers began to deceive Russians on behalf of MPSC employees

Only in the message comes not the departure number, but the code for confirming registration in some service. Further, the fraudster, having access to the victim's account, is already using it for his own purposes, experts from the Security Code company warn.

The use of such a scheme was recorded in several regions of Russia, including the Kamchatka Territory. The regional ministry of digital development warned citizens that the My Documents center, State Public services technical support, banks and other organizations never request numbers, codes and other information from SMS messages.

If you received a call on behalf of the "My Documents" center and asked for such data, these are scammers. Immediately reset the conversation and block the number, - advise the Ministry of Digital Development of the Kamchatka Territory.

They also recalled that you cannot inform callers of the login and password from the account, call them codes from SMS and follow suspicious links from messages. Employees of the "My Documents" centers do not have access to the citizen's account on the Public services portal and will never request such data, this is confidential information, the department added.^[2]

"Sberbank": Russians receive up to 15 million fraudulent calls every day

Every day, Russians receive up to 15 million fraudulent phone calls. The deputy chairman Sberbank Stanislav Kuznetsov cited such data at one of the forums in mid-February Yekaterinburg 2024.

According to expert estimates, up to 8 million phone calls are made per day to Russian citizens, but taking into account instant messengers, this figure has greatly increased. We admit that up to 15 million call attempts occur daily, including messenger channels, - said Kuznetsov.

Every day, Russians receive up to 15 million fraudulent phone calls

According to him, the main channels of cyber fraudsters are virtual PBXs, instant messengers and SIM boxes (devices that are used to store a large number of SIM cards).

If in the traditional areas of telephony we managed to do a lot and manage these risks, then new (channels) appeared. Here we were not really ready... And we have not learned today to record the statistics of these areas. This is a new challenge, we manage to do something already, configure our systems, but much has not yet been possible, - said the Deputy Chairman of the Board of Sberbank.

In mid-February 2024, Stanislav Kuznetsov also spoke about the appearance in Russia of a new scheme of embezzlement of money with the alleged "abduction" of a person.

Just a few days ago, we recorded an incident when a person was already deceived, but got involved in a sophisticated scheme that we call "kidnapping." The victim is told to buy a ticket, go to another city, settle in a hotel, do not take the phone, "he said (quote from TASS).

After a person allegedly disappears, fraudsters call the victim's relatives and demand a ransom. Kuznetsov noted that Sberbank prevented these scenarios of theft of money and transfers in time.^[3]

Arrested four telephone fraudsters who deceived pensioners in Moscow for 50 million rubles

The court arrested four couriers on charges of embezzling about 50 million rubles from Moscow pensioners. The press service of the capital's prosecutor's office announced this on February 12, 2024. Read more here.

Fraudsters began to fake the voices of Russians with the help of AI and deceive their relatives in instant messengers

Fraudsters began to fake with the help AI of the voice of Russians and deceive their relatives and friends in instant messengers. On January 11, 2024, this scheme was reported in the department for organizing the fight against the illegal use of information and communication technologies. MINISTRY OF INTERNAL AFFAIRS Russia More. here

2023

The Central Bank cited a list of phrases of telephone scammers, after which you need to hang up

On December 29, 2023, the Bank of Russia cited a list of phrases of telephone fraudsters, after which, according to the regulator, it is necessary to hang up. The list was published on the official Telegram channel of the Central Bank, and it looks like this:

• "A loan application has been made." The Central Bank recommends putting the phone down if the loan application has not been sent;
• "Employee of the Central Bank." Employees of the Central Bank do not contact individuals to perform banking operations;
• "Special and Secure Account." Fraudsters offer to transfer funds to a certain "special account" for safety, but such do not exist, indicate in the Central Bank;
• "Investigative actions are underway, help detain fraudsters and do not disclose information." Law enforcement officers do not carry out procedural actions by phone and do not offer to participate in the detention of fraudsters;
• "Your money is trying to steal, a suspicious operation has been recorded." Banks, as noted by the Central Bank, can suspend such operations without the participation of the client;
• "The SIM card is about to expire." The SIM card of the mobile operator, the Central Bank noted, has no expiration date;
• "Dictate the code from the SMS message." The code is an analogue of a handwritten signature, it cannot be sent or reported;
• "You are concerned about a financial security specialist, a bank security officer." In this case, the fraudster will be interested in the card data or the code from SMS.

The Bank of Russia warns that if at least one of the above phrases sounded in the conversation, the user should immediately end the conversation, then call the official number of the organization or the hotline on his own.

The Central Bank adds that criminals sometimes impersonate employees of departments and "send fake certificates through instant messengers." The regulator stressed that fraudsters know well how to deceive a person by causing the necessary emotions from him.^[4]

The ratio of women and men caught on the tricks of telephone scammers turned out to be approximately the same - 50.4% against 49.6%

VTB has compiled a portrait of customers who fell for the tricks of scammers. In 2023, the ratio of women to men turned out to be approximately the same - 50.4% against 49.6%, in 2022 the share of women was 52%. The average age of the "victim" ranged from 35 to 44 years. This was announced on October 20, 2023 by representatives of VTB.

According to a VTB study, women are slightly more likely to be attacked by fraudsters - in 50.4% of cases. The largest number of attacks are on bank customers aged 35 to 44 years (25.4%). The share of clients from 45 to 54 years old decreased by 4 percentage points. and began to occupy about 21%, from 55 to 64 years old - 17%, from 25 to 34 years old and people of the older generation (from 65 years old) - 14% each. Young people began to fall for the tricks of fraudsters more - the share of clients under the age of 25 increased from 4 to 8%.

Most of the "victims" live in Moscow (20.4%), the Moscow region (8.5%) and St. Petersburg (6.6%). Fraudulent activity is also high in the Novosibirsk (3.9%) and Samara regions (3.5%), Krasnodar Territory (3.2%), Sverdlovsk Region (3.2%). The North Caucasus has lost its leadership in the minimum number of attackers' activity. This year, less than 1% of fraudulent cases occur in the Orenburg region, the Khanty-Mansi Autonomous Okrug, Omsk, Vologda, Murmansk regions, Primorsky Territory, and the Republic of Buryatia.

The largest share of affected customers, calculated from the VTB Online audience in the region, falls on the Novosibirsk, Voronezh, Samara regions and Khabarovsk Territory. However, this figure does not exceed 0.3%.

Fraudulent attacks can be directed against Russians of any gender, age, social status and place of residence. However, first of all, attackers are attracted to middle-aged people, since they work hard and are financially stable. The rate of attacks on young people under the age of 25 also doubled. The most common deceptions based on social engineering, about one in three cases falls on loan processing. Defeat fraudsters and save your money will help, first of all vigilance and financial literacy. The client can become a victim of intruders only if he himself informs them of his personal data. Therefore, carefully read the texts of SMS notifications from the bank. Customers' money is kept safe only in the account that the client himself physically opened in the servicing bank. noted Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department

VTB specialists calculated that since the beginning of 2023, the bank has received 5.3 million messages about calls from fraudsters, which is 20% less than in the same period in 2022. The bank managed to save more than 9.5 billion rubles in accounts. Most of the calls are made by scammers from a mobile phone - 74%, messengers account for 20%, from city numbers - 4%.

Sberbank warns of a fraudulent scheme involving several relatives at once

Sber On August 28, 2023, he warned of a fraud scheme based on the use of family ties. Telephone scammers inform a person that allegedly unscrupulous employees bank are trying to apply for him credit and steal money. To save the money, the victim must issue a loan "to exhaust the credit potential" and, together with personal savings, transfer it to a "safe account." After the victim transfers funds to criminals, they begin to ask her about the presence of relatives, because according to fraudsters they "may also be in danger."

New victims are persuaded to take similar actions. As a result, several people united by family ties at once become victims of the crime: they transfer both their own and borrowed funds to fraudsters.

Family values ​ ​ are very important for Russians, and fraudsters began to use it for criminal purposes. If one relative is convinced that he is trying to prevent a loan in his name, then other family members, trusting him, may lose their critical perception and suffer from the actions of intruders. As a result, several people, falling into the networks placed by criminals, lose their savings and become loan debtors. I want to remind you of the main rules of financial security: do not talk about anything with scammers, in no case inform anyone of your personal data and the data of relatives, and if you still have doubts, call back to the contact center of your bank and clarify whether everything is in order, said Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank.

FBI reveals new phone fraud scheme in which victim becomes FBI

On July 18, 2023, the Internet Crime Complaint Center (IC3) as part of the FBI announced that cybercriminals had adopted a new telephone fraud scheme in which the victim in some sense becomes a courier.

Attackers, as noted, target primarily the elderly. Criminals impersonate support specialists of a particular company by contacting a potential victim by phone, via email, text message or through a pop-up window. They further report that suspicious activity is recorded on the user's account. Another possible trick is to inform that the victim is entitled to any monetary compensation, for example, for subscriptions or services.

The following instructions contain a phone number by which the user can seek help. As soon as the victim dials this number, the fraudster says that the only way to send money is to connect to the user's computer and deposit funds into the bank account. To do this, you need to download a certain program that actually contains malicious components. Then the victim is asked to go to his bank account, as a result of which the attackers have credentials at their disposal.

