Main article: Crime in Russia
Social engineering
Main article: Social engineering
To deceive their victims, telephone scammers use social engineering techniques.
Vishing (voice phishing, voice phishing)
Bank card fraud
Victims of phone scammers
Main article: Victims of phone scammers
Fighting phone fraud
Main article: Fighting phone fraud
2024
A new telephone fraud scheme in Russia: a victim is persuaded by SMS to independently call attackers
In October 2024, Beeline announced the identification of a new telephone fraud scheme in Russia. Attackers send SMS messages in which they convince potential victims to independently call the indicated numbers, allegedly to solve problems with the account on the Public services portal.
Beeline's director of fraud management, Pyotr Alferov, said in October 2024 that customer complaints about receiving suspicious SMS have recently become more frequent. The messages talk about an attempt to log into the Public services account and the need to change the password, for which it is proposed to call the specified number.
The operator, together with partners, is working on restructuring anti-fraud processes to block outgoing customer calls to fraudulent numbers. This measure aims to prevent a new scheme of deception.[1]
Telephone scammers in Russia make 20 million calls every day
In October 2024, it became known about the unprecedented scale of telephone fraud in Russia. According to the country's largest bank, attackers make up to 20 million calls every day to deceive citizens and steal their funds.
According to RT, citing information from Sberbank, about 400 call centers operating from the territory of Ukraine are involved in extortion schemes. Specialists of these centers own psychological techniques and professionally deceive their victims for large sums.
According to statistics from the Central Bank of Russia, in the first half of 2024, fraudsters managed to steal ₽8,9 billion from Russians. For the entire 2023, this amount amounted to ₽15,8 billion. In total, about 1.2 million operations were registered in 2023 without the consent of customers.
Interior Minister Vladimir Kolokoltsev at a meeting dedicated to countering IT crime said that 500 thousand people became victims of fraudsters, of which every fourth is a pensioner.
Fraudulent schemes are constantly getting more complicated. Criminals often act as part of a group and process the victim in several stages. Key techniques include intimidation and unauthorized access to a personal account. Attackers are increasingly presented by law enforcement officers and threaten problems with the law.
Fraudsters need help on the ground to implement their schemes. They recruit couriers and IT specialists through instant messengers. Couriers are used to receive cash from victims, and IT specialists provide technical support, in particular, the receipt or generation of Russian mobile numbers.
On September 11, 2024, the Ministry of Internal Affairs of Russia conducted a major operation, during which 26 members of an international fraudulent group were detained in 13 regions of the country. About 40 units of specialized network equipment were seized from the criminals and more than 8 thousand numbers used for fraudulent schemes were identified.[2]
Telephone scammers stole ₽5 million from the famous artist Alexander Yulikov, using deepfake and the theme of neo-Nazism
In early October 2024, it became known that telephone scammers stole more than ₽5 million from the famous artist Alexander Yulikov using deepfake technology and the theme of neo-Nazism. The incident occurred in September 2024. Read more here
They call up via video link and ask to show the phone screen. A scheme of fraud with ad sites has appeared in Russia
A new scheme of fraud using video links and screen demonstrations began to spread in Russia, which was reported by cybersecurity experts in September 2024. Attackers actively use ad sites, contacting sellers under the guise of buyers, offering a video call to check the product. During the conversation, scammers are asked to show the phone screen, which allows them to see the banking confirmation codes and gain access to the victim's financial applications.
According to Izvestia, one of these schemes was recorded in Moscow, as a result of which the victim lost ₽14,5 thousand. A woman selling a sofa over the Internet agreed to a video call with the alleged buyer, who allegedly transferred money for the goods. When no SMS was received confirming the transfer, the buyer offered to turn on the display of the phone screen for verification. At the time of displaying the confirmation code on the screen, the attacker managed to carry out a debiting operation. As a result, the seller lost his money. Law enforcement agencies have launched an investigation.
In the
Such schemes are often built on social engineering, where scammers use a variety of psychological tricks to gain access to personal information. According to Kaya Mikhailov, head of information security at iTPROTECT, such cases are happening more and more often. Criminals, under various pretexts, persuade users to turn on the display of the screen in order to gain access to banking applications and personal data.