The peculiarity of the scheme is that cybercriminals really transfer "compensation," but the amount transferred turns out to be significantly higher than agreed. After that, the scammers, hiding behind the alleged dismissal, ask the victim to return the difference in cash by wrapping the money in a magazine or newspaper. The criminals are asked to send such a parcel to the specified address. Meanwhile, with the user's bank details at their disposal, fraudsters can empty his account.^[5]

Russians warned about a new fraudulent scheme with online cinemas

In July 2023, it became known about a new fraudulent scheme with online cinemas in Russia. Swindlers send a message to potential victims in instant messengers and offer work allegedly to evaluate online cinemas. The newsletter indicates a phone number for feedback, and also mentions popular streaming platforms in Russia. Real employment is not confirmed, while communication with such "employers" can lead to theft of funds, the Prime agency reports, citing a statement from one of the Russian banks. Read more here.

The Central Bank of the Russian Federation told about a new telephone fraud

On July 10, 2023, the Central Bank of the Russian Federation spoke about a new telephone fraud. Now the swindlers, calling their victims, not only introduce themselves as employees of the regulator, but also send e-mail messages with an invitation to a personal reception at the Central Bank of the Russian Federation.

As reported in the Telegram channel of the Bank of Russia, fraudulent letters begin with an appeal by name and patronymic, they indicate the reception time and the real address of the Central Bank in the region of residence of the potential victim. As the sender of the message by spoofing the email address, they indicate the domain of the Bank of Russia cbr.ru.

The attackers also turn to a potential victim by name and patronymic and indicate the time of reception and the address of the local branch of the Bank of Russia. After sending a letter, they contact the recipient personally and, under various pretexts, try to find out the details of his bank card and SMS code or persuade him to transfer money.

The Bank of Russia, on its own initiative, does not invite citizens to a personal reception, its employees do not call people and do not send copies of any documents to anyone, do not request personal and banking information, do not offer to make any transactions with the account... Fraudsters are often represented by Bank of Russia employees. Therefore, be vigilant, - emphasized in the Central Bank.

The regulator recommends not responding to this kind of invitation and deleting it if there was no appointment. For any banking issues, the Central Bank recommends calling the bank at the phone number indicated on the back of the card or on the website of the credit institution.

Experts remind Russians that to protect against intruders, you cannot transfer your confidential data to anyone, such as passwords and logins from accounts in services, codes from SMS and push notifications.^[6]

The Central Bank of the Russian Federation explained why fraudsters call and remain silent in the phone

At the end of June 2023, the Central Bank of Russia explained why fraudsters call and remain silent. According to Dmitry Ibragimov, deputy head of the Security Department of the Central Bank of the Central Bank for the Central Federal District, a "silent" call is first made to check whether the number is valid.

Scammers also need to find out if the user will answer an unfamiliar incoming number or ignore it. If initially the user did not answer the incoming call, and then called back after some time, then this will be a positive subscriber for the scammers. As in the case if the user of the SIM card answers immediately. It's like a primary filter before the next attack, such as a cold call from bank security.

In addition, attackers can make calls, listen to a voice and update their database. For example, to map a subscriber's voice to attributes such as the caller's gender and age in the database. Suppose that the fraudsters already have the data of the owner of the SIM card and they refer the owner to Petrov Evgeny Petrovich, born in 1980. After the call and the subscriber's answer to it, the voice will be automatically recorded on the PC, and then updated from the point of view: whether the man or woman answered, the estimated age is recognized by the timbre of the voice. Somehow, it is not necessary to act on such "silent" calls on purpose, because such a call itself does not carry any danger, the representative of the Central Bank specified.

The caller does not need to worry about whether he answered the call correctly or said something superfluous, for example, "Yes, I listen!" There is a myth that fraudsters can record a "Yes" answer and use it to confirm a serious financial transaction, obtain a loan or transfer money. In reality, this is not the case, notes Dmitry Ibragimov.

According to him, it is impossible to remotely confirm such operations in one word "Yes." Banks will not take on potential risks associated with insufficient identification of the client, that is, until they fully make sure that it is the client who transfers the order to dispose of their own funds, transactions are excluded. In addition, the operator of any bank in any case will distinguish the recorded voice from the natural one, although in June 2023 IT technologies are constantly developing and improving, Ibragimov assured.^[7]

Fraudsters began to steal money from the accounts of Russians, sending messages with an offer to make money on the valuation of hotels

In Russia, fraudsters began to steal money from the accounts of Russians, sending messages with an offer to make money on the valuation of hotels. This became known on June 20, 2023.

According to RIA Novosti, attackers use the hotel booking service as bait in their new hybrid scenario. They create a group in instant messengers or send an SMS message in which they offer to evaluate the hotel booking service and hotel photos on the Booking website. The text indicates a link to the Telegram channel, where the client can discuss in more detail with his personal "manager" further conditions for "employment" according to the assessment of hotels. However, when switching to the announcement, the topic is adjusted - the client is offered to help online stores "in sales" and promise large revenues of up to tens of thousands of rubles a day.

Attackers send a client a link to a phishing site where he needs to pre-register using his personal data: full name, email address and mobile phone number. After registration, the client needs to pay a certain amount to the specified account in order to begin performing tasks to evaluate various goods of online stores. At the end of each "business" day in the customer's account, the initially invested amount is doubled or tripled. However, it will not be possible to withdraw the "earned" money, and any attempts to contact the personal "manager" will not lead to anything.

According to experts, this appointment is similar to the scheme for hiring various marketplaces. The main goal is to lure as much money out of a potential victim as possible. To protect yourself and protect yourself from such attacks, we recommend not responding to suspicious spam mailings, not participating in group chats, whose participants are not familiar to you and generally refrain from communicating with strangers on the Internet and instant messengers.^[8]

Sberbank recorded an increase in the number of telephone fraud attempts against Russians to 8.6 million per day

The number of attempts at telephone fraud against Russians by mid-June 2023 reached 8.6 million per day against 5 million a year earlier. This was announced on June 14, 2023 by the deputy chairman of the board. Sberbank Stanislav Kuznetsov

The main threat is telephone fraud, the share of which in the total volume of cyber fraud is 90%. And the number of attempts at telephone fraud is growing, "he said in a conversation with RIA Novosti.

According to Kuznetsov, among the fraudulent schemes that cybercriminals use against bank customers, the scheme with transfer or contribution to a "safe account" still dominates: over 77% of the total volume of fraud attempts. As part of this scheme, most often criminals appear to be employees of the "security service" and talk about a certain "change in financial number," intimidate by issuing a loan in the name of the client or an attempt to withdraw money from the account.

The attackers do not come up with fundamentally new ideas, but only introduce new varieties of the mentioned scheme, the representative of Sberbank noted.

To convince victims of the veracity of their words, fraudsters are increasingly sending them fake documents through instant messengers. Recently, for example, swindlers have been using fake "identity certificates of a qualified bank employee," said Stanislav Kuznetsov.

Also, according to him, the criminals learned to call entire families at once. If the victim does not succumb to persuasion, fraudsters contact her loved ones, convincing them to influence the "stubborn" relative. At the same time, the swindlers "are represented by bank or police officers, report on a possible theft of funds and ask to take action," Kuznetsov explained.

This "approach" can lead to losses of more significant amounts, since there is a possibility that other family members will also fall under the influence, - warned the top manager of Sberbank.[9]

Fraudsters have learned to fake the numbers of any subscribers in Russia in order to call on their behalf

Fraudsters have learned to fake the numbers of any subscribers, said T1Viktor Gulevich, director of the information security competence center at the end of May 2023.

Thus, any Russian can become a "fraudster" if attackers disguise the call as the desired number. You can protect yourself by ordering detailed calls from the operator, there will be no fake calls in detail.

As Viktor Gulevich explained to Prime, fraudsters use the technology of replacing the caller ID (Caller ID) through the services of virtual providers of IP telephony and SIP telephony (a protocol for exchanging data on the network).

If you are informed that calls are received from your phone number that you did not make - this is the main sign of illegal actions of fraudsters, the expert said.

According to Alexander Vurasko, an expert in the direction of special services Solar JSOC of RTK-Solar, the problem is that due to the technical restrictions of communication networks, there are no truly effective methods for countering number substitution by May 2023.

Despite the fact that Russian telecom operators have introduced anti-fraud systems that have made it almost impossible to replace numbers in their networks, if the number was replaced before the call came to the network of the Russian operator, it becomes much more difficult to track such a substitution, explains Alexander Vurasko.

Attackers often choose arbitrary numbers for substitution, however, sometimes they gravitate to any specific phones. Most likely, this is simply due to the unwillingness after each call to change the replacement number, - said the expert in a conversation with Izvestia.

The publication adds that situations often arise when victims call the number owners, addressing them with claims. But real subscribers most often have nothing to do with any criminal schemes, they themselves suffer reputational risks due to fraudsters who discredit their contact details.^[10]

Fraudsters began to " put pressure" on the relatives of their "victims" to access the family budget

In May 2023, VTB clients report a new fraud scheme, when not only they are attacked, but also their relatives. Attackers contact each of the family members, convincing them of the need to influence the "victim." Their main task is to convince the interlocutors of the need to make financial transactions that will ultimately lead to theft of funds.

The fraudster calls the potential victim, posing as a bank employee or law enforcement officer. He reports that the client's funds can allegedly be stolen by intruders, and urgent measures must be taken to save them. In case of refusal, the "employee" switches to a more aggressive manner of communication and threatens to call the interlocutor's relatives in order to convey the importance and veracity of his words through them. Next, he really contacts the nearest circle of potential victims by phone - these may be parents, spouse or children.

They seek to convince threats of reality and are asked to influence their relative to take measures to "save" their own or family funds from theft.

During the conversation, fraudsters use social engineering technology, using already common topics to deceive - applying for a loan, conducting dubious transactions on cards and bank accounts, changing a financial or trusted phone number in a bank, transferring funds to a "safe" account and others. The share of social engineering today remains extremely high and accounts for almost 90% of all attacks.

"Attackers are excellent at psychological techniques and deftly manipulate the emotions of their victims. If earlier they called allegedly on behalf of family members, reporting on the incident of force majeure and the need to transfer money to resolve it, now they themselves are actively using the existing contacts of relatives. As a result, entire families are already facing threats and extortion. Such an aggressive psychological impact can lead to dangerous situations and withdrawal of funds on a much larger scale, because the entire family budget is under threat. Therefore, it is very important not only to comply with the financial security rules for your part, but also to talk about them to your loved ones and be in touch with each other and the bank for the prompt verification of such information, "said Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department.

Scammers began to call potential victims via video link

VTB has recorded another trend of fraudulent attacks: now attackers call potential "victims" via video link, posing as bank employees and imitating work in the office. All such calls go through instant messengers. The bank announced this on May 19, 2023.

Fraudsters make the first call, as a rule, through a messenger or through regular telephone communication. If the interlocutor does not believe that a bank employee communicates with him, then the attacker calls back via video link, depicting the service from the bank office. As a result, the "victim" remains in no doubt about the credibility and seriousness of the caller's words.

Then fraudsters use standard schemes to gain access to the money of a bank client - they convince them to issue a credit application, change a trusted phone number, transfer money to a "secure account," update a bank application or download remote access tools to check its work, or simply start requesting SMS codes under various pretexts to gain access to the personal account of a bank client.

Messengers have become the main channel for the activity of scammers. The share of calls to them has grown by almost 15 percentage points. since the beginning of the year, and in May 2023 reaches 64%, significantly overtaking telephone attacks. All such calls are made solely for the purpose of obtaining personal information for criminal purposes, possibly even for obtaining photos and video images of customers. It is important to note that real bank employees will not use such communication channels. Thanks to the constant work of banks with financial security rules, customers have become more active in recognizing and reporting calls from cybercriminals. At VTB, every tenth client passes on the number of the fraudster and describes in detail the scenario of an attempt to deceive, - said Nikita Chugunov, senior vice president, head of VTB's digital business department.

A Russian citizen did not succumb to the tricks of fraudsters and they signed him up as a volunteer to participate in a special operation in Ukraine

Ukrainian fraudsters could not rob a resident of Yuzhno-Sakhalinsk with money and, in retaliation, registered him as a volunteer to participate in a special operation in Ukraine. According to local police, an unknown person called the 50-year-old man and introduced himself as an employee of the State Public services portal. He said that the man's personal account was hacked. During the conversation, the fraudster asked where he kept his money, but he could not lure this information out. Sakhalinets issued only data from his personal account at the Public services. Three days later, the man went to the portal application and found that he had been volunteered for the SVO.

Taxi driver Zhanishbek returned the money to a pensioner who was tried to rob telephone scammers

24-year-old Zhanishbek fulfilled the order on the afternoon of April 21, 2023. The taxi driver arrived on Belomorskaya Street to pick up the parcel from an 84-year-old pensioner. The woman handed him a bag, and Zhanishbek, just in case, clarified whether there was money there. The pensioner shook her head, so the taxi driver with a calm soul went to the recipient.

On the way, they called him. The caller was clearly nervous and asked Zhanishbek to deliver the bag to the spot as soon as possible. The taxi driver decided to check the parcel and was right: there were 500 thousand rubles inside. The driver immediately realized that the pensioner fell for the trick of scammers. He pulled out the money, handed them an empty bag and returned to Belomorskaya to give the amount to his grandmother.

However, no one opened the door to him. Then the taxi driver decided to call the police. He was taken to the department, where the guy voluntarily gave half a million belonging to the pensioner. The money was handed over to the hostess, and they also had a conversation with their grandmother that they should not believe strangers who call on the phone, writes Baza.

Telephone fraudsters who worked for the Armed Forces of Ukraine were detained in Moscow

In April 2023, telephone fraudsters who worked for the Armed Forces of Ukraine were detained in Moscow. The attackers cashed the money stolen from the Russians at ATMs, converted it into cryptocurrency and transferred it to anonymous accounts in Ukraine.

Ukrainian call centers invented a scheme of deception with "abduction"

Ukrainian call centers in the spring of 2023 invented a new scheme of deception. The mother of the assistant senator of the Federation Council Elena Silkina could be "kidnapped" by telephone scammers. Scammers convince people to hide, and then extort money from their relatives.

According to Baza sources, fraudsters have recently begun to practice a "remote" divorce scheme. It looks like this: unknown persons call the victim, report the threat of persecution and convince them to hide in a temporary shelter. You need to get to it yourself, and on the way you need to throw away the phone (after all, it is allegedly followed) and buy a new one with a SIM card. So that the victim could not be traced.

Then a person, confusing traces and changing transport, gets to the "shelter" - an ordinary apartment rented for rent. At the same time, she must pay for housing herself, in no case contacting relatives or relatives. At the same time, scammers call their relatives, report "abduction" and aggressively demand a ransom. In such cases, criminals do not even see directly with the victim herself - she simply "hides" at home.

One of the interlocutors of "Baza" said that recently it was using this method that the mother from the family of his friends was "stolen." According to him, the woman was found at the place where the signal of her phone was last recorded - the police combed the communication salons in that area, and in one of them the missing was identified, after which she was found by a new number.

In April 2023, 76-year-old Tatyana Grigorievna, who before the loss herself drove from home to the Leningradsky railway station, is also looking for the same way - with the help of communication salons near Belorusskaya. She was later discovered in a hotel.

Fraudsters detained in Dnepropetrovsk who stole 3 million euros from Czech residents

In April 2023, a fraudulent group was liquidated in Dnepropetrovsk, which stole almost 3 million euros from the inhabitants of the Czech Republic. Fraudsters organized several call centers, whose employees lured money from people by phone. They acted according to a proven scheme: they introduced themselves as bank employees and police officers, forcing victims to transfer money to allegedly "safe accounts." 6 alleged organizers of the criminal community were detained, among them - citizens of Ukraine and the Czech Republic.

Fraudsters change numbers to foreign ones similar to Russian ones

Attackers engaged in theft of funds from Russians by phone will change phone numbers to foreign ones from the end of 2022 to bypass the protection of mobile operators, Kommersant wrote in February 2023.

At the same time, foreign numbers are visually disguised as Russian. For example, numbers with the code + 423 belong to Liechtenstein, but "pretend" to be calls from the Primorsky Territory, the code + 905 of Turkey resembles the mobile numbering adopted in Russia, and + 472 of Norway is similar to the code of the Belgorod region.

However, the most common fraudsters used the codes of Japan and Korea + 8 (1, 2) and the international code, which operates in Kazakhstan and Russia + 7.

Most of the unwanted calls at the end of 2022 were received from Russians from the numbers of Turkey, Kazakhstan and Iran.

95% of fraudulent calls to Russians are made from the territory of Ukraine

95% of fraudulent calls to Russians are made from the territory of Ukraine - 800-900 call centers are located there. Such data in February 2023 was shared by the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov. According to him, the center of telephone fraud remains the city of Dnipro - earlier about 1100 call centers worked there, now - about 150.

Scripts for telephone scammers are not written in Ukraine, but by Western countries: for this they use any information reason, said Vladimir Komlev, general director of the National Payment Card System.

Ukrainian fraudster was able to persuade a resident of the Moscow region to transfer him almost one and a half million, and then set fire to the branch of Sberbank

On the morning of February 7, 2023, 48-year-old Alexei, a resident of the village of Porechye near Ruza, received a call from a "bank security officer," writes Baza. He convinced the man that his accumulations were at risk and needed to be protected. To do this, you need to take a loan of 1.4 million rubles, after which you sent the amount to the fraudster.

However, the offender did not lag behind. "Bank employee" was able to explain to Alexei that in order to identify fraudsters, he needs to set fire to the office of Sberbank. The fraudster sent instructions on how to mix the "Molotov cocktail" and a few hours later Alexey was already at the branch in Ruza. After making sure there were no people in the bank, he opened the door and threw the bottle into the corner. It is believed that telephone fraudsters have been covered by the Ukrainian SBU for years.

Fraudsters learned to calculate people who recently sold housing, and began to "addressedly" lure money from them

In January 2023, when calling, they impersonate representatives of banks, real estate companies or law enforcement agencies, and convince victims to transfer funds to a "safe" account.

2022

Subscribers around the world lost $53 billion due to telephone scammers using digital technologies

In 2022, mobile subscribers globally lost approximately $53 billion due to telephone fraud and unwanted calls. This is stated in a report released on March 20, 2023 by Juniper Research.

Attackers use various techniques to deceive cellular users. This is, in particular, unauthorized call forwarding or forgery of the caller ID. The ultimate goal of criminals is to gain financial advantage. Experts say that despite the ongoing development of robocall prevention systems, phone fraud losses are on the rise. Attackers are constantly improving their methods and tactics using affordable digital technologies. By 2027, global losses in this sector could reach $70 billion.

It is noted that more than 50% of the total damage associated with fraudulent robocalls is in North America. According to the annual report of the Robokiller service, in 2022, Americans received 225.69 billion text messages generated by robotic systems. This is 157% more compared to 2021, when the number of fraudulent messages was estimated at 87.85 billion. At the same time, the number of robotic calls from intruders rose on an annualized basis by 8% - from 72.24 billion to 78.24 billion.