Experts warn that fraudsters can use the codes obtained in this way to change the phone number associated with the bank account and withdraw funds. As explained in the company iTPROTECT, such attacks can become especially dangerous if the victim does not have time to interrupt the operation in time. After receiving the code, fraudsters can change the settings of the banking application and steal money from the account.[3]
Telephone scammers began to deceive Russians participating in court cases
In Russia, a new fraud scheme has been recorded aimed at participants in court proceedings. This was announced in mid-September 2024 by the joint press service of the courts of the Volgograd region. Criminals call citizens, posing as assistant judges, and try to lure personal data from them under the pretext of sending documents to familiarize themselves with the case materials through the "state services" portal.
According to RAPSI, the attackers have detailed information about the case: they exactly name the surname, first name, patronymic of the citizen, as well as judges and the case number. During the conversation, fraudsters offer to send the case materials for review, but for this they ask to dictate the digital code that comes to the citizen's mobile phone. After receiving the code, the swindlers instantly interrupt the conversation.
According to representatives of the judicial system, such a fraud scheme is illegal, and no court sends documents through the "state services" portal, and also does not require the provision of personal data or digital codes by phone. Deceived citizens can become victims of theft of their confidential information, which can lead to financial losses and other consequences.
Fraudsters actively use the confidence of Russians in official sources, which makes their criminal actions especially dangerous. The courts urge citizens to be vigilant and not hand over their data or codes to strangers, even if they claim to act on behalf of the judiciary.[4]
Telephone scammers in Russia began to offer discount tariffs for communication
A new fraud scheme has appeared in Russia, in which attackers offer citizens discount tariffs for mobile communications, posing as employees of operators. This was reported in September 2024 by the press service of the Beeline operator, citing a sharp increase in the number of such cases in recent months.
According to RIA Novosti, fraudsters call subscribers, posing as communication employees, and offer to connect "profitable" non-public tariffs, allegedly with significant discounts. Most often, they promise a discount of up to 50%, followed by an automatic tariff extension. However, to confirm the connection, the attackers demand to transfer the money in advance, allegedly for the "guaranteed connection" of the tariff. After the victims transfer money, communication with the "representatives" is terminated, and the promised service is never provided.
 | Recently, cases of fraud related to mobile tariffs have become more frequent. Attackers call subscribers under the guise of telecom operator employees and offer to connect non-public or discount tariffs, the Beeline press service said. |  |
Often, communication with scammers continues through instant messengers such as Telegram, where attackers continue to convince their victims to transfer money. One recent case shows that after a client transferred funds for two months of services, scammers deleted the chat and completely stopped communicating. Such situations cause serious concerns among operators and experts.
Earlier it was reported that the Ministry of Internal Affairs of Russia managed to liquidate a network of fraudulent communication nodes in 13 regions of the country, which allowed criminals to remotely and anonymously contact victims from abroad. Fraudsters have used technological tools such as SIM boxes to hide their real numbers and manipulate gullible citizens.
According to the Ministry of Internal Affairs, the network operated under the guidance of an anonymous curator located outside Russia, who attracted young people to the scheme via the Internet. He gave instructions on how to deceive Russians by posing as representatives of telecom operators or other organizations.[5]
The Ministry of Health of Russia warned about the appearance of a fraudulent scheme with an application for cashback
Russia In recorded another fraudulent scheme. By, to data Ministry of Health telephone scammers offer users to install a "special" application allegedly to receive cashback. This was announced on September 12, 2024 by the press service of a member of the committee on State Duma of the Russian Federation information policy, information technology and communications. Anton Nemkin
| | Now swindlers call and convince to install the "application of the Ministry of Health" if they have recently undergone medical examinations in order to get cashback. After the application is on the phone, fraudsters give the victim a form for entering data and... get access to a bank card, - said the ministry in its Telegram channel. | |
| | For example, a scenario has recently spread in which attackers reported the need to extend the compulsory medical insurance policy. All that needed to be done was to also install an allegedly special application from the ministry, the deputy recalled. | |
| | Pensioners are active users of digital technologies. For example, according to the Beeline study, 75% of respondents in the 56-70 age group have touch gadgets for September 2024, and 87% of older Russians use the Internet, according to the Weber agency. At the same time, digital literacy skills are not developed among everyone, which is very actively used by attackers. Therefore, such schemes of deception, unfortunately, consistently fall into the tops of fraudulent scenarios, "the deputy explained. | |
| | The problem we faced this year - the complication of malicious attacks - is here too. A significant part of the population has already been warned about traditional deception schemes, but a call asking to install the application can corny drive a person into a stupor. Especially if we are talking about the older generation, not all of them know about the danger of installing malicious software, - said the deputy. | |
The consequences of such an installation can be theft of a user's personal savings, collection of personal data and data on a person's activity in other services. In addition, the malware can connect the device to a botnet in order to subsequently use the phone's resources in the background. {{quote 'Advanced phishing applications can record what is happening on the user's screen, including the process of entering data for entering online banking and on "Public services," Nemkin warned. }}
| | You always need to clarify the information yourself. Representatives of the ministry or employees of other organizations never call first. If a person is faced with a similar call, you need to hang up and call the contacts indicated on the official pages of the authorities. According to the results of the second quarter of 2024, attackers stole about 4.8 billion rubles from bank accounts of citizens and companies - a colossal value. But the solution to the problem largely depends on the personal caution of citizens, the deputy emphasized. | |
The Ministry of Internal Affairs liquidated the network of communication nodes with 8 thousand numbers to steal money from Russians from abroad. 26 people detained
On September 11, 2024, it became known that Bureau of Special Technical Measures (BSTM) of the Ministry of Internal Affairs Russia it stopped the activities of an extensive network of communication nodes that were used by fraudsters to steal money from Russians. 26 people were detained who may be involved in illegal activities.