According to a study by Robokiller, in 2022, fraudulent messages related to the delivery of certain orders were most often sent - more than 12 billion messages. In second place were robotexts concerning various financial services: they accounted for almost 4 billion shipments. The top three messages on the COVID-19 pandemic are closed - approximately 2.87 billion shipments at the end of 2022.^[11]

In the US, scammers stole $11 million with deepfakes imitating someone else's voice

In 2022, fraudsters, using artificial intelligence models to accurately imitate (deepfake) human voices, stole about $11 million from their victims in the United States alone. Such data are contained in the report of the Federal Trade Commission (FTC), published on February 23, 2023.

Modern AI tools are able to mimic a person's voice, including emotional tone, based on the analysis of several voice phrases. And, for example, the Microsoft VALL-E system based on a neural network requires a sample of only three seconds. Such tools are actively used by attackers, misleading gullible users. Most often, fraudsters present themselves as relatives of the victim, demanding to transfer money under one pretext or another. For example, in 2022, one married couple in the United States sent $15,000 through a bitcoin terminal to a criminal, believing that they were talking to their son. A generated AI voice told them he needed money to pay off legal fees after he was involved in a car accident that killed a US diplomat.

In general, as noted, in 2022, more than 5,100 people became victims of such schemes in the United States. Experts say that such attacks can be carried out from anywhere in the world, and therefore it is extremely difficult to track down criminals. Often there is also uncertainty about which agencies have jurisdiction to investigate cases where scammers operate from different countries.

The FTC report says that in general, victims of attackers lost almost $8.8 billion in 2022 as a result of attacks of various types. This is 30% more compared to 2021. At the same time, the greatest damage was caused by investment fraudulent schemes: the damage from them amounted to more than $3.8 billion. In second place are fraud with impostors, the losses from which in 2022 reached $2.6 billion against $2.4 billion a year earlier.^[12]

Hackers began to massively attack telecom operators around the world to take possession of someone else's phone number

On December 2, 2022, IT specialists CrowdStrike announced the discovery of a new cybercriminal scheme: attackers attack telecommunications companies and organizations in the field (outsourcing business processes BPO) in order to take possession of someone else's phone number. More. here

Telecom operators will be forced to report on replacement numbers to the Ministry of Digital Development

As it became known in early December 2022, the Ministry of Digital Development will have the right to ask operators for data on a completed call based on citizens' appeals through the Public services. The corresponding amendments to the law "On Communications," prepared by a group of members of the Federal Assembly headed by Artem Sheikin, a member of the Federation Council Committee on Constitutional Legislation and State Building. Read more here.

A deceived pensioner was detained in Moscow, who began working for fraudsters to return the money

In Moscow, in November 2022, a pensioner from Reutov, deceived by fraudsters, was detained. Having become a victim of swindlers, he agreed to an offer to "work" for them in order to return his savings and close debts. As a result, the pensioner was detained while receiving 5 million rubles from a new victim.

Arrest of 100 people in Britain for phone number swap services for fraudsters

Investigators in Britain have discovered a site that offered customers phone number substitution services. Through this site, thousands of scammers from different countries were engaged in calling their victims, paying for the services of spoofing numbers with crypt.

Potential victims were contacted, posing as employees of well-known banks or government agencies. In Britain alone, more than 200,000 people suffered from such calls, and the damage is estimated at least $3.9 million.

Police officers hacked into the site's database and obtained information about 59,000 users. In November 2022, 100 people have already been arrested.

Detention of fraudsters in St. Petersburg who stole more than 150 thousand rubles

In St. Petersburg in November 2022, bank fraudsters were detained who stole customer funds through social engineering. In Kolpino, they found special equipment to redirect traffic. For six months, the connection of more than 12 thousand SIM cards was recorded there, through the balance sheets of which more than 150 million rubles passed. It was established that the money was stolen by fraudsters with the transfer of funds to "secure accounts."

The Central Bank of the Russian Federation announced a new telephone fraud. The bait is the fight against the theft of data

In November 2022, the Central Bank of Russia warned of a new telephone fraud. The bait is the fight against the theft of personal data.

The essence of the scheme is as follows. Criminals call bank customers under the pretext of prompt investigation. They are presented by law enforcement officers who allegedly conduct a case of massive leaks of personal data from banks. Moreover, they act, in their words, directly on behalf of the Central Bank.

The fraudster calls the person and reports that among the compromised data may be his information. He offers to check with the leak database in order to attract the interlocutor as a victim, - said the Bank of Russia.

Further, the criminal clarifies with the person in which particular bank he is served, asks for card data, including a three-digit code on the back. For greater persuasiveness, fraudsters refer to official documents from the Central Bank, naturally false.

To convince a potential victim of the plausibility of the story, a fraudster can send him a photo of a fake document about conducting operational-search measures to the messenger or e-mail, the Central Bank warned.

They also recalled that neither bank employees nor law enforcement officers ever request bank card details (its number, three-digit code on the reverse side, SMS code).

The Central Bank recommends when communicating the phone with unknown:

• do not give them bank card details;
• not to succumb to threats;
• not to enter into correspondence with them;
• do not call them back;
• it is best to interrupt the conversation and block the number of scammers;
• if there are doubts about the safety of money in a bank account, you can independently call your bank at the number indicated on its official website or on the back of your bank card.^[13]

In Krasnoyarsk, telephone scammers accidentally called the press service of the Ministry of Internal Affairs

In Krasnoyarsk, telephone swindlers accidentally called the press service of the Ministry of Internal Affairs (MIA). After that, a courier was detained, who took money from the victims of telephone fraud. This was reported in the department on September 15, 2022. Read more here.

Russia is creating a unified system for checking subscriber data to combat telephone fraudsters

At the end of August 2022, new details about the unified information system for checking information about subscribers (UIS PSA) became known. The corresponding bill is in terms of priorities for consideration by the State Duma in the autumn session, Izvestia was told in the financial market committee of the lower house. Read more here.

Telephone scammers in Russia began to call through instant messengers

VTB recorded another scenario of telephone fraud, as reported by TAdviser on June 1, 2022. Attackers use robot calls through instant messengers for subsequent switching allegedly to a "VTB specialist."

Under the pretext of confirming an application to change a trusted phone number or issuing a credit application, fraudsters call customers through instant messengers, allegedly on behalf of a robotic bank assistant. If the client says that he did not leave applications for changing the phone number or for a loan, then the robot switches the subscriber to a false specialist of the bank, who is trying to get confidential data: UNK (unique client number), bank card data, codes from SMS to enter his personal account, etc. Using the information received, fraudsters can gain access to funds in the client's accounts, his pre-purchased loans, force them to transfer them to a "special" account, etc.

We began to record that fraudsters switched to instant messengers from calls to phone numbers. There are many reasons for this: calls through instant messengers are free, they lack antispam and fraudulent filters, there are no number identifiers, each service is regulated by its own policy. It is much more difficult to track attackers through these channels, and for additional protection, we recommend that customers, through the settings in the smartphone, allow incoming calls in instant messengers only from familiar numbers from the phone book, "said Nikita Chugunov, head of the digital business department - senior vice president of VTB.

In April 2022, compared to March, VTB recorded an increase in the activity of fraudsters: the number of phishing resources and clone applications on the Internet increased 11 times. In just four months, VTB has already prevented more than 700 thousand attempts by attackers to steal money from customer accounts. This is almost 1.5 times the result for the same period in 2021. The total amount of funds saved by VTB customers amounted to almost 7 billion rubles.

Now you can provide the phone number of scammers not only through the hotline or in a chat with the bank, but also through a voice assistant in the VTB Online mobile application. Also, using the voice assistant, you can share a suspicious link for verification by VTB specialists by sending it to a chat with the assistant. For additional protection of client funds, there is also a single section with security settings and recommendations in the VTB Online application.

Collecting data on telephone scammers through digital services helps protect bank customers from intruders. Voice assistants save customers time by processing calls quickly. The service for collecting fraudulent numbers in the voice assistant was launched in April 2022. In just two months of its operation, customers managed to transfer us more than 1,500 fraudulent numbers. Let me remind you that bank employees do not call customers through instant messengers and will never request such data as UNK to enter their personal account, bank card information, CVC/CVV and one-time codes from SMS, - said VTB Senior Vice President, Head of Digital Business Department Nikita Chugunov.

Fraudsters in Russia began to use substitution numbers of citizens

At the end of May 2022, it became known about a new type of telephone fraud. It consists in replacing numbers: moreover, if earlier attackers called on behalf of banks, government agencies and companies, now they have begun to use the numbers of ordinary users.

As the head of the Mousetrap platform Evgenia Lazareva told Izvestia, people call the Russians and say that there was a call from their number "from a bank employee" who was trying to withdraw personal information to steal funds from the account. At the same time, the subscribers themselves did not make any calls and are not related to fraudulent schemes.

The interlocutor of the publication added that there are also appeals from potential victims. So, when trying to call back to the number that is determined by the phone during such a call, a completely different person with different features of speech and even another sex answers, who claims that he has not made any calls lately.

Using the substitution of the number, the attackers are trying not only to lure money from their victims (for example, having received information that this number belongs to the victim's relative, they are trying to obtain money transfers), but also to mislead law enforcement agencies and harm Russian citizens. For example, unsuspecting users used to replace numbers can get into spam databases and be blocked by applications that some Russians use. Also, problems may arise during employment: the company will try to check the applicant's phone in one of these databases or on the application's thematic website and see that the candidate's number is in the category of scammers, spammers and with negative reviews. With such a reputation, the job seeker will be refused, Evgenia Lazareva said.

Lazareva added that most of the attacks on the accounts of Russians come from call centers located in unfriendly countries.

Cybersecurity experts interviewed by the newspaper confirmed that when using the method of changing numbers using IP telephony, you can call on behalf of any subscriber. According to experts, it is impossible to protect yourself from using your number for substitution, but you can prove your innocence by detailing. It is enough to request it from the operator and provide, for example, to the bank to exclude yourself from blacklists.

The Ministry of Digital Development told the publication that by the end of May 2022, the state, together with telecom operators, is working on measures to combat the substitution of subscriber numbers. Thus, the ministry oversees the development of an anti-family telephone system that will track the substitution of a number when transferring a call to the network of another operator.^[14]

Central Bank of the Russian Federation warned of a new type of VPN fraud

In early May 2022, the Central Bank of the Russian Federation warned of a new type of VPN fraud. The scheme is that scammers persuade potential victims to visit their blocked sites using such programs. Read more here.

Online banking malware intercepts calls to support

Researchers in the field cyber security from the company "" Kaspersky Lab talked bank trojan about called Fakecalls. In addition to the usual spy functions, he has an interesting ability - to "talk" to the victim, imitating communication with an employee. bank This became known on April 12, 2022. More. here

A large call center of fraudsters in Berdyansk acted in agreement with the authorities of Ukraine

During a military special operation, the Russian military in April 2022 found a call center abandoned by Ukrainian fraudsters in Berdyansk, which had data from at least 20 million Russians. It acted in agreement with the Ukrainian authorities, while its activities were supported from, Netherlands, and Germany. USA Estonia

2021

9 out of 10 fraudulent calls to bank customers in Russia are made by robots

On November 22, 2021, it became known about a surge in telephone fraud using robotic assistants in Russia. This method accounts for 9 out of 10 calls from attackers, told Kommersant in a bank from the top 5 in the Russian Federation.

Another credit institution, one of the 20 largest in the country, confirmed an increase in the number of customer complaints about fraudulent calls using robotic assistants, specifying that such attacks account for almost half of such calls.

According to the manager of RTM Group, Yevgeny Tsarev, the attacks with automatic calling of the base began about six months ago in connection with the widespread introduction of bank voice assistants in banks, as well as informing the population about fraudulent calls on behalf of the "bank security service" or "Interior Ministry officer." Tsarev noted that six months ago the automatic call of the base was rare, the cases were isolated.

According to the expert, calls using a robot increase the coverage of victims. Robotic attacks have another plus - the population trusts such calls more.

According to the newspaper in Tinkoff Bank, the use of robots allows fraudsters to gain the trust of bank customers who seem to be with a bot from the bank's security service. VTB clarified to Kommersant that robocalls are easily organized, because autoinformers are increasingly included in the standard package of office telephony contracts.

According to the director of the, information security GPB Alexey Pleshkov if the victim believed, to the robot it is highly likely that she will believe the persuasion of the fraudster and in live dialogue. The use of bank number substitution technology in such attacks only strengthens trust.

According to Ilya Suloev, director of the Otkritie Bank DIB, from the point of view of protection measures, telecom operators and regulators could make a significant contribution to the fight.^[15]

The share of fraudulent calls in Russia from abroad reached 70%

By November 2021, about 70% of fraudsters' calls Russia come from abroad, while two years earlier this share was 40%. Such data were provided by the deputy chairman of the board. Sberbank Stanislav Kuznetsov

According to him, the main source of such calls is the Ukrainian city of the Dnieper, in which there are many Russian-speaking youth, and there are apparently not enough opportunities for honest earnings. Earlier, up to 1000 fraudulent call centers could work in the Dnieper, but over the past year their number has decreased to 150, Kuznetsov said in an interview with Izvestia.

Those who worked according to the most primitive scheme were eliminated: "Your card is blocked, dictate the CVV code." There are large centers operating according to more ingenious schemes of deception, - he said.

In early October 2021, Kuznetsov also designated Ukraine as the "capital" of telephone fraud. According to him, on average, Sberbank customers receive 3-7 thousand calls a day, sometimes their number reaches 10 thousand.

50% of citizens do not take the phone at all for various reasons and do not answer such calls, but with 1% of citizens [fraudsters] still manage to talk, - added Kuznetsov.

He noted that most often fraudsters are represented by law enforcement officers (Ministry of Internal Affairs, General Prosecutor's Office, etc.). They call a potential victim, say a bank employee is trying to steal their money and asking for help catching the gunman. To do this, you need to transfer money to a safer account right now. In addition, employees can receive money or property under the guise of conducting a special operation to catch criminals.

In addition, they are swindlers trying to convince a potential victim that they are not calling her from 900 because they are talking on a secure technical line.

А что цитируем-то?

Special forces soldier died during the arrest of a telephone fraudster in St. Petersburg

On November 9, 2021, it became known about the death of an employee of the Special Rapid Response Unit (SOBR) during the arrest of a telephone fraudster in St. Petersburg. Read more here.

Telephone scammers in Russia began to send victims fake photos of documents of the Ministry of Internal Affairs

In early November 2021, it became known that telephone scammers in Russia began to send victims fake photographs of documents of law enforcement officers or Bank of Russia employees. Moreover, this method of deception is rapidly gaining popularity.

As Vedomosti writes with reference to Fyodor Muzalevsky, director of the technical department of RTM Group, dozens of such incidents have already been recorded in the second half of 2021, but in reality the bill can go to thousands. According to him, by the beginning of November 2021, out of the total number of fraudulent calls, cases with the provision of photos of fake certificates occupy no more than 5%, but the prospect of growth is high.

The use of fake documents helps to position the victim with the fraudster, which is why attackers can request much larger amounts. Muzalevsky says that usually in such conversations, fraudsters appear to be law enforcement officers and say that illegal actions are carried out against the client or a fraudulent loan is issued, so it is in the interests of the victim to cooperate with the investigation and transfer all the money to a secure account. "

The Bank of Russia is aware of this fraud scheme, a representative of the regulator told the newspaper, without specifying whether the Central Bank recorded an increase in the number of cases using photos of forged documents; he also recalled that the Bank of Russia, on its own initiative, does not send letters to citizens, does not call or send messages.

The total number of fraudulent calls using the "call from the Ministry of Internal Affairs" has not changed, the ratio between calls without forged documents and with them has changed - the latter are really becoming more and more, said Alexander Kalinin, head of the Group-IB monitoring and response center.^[16]

Beeline subscriber accidentally found out that 1.7 thousand corporate numbers were registered to it

A TAdviser resident who faced Moscow Ekaterina Litvinova fraud when registering cell numbers for her turned to the editorial office. personal data According to the citizen, it follows that she saw in her personal account on (EPGU Unified Portal state and Municipal Services, "Goservugi") 1732 information messages about the provision of the service "Activation of Corporate Card SIM." Read more here. [1]

Deputy Chairman of Sberbank called Dnipro the capital of telephone fraud

The deputy Sberbank Stanislav Kuznetsov Ukrainian chairman of the board called the city of Dnipro the capital of telephone fraud, about 150 were organized there. call centers This became known on October 4, 2021.

According to Kuznetsov, in 2020 there were about 1,000 call centers of intruders in the Dnieper. The Ministry of Internal Affairs and the Central Bank record an increase in the number of calls from the beginning of 2021, but fraudsters "flowed" from Sberbank customers to other banks, he said.

"In 2021, the trend is a call from a police officer, from the prosecutor's office, from the Investigative Committee, and so on," said Stanislav Kuznetsov.

According to the Ministry of Internal Affairs, for 9 months of 2021, the number of such cases increased by 15% compared to 2020, and according to the Bank of Russia - by 30%.

In Sberbank, according to him, since the beginning of the year, a reduction in the number of attacks on bank customers has been recorded by about half. According to Kuznetsov, telephone scammers "flowed" from Sberbank customers to customers of other credit institutions.

50% of citizens do not take the phone at all for various reasons and do not answer such calls, but fraudsters still manage to talk with 1% of citizens, "Kuznetsov added.

According to Sberbank estimates, telephone scammers steal 3.5-5 billion rubles from Russian bank accounts every month. ^[17].

Sberbank: Telephone scammers steal 3.5-5 billion rubles from Russian accounts every month

According to Sberbank, fraudsters steal more than 3.5-5 billion rubles from the accounts of Russians every month. Stanislav Kuznetsov, deputy chairman of the board of the largest credit institution in the Russian Federation, announced this in June 2021.

According to him, the average check for a successful fraudulent operation is about 8 thousand rubles. One fraudulent call center accounts for from 3 to 7 thousand calls per day, while in half of the cases swindlers do not call - 1% of calls work, Kuznetsov told RIA Novosti.

He clarified that fraudsters receive information about Russians through the shadow personal data market. He said that when studying the shadow market, the bank found 12 trading platforms for the sale of information from financial organizations, cellular operators and payment systems, nine of which can be used to purchase bank card data.

Most often, information from compromised databases of external services - delivery of goods, government agencies, online stores - is available, - said Kuznetsov.

The deputy chairman of the board of Sberbank said that by June 2021, fraudsters had become more "patient," as they could not convince people to transfer money for one call due to the increased level of cyber literacy of citizens and technical means of protection. In this regard, a new type of fraud has appeared. An attacker under the guise of a recruiter offers to employ a highly paid job, communicates with a client for several days, can arrange a video conference for an interview.