According to the official representative of the Ministry of Internal Affairs of Russia Irina Volk, the operation to eliminate the network of illegal communication nodes was carried out by operatives of the BSTM of the Ministry of Internal Affairs together with investigators of the Investigative Department of the Ministry of Internal Affairs, colleagues from the Chuvash Republic and 12 other regions of the country with the assistance of the FSB of Russia. The network was used by attackers abroad to commit crimes on the territory of the Russian Federation.
It was established that the members of the organized group acted in accordance with the instructions of a certain anonymous curator who was outside Russia. The attacker recruited young people via the Internet and used a contactless method to transfer SIM boxes to them, with the help of which the caller's numbers were changed to Russian. Members of the group were responsible for installing equipment in rented apartments, setting it up and regularly replacing blocked SIM cards. At the same time, in order to hide the attack activities and prevent the detection of SIM boxes, the equipment was transported to another place every few days.
According to the investigation, the group operated on the territory of 13 Russian entities. More than 8 thousand numbers have been identified that were used by participants in the criminal scheme. With their help, at least 100 frauds and other illegal acts were committed. During the searches, the operatives seized 39 units of specialized network equipment, as well as SIM cards, which were used to carry out fraudulent schemes.[6]
Telephone scammers began to deceive Russians who are facing court hearings
In September 2024, it became known about a new telephone fraud scheme aimed at participants in litigation. Fraudsters call citizens awaiting participation in court hearings and present themselves to court officers, accurately naming personal data and information about the upcoming case. The scheme is particularly troubling as criminals use real-world trial data, making their calls extremely compelling.
Fraudsters voice the surname, name and patronymic of a citizen, the date and time of the court session, as well as the details of the case in which the person participates. The callers claim that they sent court notices through the "Unified Portal of State and Municipal Services" and offer to gain access to documents by dictating a digital code sent to the phone. As soon as the victim reports this code, the conversation is immediately interrupted, and attackers gain access to personal information.
The head of the United Press Service of St. Petersburg Courts Daria Lebedeva was one of the first to draw attention to this problem. In a statement, she stressed that any requirements to provide digital codes or passwords to receive court notices are not legal and illegal.
| | We inform you that obtaining court notices or copies of court acts by providing any additional codes or passwords is illegal and does not comply with the current procedural legislation, Lebedeva said. | |
She urged citizens to immediately interrupt conversations with such scammers and not provide their personal data or passwords.
The first cassation court of general jurisdiction also confirmed the increase in the activity of fraudsters aimed at participants in trials. Court representatives drew attention to the fact that court employees never request personal data of citizens by phone and do not use digital codes or passwords for notifications.[7]
6.5 thousand victims and millions of dollars in losses: How an Indian created one of the world's largest fraudulent call centers
On July 31, 2024, the US Department of Justice announced that a court in the Southern District of New York sentenced Indian citizen Vinoth Ponmaran, the creator of one of the world's largest fraudulent call centers, to seven years in prison. Its victims were more than 6,500 people, including the elderly. The damage is estimated at millions of dollars. Read more here
The number of calls of telephone fraudsters to Russia decreased 5 times after a series of attacks on Ukrainian hydroelectric power plants and thermal power plants
In July 2024, it became known that the number of calls from telephone fraudsters to Russia significantly decreased five times after strikes on Ukrainian hydroelectric power plants and thermal power plants, law enforcement officials said.