In May 2021, Kuznetsov said that telephone fraud can be defeated by the end of the year, if the necessary measures are taken at the level of telecom operators. According to him, this will reduce the number of fraudulent phone calls by about 70-80%.^[18]

In Moscow, fraudsters draw up loans using biometrics

In Moscow, multiple cases of using customer votes by scammers to issue loans or other financial products have been recorded. This became known on April 10, 2021.

According to the, TASS Information Agency of Russia referring to Moscow law enforcement officers, fraudsters initially call customers banks and ask questions requiring a monosyllabic "yes" or "no." Having received the necessary answers, they are used to issue loans for their victims, using these "loopholes" -. biometric data

Knowing that some banks provide a loan service using biometric data, attackers make calls to bank customers who already have a voice recognition service connected and ask questions that only yes or no answers are required. The conversation is recorded, and after the answers are used by fraudsters to issue loans for their victims, - TASS quotes a police statement.

Victims learn about the design of loans when money is debited from their card.

The police advise Muscovites to be vigilant in case of suspicious calls, not to transfer their card data to anyone and never, and in case of calls offering biometric data collection, answer that you yourself will come to the bank branch. To save your savings, you should use several types of protection, for example, a codeword or confirmation through a contact center. It will be even more reliable to set a limit on withdrawing money. As soon as notifications about the withdrawal of funds come, you need to immediately block the card^[19].

Scheme involving swindlers who, under the guise of police officers, investigate data breaches

In March 2021, it became known about a new telephone fraud scheme. Swindlers call, posing as police officers, and tell a potential victim that someone tried to withdraw their money from the bank by proxy. After that, the attackers lure information out - allegedly to investigate the data leak.

In the case of the RIA Novosti correspondent, they tried to assure him that the attackers allegedly wanted to steal money from his bank account using a "notarized power of attorney." At the same time, theft of funds was allegedly avoided thanks to the vigilance of a bank employee, but now it is necessary to find out how the data leak occurred. In order to get on the trail of "those who have issued a power of attorney," fraudsters are asked to tell by phone about which banks a person is served in, assuring that an audit will be launched in these credit institutions.

Police officers never ask for information on which banks you are served in, and so on. They request all the information from the bank directly, - said in an interview with the agency in a credit institution.

As the head of the ONF project "For the Rights of Borrowers" Yevgeny Lazareva noted, the legend with calls from scammers under the guise of police officers investigating data leaks has recently become especially widespread, although schemes using "law enforcement officers" have been met before.

Further development of events with such a call depends only on the imagination and diligence of the fraudsters, the expert noted. Having retrieved information about accounts and cards, attackers use them to steal funds and issue fake loans, and also replenish numerous databases that are sold for a lot of money on the darknet, Lazareva explained. According to her, such false policemen are asked to give explanations and disclose information by phone.^[20]

Central Bank of the Russian Federation: Telephone swindlers began to be represented by police officers

On January 22, 2021, the Central Bank of the Russian Federation warned of a new type of telephone fraud: swindlers are introduced by officers of the Ministry of Internal Affairs and other law enforcement agencies and report the initiation of criminal cases against bank clients.

Thus, as the regulator said, attackers are trying to obtain personal data, payment card data, information about transactions made on the card, and so on from clients of credit institutions. This information is used by scammers to steal money from citizens' accounts.

The Central Bank informed banks that such a telephone fraud scenario is being used more and more often, asked to take it into account and warn customers about the risks of disclosing personal data and payment card data.

The regulator stressed that it does not submit applications to law enforcement agencies regarding transactions without the consent of clients of credit institutions. If during a telephone conversation a stranger refers to a criminal process initiated by the Bank of Russia, this is an attacker, the Central Bank warned.

The press service of the Ministry of Internal Affairs explained that in the event of a criminal case against a citizen, a summons is officially sent to the mailing address at his place of residence to call the police department to the investigator or interrogator. The summons can be sent both within the framework of the initiated criminal case, and within the framework of a pre-investigation check, other procedural actions. In the case of a call on behalf of the police, the ministry recommends that he find out the number of the unit where the alleged employee serves, and call the duty station to clarify whether he works for them.

According to a study conducted by the Bank of Russia, almost every second Russian has faced fraud. At the same time, among companies, the indicator is less - about a third of respondents dealt with cybercriminals.^[21]

2020

Theft of 150 billion rubles from Russians by phone and via the Internet

In 2020, scammers stole 150 billion rubles from Russians by phone and over the Internet. This is evidenced by the calculations of BrandMonitor, based on data from the All-Russian Center for the Study of Public Opinion (VTsIOM).

As Kommersant writes with reference to a BrandMonitor study, the following fraud schemes were the most profitable for swindlers:

•  Scammers received 66 billion rubles, posing by phone as representatives of financial organizations and withdrawing money through ATMs;
• 46.5 billion rubles earned on fictitious medical services;
• 18.6 billion rubles were brought to the attackers by phishing sites and non-existent online stores. 

The average damage to citizens from telephone fraudsters in 2020 varies from 27 thousand to 50 thousand rubles, depending on the context of the call. In particular, the victim of swindlers, who appear to be employees of medical institutions, on average loses more than 50 thousand rubles, while calls allegedly on behalf of banks cost Russians 27 thousand rubles.

As the source of the publication noted, the amount of fraudsters' earnings can be called "cosmic," since they are twice the amount of net profit that  VTB (one of the largest banks in the country) plans to earn by the end of 2020 - 70-75 billion rubles.

It is noted that in 2020, banks and the Central Bank of the Russian Federation have repeatedly increased the blocking of fraudulent telephone numbers, or attempts to steal from the accounts and cards of Russians. Fraudsters intensified during the pandemic, when residents of the country stayed at home, often made purchases via the Internet, or turned to doctors for treatment, tests or examinations.

In 2020, two trends that strengthen each other met: the annual significant increase in fraud and the transition of the population to remote work, which increases the importance of communication tools and the loyalty of people to incoming unfamiliar calls, believes Alexei Malnev, head of the Jet CSIRT Incident Monitoring and Response Center for Jet Infosystems.

In the first 6 months of 2020, the Central Bank blocked about 10 thousand telephone numbers of intruders, the Kommersant newspaper writes. The indicator has grown 4 times compared to 2019. Experts expected another wave of fraud on the eve of the New Year, the newspaper notes.^[22]

Named the most popular regions among telephone scammers

On December 29, 2020, it became known that Moscow and the region topped the list of the most popular regions among telephone scammers. This conclusion follows from a study by BI.Zone (Secure Information Zone, Bison), a subsidiary of Sberbank, which Interfax got acquainted with.

In just a year, fraudsters made about 15 million calls, and Sberbank received more than 3.4 million complaints about them. For comparison: in 2019, only 2.5 million complaints were recorded.

The capital region accounts for 28.8% of all calls. Next come: St. Petersburg and the Leningrad Region (8.7%), Krasnodar Territory (3.4%), Sverdlovsk Region (3.1%), Rostov Region (2.4%), Samara Region (2.3%). Among the goals of fraudsters are also residents of the Chelyabinsk, Nizhny Novgorod and Novosibirsk regions (2% each), Tatarstan and Bashkiria (1.9% each), as well as the Krasnoyarsk Territory (1.5%). The company's experts associate the popularity of Moscow and St. Petersburg among fraudsters with the population and its solvency in these cities.

The largest number of unwanted calls is in the daytime (14:00) and evening (from 16:00 to 20:00). The least calls are from 2pm to 3.10pm, when presumably "scammers leave for lunch."^[23]

A type of fraud using voice fake technology has appeared in the Russian Federation

In Russia, the type of fraud using social engineering and voice tampering technology is gaining momentum. This became known on December 28, 2020. This trend was reported in information security companies. Among the scammers when using social engineering were calls allegedly from law enforcement agencies.

A " bank security officer" tells the caller he is working closely with police and warns of a call from authorities soon. The call does occur, but from a replacement number (it is defined as real). Allegedly, the police act according to the old scheme: they request data cards, CVV and codes from. SMS Such fraud was recorded in, Norilsk the head of the information security department told the publication "" with SearchInform Aleksei Drozd reference to the data MINISTRY OF INTERNAL AFFAIRS region.

Another case, according to him, was recorded in Ugra. An unknown person called the woman and introduced himself as a security officer of a large bank. The applicant immediately realized that they were trying to deceive her, and stopped talking with the attackers. After that, the scammers called the Ugra woman again from the dummy number of the duty unit of the Russian MIA Administration for the Khanty-Mansi Autonomous Okrug-Ugra and introduced themselves as police officers. They reported that they were developing scammers who called her and asked her to follow the instructions of the scammers so as not to disrupt the operation. The resident agreed to assist law enforcement agencies, as a result, the criminals gained access to the victim's personal account and stole about 150 thousand rubles^[24].

Kaspersky Lab: the share of spam from unknown numbers was 63%

Kaspersky Lab on December 3, 2020 presented reltates for analyzing the most common telephone and online fraud schemes in 2020. According to statistics from Kaspersky Who Calls, in Russia in 2020, among all incoming from unknown numbers, the share of spam was 63%, and the share of calls with suspected fraud was 5.9%. Read more here.

The Ministry of Digital Development proposes to oblige telecom operators to block fraudsters' numbers

On November 16, 2020, it became known about the proposal of the Ministry of Digital Development to oblige operators to establish systems for countering fraud (fraud) using telephone numbers and establishing a source of traffic.

As Kommersant writes with reference to the corresponding bill, the Ministry of Digital Development proposes to block numbers, from which spam calls or calls are made using replacement numbers. Such numbers, according to the text of the document, will be blocked after complaints from subscribers and preliminary verification of them.

By frode on communication networks, Ministry of Digital Development recommends understanding traffic in which a subscriber is called through a replacement number, having received unauthorized access to operator equipment or special equipment and software. This, in turn, leads to a violation of the security of the network and the rights of third parties, the newspaper notes. It is proposed to consider as telephone spam messages or calls whose purpose is to distribute ads without the consent of the subscriber.

""has already supported the Rostelecom measures proposed by the Ministry of Digital Development, calling them effective. The company noted that the costs will be insignificant, since large telecom operators are already using such systems. "" VimpelCom confirmed that they also use similar systems. MTS They added that the bill requires "detailed study," and in "" MegaFon they reported that they were studying the proposals received.

The general director of the consulting company Orderkom Dmitry Galushko, in turn, in a conversation with Kommersant noted that the installation of additional equipment will lead to the costs of operators. According to him, the fight against fraud is the task of the state, which is carried out at the expense of taxpayers.

The publication says that in July-September 2020, the Central Bank transmitted information to operators about 9.6 thousand numbers identified on suspicion of committing fraud. Of these, only 66 are blocked.^[25]

"Jet infosystems": telephone scammers have changed the way they enter into trust in the victim

On November 12, 2020, the company ITJet Infosystems"" announced that it had recorded a change in the deception schemes used by telephone fraudsters in the creditfinancial field. Now, when calling from a phone number bank , the attackers offer the victim to come to the nearest branch of the financial organization and try to convince her that the main fraudsters are bank employees.

The attack begins standard: the victim is called under the guise of bank employees and asked to confirm an attempt to transfer money by card or purchase on a well-known online resource. After that, fraudsters use an unexpected proposal to proceed to the nearest branch of the bank and clarify how long a person will need on the road. Halfway through, it turns out that employees of the branch to which the victim is sent are suspected of committing a dubious operation, so she is convinced to immediately transfer money from the card to a secure account through a mobile bank. The victim is dictated a phone number or card linked to an account in another bank, explaining this by transferring through an insurance agent. If the operation is blocked, the person is warned that the very unreliable employees will call him, and for protection they offer a script of the "correct" answers that are actually needed to unlock the operation.

Another important innovation of the attack is the attempts of attackers "in between" to find out from the victim information about the latest transactions on the card or in the Internet bank. The danger here lies in the fact that this information can be used by the bank as one of the ways to verify customers. The presence of data on the victim's latest operations and phone number allows attackers to call the bank's call center on her behalf and attempt to change the login and password from their personal account to gain full access to the RBS.

Attackers regularly adapt the scripts used, and this example proves this once again. The offer to come to the bank's office significantly increases the confidence in callers, because no one expects this from fraudsters. This effect is enhanced by a good imitation of the work of the bank's call center due to the participation in the conversation of several people at once, posing as specialists of different levels and owning the corresponding communication scripts. In addition, scammers come up with any ways to stay in touch with the victim and prevent her from hanging up. Therefore, the simplest and, perhaps, effective recommendation comes down to stopping the conversation as early as possible and calling the bank back at the official number, - comments Alexey Sizov, head of the anti-fraud department of the Center for Applied Security Systems of Jet Infosystems.

According to statistics, in the first half of 2020, at the initiative of the Central Bank, over 9.7 thousand fraudulent telephone numbers were blocked, which is almost four times more than in the same period in 2019. In about 80% of cases, attackers used phone number substitution technologies and introduced themselves as employees of a financial institution.

Robots began calling Russians from fraudulent call centers

At the end of October 2020, it became known about the use of robots in fraudulent call centers in Russia. First, potential victims are called automatically, and a person connects at the next stage, when the most distrustful clients are weeded out.

The robot says: "Your card in this bank is blocked, call us back at this number." Allegedly, the bank's security officers answer the victim when calling back, "Qrator Labs technical director Artem Gavrichenkov told Kommersant.

According to him, by the end of October 2020, swindlers make hundreds of calls a day using robots. This method of fraud is really experiencing a wave of popularity, confirmed to the newspaper the head of the analytical department of Infosecurity a Softline Company Darya Koshkina.

Fraudsters also use fake service numbers, IP-telephony mass mailings SMS and messages in instant messengers on behalf of the bank, said the deputy head of the company's computer forensics laboratory. Group-IB Sergey Nikitin Customers are warned about the "problem" by the answering machine, with the help of it a living person contacts the victims, Nikitin said.

The head of the information security department of "SearchInform" Aleksei Drozd noted that the scheme uses the technique of "reverse social engineering": gullible victims call back the attackers themselves, so they do not have to prove anything. If the victim believes the robot and calls the "support service," the chance of success is higher than with a regular call, the expert adds. The level of initial trust in such calls among people is higher and because they are not yet accustomed to the fact that attackers can use car calls, says Andrei Zaikin, head of Information Security at CROC.^[26]

Almost half of all fraudulent call centers are housed in prisons

Almost half of all fraudulent call centers are in prison. The total income of attackers reaches more than 75 million rubles a month. This became known on September 29, 2020.

It is not individual attackers who call customers, but employees of professional "contact centers." 40-50% of them are in prison. We record that fraudsters are in almost every third institution of the penitentiary service in, Russia- said the Newsdeputy chairman of the board in an interview with the newspaper "." Sberbank Stanislav Kuznetsov

According to Kuznetsov, one call center consisting of 50 "employees" can make about 20 thousand calls a week. A potential victim picks up the phone in half of the cases. 70% of people refuse to talk to scammers.

As for the fight against call centers in prisons, according to Kuznetsov, the State Duma in the first reading adopted a bill introducing a procedure for blocking cellular communications in prisons. It is assumed that the cellular operator will disconnect the communication at the request of the head of the territorial body of the Federal Penitentiary FSIN.

The deputy chairman of the bank's board also noted that in 2020 the number of requests from Sberbank customers regarding telephone fraud doubled compared to 2019. Bank employees recorded about 2.9 million customer complaints about attempts to^[27] of^[28].

Cheating through creating celebrity friend lookalike WhatsApp profiles

On September 18, 2020, it became known about a new method of fraud through WhatsApp in Russia. Scammers create double profiles of celebrity friends and deceive. Read more here.

In Moscow, up to 60% of telephone fraud is committed from the territory of Ukraine

The number of remote crimes (committed using the Internet and phones) that occurred in Moscow has increased by 120% since the beginning of this year. This was announced in August 2020 by the deputy head of the 6th department of the criminal investigation department of the Main Directorate of the Ministry of Internal Affairs in Moscow, Sergei Klindukhov.

"For seven months of this year, more than 25 thousand crimes committed remotely have already been committed. The dynamics of the increase is 120% compared to last year, "he said, speaking at the Public Chamber of Moscow.

"From our unspoken statistics it follows that 50 − 60% of calls come from Ukraine, that is, the call center is located in Ukraine. We establish them promptly, but we cannot bring them to criminal responsibility, "he explained.

According to him, the most unprotected segments of the population who are subject to the influence of fraudsters are pensioners. "Our proposals are prevention: distribution of some videos at stops, in bank branches, distribution of leaflets, articles through the media. Just preventive measures, "concluded Klindukhov.

Telephone fraud accounts for more than 90% of all clashes with attackers "masked" bank workers

According to a Kaspersky Lab survey, on average, the amount of damage from the actions of fraudsters posing as employees of banking organizations is five thousand rubles. This was reported on August 11, 2020 in Raiffeisen Bank.

According to the survey, in the first half of 2020, more than half of Russians (58%) encountered attackers acting on behalf of banks at least once. In the overwhelming majority of cases (more than 90%) we are talking about telephone fraud, and calls are received mainly during working hours - from Monday to Thursday, from 11 to 18 hours.

Attackers are seriously preparing for such calls and are actively using social engineering methods. So, in 42% of cases, they completely called the correct name, surname and patronymic of the one to whom they called. The most common legends were the need to confirm the data (72%), the message about blocking the card (58%) and the loan offer (57%).

In almost half of the cases (46%), attackers tried to get a code from SMS or card data, and in every fifth case (21%), they convinced them to transfer the money allegedly to a secure account.

"The volume of telephone fraud continues to grow, but unfortunately, many people still do not know how to recognize intruders and lose money as a result of the simplest schemes. We remind you that a real employee of a financial organization will never object to the completion of the conversation, but the fraudster, on the contrary, will make every effort and resort to various psychological tricks so that the one to whom he calls does not hang up. Therefore, in any case, it is better to end the conversation and call back to the official number of the bank, "recalled Sergey Golovanov, a leading expert at Kaspersky Lab.

The growing interest of fraudsters in a scheme based on the confidence of citizens in well-known banking analysts on the market was recorded by Raiffeisen Bank experts in the first half of 2020. The names of Denis Poryvay and Stanislav Murashov enjoy the greatest attention from fraudsters. Swindlers call bank customers on their behalf, offering "investment ideas," schemes for their implementation and details for transferring funds to an account. Immediately after the transaction, the "analyst" disappears, respectively, customers lose money, and real analysts receive reputational damage.

"Banking analysts never initiate contact with individuals, do not offer them investment ideas, do not discuss the details of their implementation, do not ask for personal information, including financial information, and do not offer any financial transactions. For any call from such an "analyst," we recommend that you hang up and call the bank directly at the number indicated on the back of the card. It is also worth contacting the bank when receiving a letter of this content, "said Pavel Nagin, head of the monitoring and prevention of cyber attacks at Raiffeisen Bank information security department.

Sites determine the numbers of Russians without their knowledge. A new phone spam epidemic begins

On February 17, 2020, it became known about the growing new wave of telephone spam in Russia. It is associated with the development of technology for determining the number of users visiting sites from mobile devices.

According to Izvestia, some companies offer entrepreneurs installation services on the website of a special program code that allows calculating the phone number of Internet users. Often, trap sites are linked from social networks.

The first to attack the residents of Russia were real estate companies that call people with the offer of their services. According to the publication, calls follow an hour and a half after visiting the site.

The head of the analytical center Zecurion Vladimir Ulyanov said that using the technology of fixing the number of a visitor to the site, you can increase the client base by 300%. At the same time, it is impossible to communicate with representatives of companies providing such services - calls come from virtual PBX numbers, which cannot be called back.

As Alexander Bagov, senior pentester of the audit department of Digital Securities, explained to the newspaper, it is  technically easy to find out the number of those who log in from mobile devices. A special code is installed on the site that allows you to determine the phone number and affect the consumer not through contextual advertising, but through direct communication.

It is noted that the use of such technology can violate two laws - "On personal data" and "On advertising." Experts also say that due to the fact that Russian users do not complain to the FAS and Roskomnadzor about violations of their rights, illegal practice continues to spread. Unauthorized collection and use of personal data entails a fine of up to 75 thousand rubles.^[29]

2019

Attackers prefer the phone to all other communication channels

The share of social engineering in the total number of embezzlement of funds from the accounts of individuals in Russia in 2019 increased by 10 percentage points, to 90%, according to a study by a subsidiary of Sberbank - BI.Zone (Safe Information Zone, Bison). This became known on June 19, 2020.

Attackers continue to exploit human credulity. In terms of theft, the share of social engineering in 2019 increased by 10 percentage points and now accounts for 90% of all types of fraud. At the same time, the share of malware decreased from 9% to 3%, "the study says.

Stanislav Kuznetsov, deputy chairman of the board of Sberbank, spoke about the share of social engineering in 90% of thefts from the accounts of individuals in July 2018.

The scale of the activity of attackers in this direction is impressive: the organizers of such criminal groups are recruiting entire call centers. They hire people full-time with the sole task of tricking bank clients into stealing money from them, Bi.zone experts point out.

They also note that attackers prefer the phone to all other communication channels: in 2019, the share of calls was 90%. The number of fraudulent SMS, according to the company, decreased in 2019 to 5% from 33% a year earlier.

Previously, the main tools for stealing money were fake bank cards and sms-banking. In 2019, the situation changed: fraud using mobile applications came first. Such operations were 50% of the total, the study said.

It showed that cyber theft using bank cards accounts for 30% of the total number of fraudulent transactions. At the same time, sms-banking has sharply lost popularity among cybercriminals, it now accounts for 12% of thefts^[30].

Tinkoff: The average check for card loss/theft has decreased almost 2 times in 2 years - to 9,800 rubles

On March 10, 2020, Tinkoff informed TAdviser about a large-scale study of fraud in the Russian banking sector. The average amount for all fraud attempts is about 14,000 rubles. At the same time, the average check of successful fraud per client (may include several operations) at the end of 2019 amounted to 9,300 rubles. Over the year, this amount decreased by 13%.

Machine learning technologies helped to reduce the average check for card loss/theft in two years by almost half - up to 9,800 rubles.

Customers lose the most money when they provide card data and SMS codes - about 27,700 rubles.

In 42% of cases when fraudsters try to lure SMS codes and card data from customers, they are presented by the security service of third-party banks. Read more here.

Prisoners in the Ryazan colony earn tens of millions of rubles on telephone fraud

On December 24, 2019, the 13th series of the documentary film "Chronicles of the Gulag of the 21st Century" was published on the Gulagu.net YouTube channel, from which it became known that prisoners in the Ryazan colony earn tens of millions of rubles from telephone fraud.

The founder of the Gulagu.net project and the author of the film, Vladimir Osechkin, sent a statement indicating signs of crimes in the correctional institution to the head, Investigative Committee of Russia Alexandra Bastrykina prosecutor general, Yury Chaika first deputy director FSB Russia Sergei Korolev and Minister of Justice of the Russian Federation. Alexander Konovalov

The authors of the investigation claim that an organized criminal community (OPS) was formed from among the criminals serving sentences, as well as current employees of the IK-3 and UFSIN in the Ryazan region. The video presents fragments of correspondence and telephone conversations of members of the OPS.

According to Vladimir Osechkin, members of the OPS managed many accounts and bank cards directly from the PKU IK-3 the Federal Penitentiary Service of Russia in the Ryazan Region from 2016 to 2019 through mobile banking using access to the Internet to and account management in several. banks

In his letter, Vladimir Osechkin points out the embezzlement of 20 million rubles of the Federal Penitentiary Service IK-3 the Federal Penitentiary Service of Russia in the Ryazan Region. In a conversation with MBH Media, the founder of the Gulagu.net project said that prisoners, with the approval of the administration, extorted more than 50 million rubles a year by phone. Men on the phone and the Internet rubbed themselves into the trust of wealthy women from Moscow and deceived them to transfer money to their accounts, which they then cashed. According to Osechkin, the colony employees provided prisoners with round-the-clock access to mobile communications, the Internet and drugs for bribes.^[31]

Beeline city numbers are the most popular among scammers

Bank scammers in 60% of cases call from city numbers. Beeline

2.5 million complaints about phone fraud in a year

Social engineering has supplanted all other types of cyber fraud in recent years. Sberbank In 2019 alone, 2.5 million complaints about telephone fraud were received - calls under the guise of the bank's security service. Compared to 2017, the growth was 15 times, and many cases are simply unknown, since customers did not report them to the bank. Fraudsters have already acquired personal consultants who analyze the methods of counter-response of banks. In 2019, Sberbank calculated the number of unique numbers from which attackers call - there were 170 thousand of them.

Calls under the guise of labor inspectors

In mid-November 2019, Rostrud warned of a new form of phone fraud. Attackers call companies, impersonate labor inspectors and offer to buy literature to avoid the negative consequences of unscheduled inspections. Also, fraudsters offer paid services for preparing for allegedly preparing control and supervisory measures.

Callers are presented by employees of the state labor inspectorate and report that work is underway against the employer, during which unscheduled inspections are planned, the press service of Rostrud reports.

Such fraudulent actions were recorded in Moscow, Stavropol, Perm, Krasnodar Territories, Khanty-Mansi Autonomous Okrug, Komi Republic, Penza, Kirov, Volgograd, Samara, Saratov, Ulyanovsk, Vladimir, Voronezh, Kostroma, Oryol, Bryansk, Tver, Smolensk, Kursk, Ryazan, Murmansk, Lipetsk, Astrakhan regions - in total 24 regions.

In connection with the increasing cases of fraud, Rostrud sent a letter to the Ministry of Internal Affairs with a request to take response measures. The department also recalls that Rostrud and the state labor inspectorate, in principle, do not provide paid services. Any information can be obtained free of charge on the official information resource Онлайнинспекция.рф or in the regional labor inspectorate.

The service also urged employers to be vigilant and report similar cases of fraud to law enforcement agencies.

The department also has a service "Duty Inspector," which allows you to ask a question on labor law and receive an answer within three working days.

As noted in the company Group IB, vishing is especially popular among attackers - a type of telephone fraud, when, during a telephone conversation, criminals disguised as bank security officers, prosecutors, the pension fund, the tax service or medical institutions are trying to deceive victims of their bank card data or force them to transfer money to the desired account or phone number for some non-existent service, tax, win.^[32]

Central Bank: the number of fraudulent calls with the substitution of bank numbers is growing sharply

On September 27, 2019, it became known about the frequency of fraudulent calls in Russia with the substitution of the bank number. According to the Central Bank, in June-August alone, fraudsters managed to replace about 200 bank numbers.

According to Kommersant, in the summer of 2019, the Central Bank sent information to telecom operators about more than 2.5 thousand numbers from which calls to Russian customers were received. At the request of the financial regulator, operators in 218 cases blocked the number, in 59 - imposed restrictions on the use of financial services, and in 198 - found a substitution of the bank number. However, in more than two thousand cases, no measures were taken due to the lack of legal grounds.

The share of calls with bank number substitution by mid-summer reached 35% of the total number of fraudulent calls, said Ilya Suloev, deputy director of the Otkritie information security department |. Rosbank faced a wave of calls from scammers in early July. Alfa-Bank also recorded the substitution of the number.

A new surge in fraudulent calls was recorded in September 2019, Artem Sychev, First Deputy Head of the Information Security Department of the Bank of Russia, told the publication. According to him, legislative amendments will also be required to implement technical protection measures.

Many of the Central Bank's appeals received in the summer were "technically incorrect," a representative of VimpelCom explained to the publication. According to him, sometimes the lists provided for blocking numbers indicated those that banks use for outgoing calls to customers. Blocking such numbers would lead to the fact that banks could not get through to customers, the operator noted.

The statistics of the Central Bank reflect only a small part of the problem, Vlad Wolfson, commercial director of MegaFon, told the publication.^[33]

Notes