According to the Telegram channel Mash, this decline became noticeable almost immediately after the power outage in such large cities as the Dnieper. The decrease in the activity of fraudsters is associated with a power outage in significant settlements of Ukraine, where there are traditionally numerous call centers of intruders.
As a result of attacks on energy facilities, such as power plants, call centers were deprived of the opportunity to conduct long-term telephone conversations and use number substitution technologies to deceive people.
Evgenia Lazareva, head of the Popular Front project For the Rights of Borrowers and coordinator of the Moshelovka platform, confirmed a significant reduction in the number of fraudulent calls from the end of September 2023 to July 2024. Lazareva stressed that complaints about telephone spam remain at the same level, but the number of calls from scammers has significantly decreased over this period of time. Evgenia Lazareva explains this trend by the fact that strikes on energy facilities in Ukraine led to the impossibility of operating call centers without electricity and the Internet. In the absence of these resources, attackers cannot effectively conduct the long conversations necessary to successfully carry out fraudulent actions.
In addition, it is noted that the number of complaints about fraudulent calls has decreased not only in large cities, but also in small settlements of Russia. This indicates the large-scale impact of attacks on Ukrainian energy facilities on the activities of fraudsters, making their operations difficult everywhere.
Telephone scammers began to call Russians under the guise of public utilities. Schemes
On July 15, 2024, it became known that a new wave of telephone fraud was recorded in Russia. The attackers began to call citizens, posing as employees of large energy companies such as Mosenergo and Mosenergosbyt.
According to Izvestia, fraudsters use various pretexts to obtain confidential information from victims. Among the most common schemes are the purpose of checking electric meters, recalculating payments and offering discounts on housing and communal services in honor of the anniversary. The ultimate goal of cybercriminals is to get a code from SMS to access your personal account on the Public services portal.
According to a law enforcement source, the first statements about such cases began to arrive at the end of May 2024, and in June 2024, appeals became widespread. In mid-July 2024, dozens of criminal cases were initiated, according to many statements, checks are carried out.
Most of the victims are pensioners from Moscow and the Moscow region. The damage from the actions of fraudsters is estimated at millions of rubles. So, one of the victims lost almost 2 million rubles, and the other victim transferred 19.3 million rubles to the attackers.
Experts note that the scheme using the names of energy sales companies is new. Daria Verestnikova, commercial director of the IT company SafeTech, explained that fraudsters are constantly changing their scenarios, adjusting to the current situation.
Marat Safiulin, a federal expert at the Association for the Development of Financial Literacy, stressed that utilities are a convenient cover for fraudsters, since all residents use their services daily and regularly pay bills.
Mosenergo PJSC reported that the company does not work directly with citizens, and recommended that when receiving suspicious calls, immediately contact law enforcement agencies.[8]
Telephone scammers began to introduce themselves as bailiffs
Fraudsters are now pretending to be employees of the Federal Bailiff Service (FSSP), this was announced on July 2, 2024 by the press service of Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications, citing Izvestia.
Attackers notify citizens about the presence of enforcement proceedings against them and under this pretext steal funds.
By, to data MINISTRY OF INTERNAL AFFAIRS telephone scammers began to use another attack scenario. They inform a potential victim of the initiation of enforcement proceedings and insist on the immediate repayment of existing debt.
The department stressed that bailiffs cannot call the debtor through any communication services, report the presence of debt, and even more so send details for payment.
| | This is due to the fact that such scenarios have become recognizable among the population, and people do not respond to them in the same way as they did a couple of years ago. As a result, fraudsters are forced to use strategies in which more and more new organizations appear: it may be a city polyclinic, MPSC, Russian Post. One thing is important - attackers always seem to be an authoritative and most often state organization. Therefore, it is not so difficult to protect yourself in a sense - it is enough to remember that representatives of state authorities will never call if a citizen has not previously applied for their services. Even if the information reported looks realistic, then the first thing to do is to call the organization on your own. All numbers are on official websites, the deputy advised. | |
| | Scammers are now looking into their victims. For example, a profile on social networks, a place of work. Most of the information, of course, is taken from leaked databases. The key goal is to gain the user's trust by collecting additional information. For example, attackers can attack users who do have debt obligations. Therefore, it is important not only to remember that fraudsters can use different information, but also apply preventive protection measures. First of all, follow the basic rules of digital literacy, which not everyone does. For example, according to NAFI, the share of those who are confident in the ability to independently protect their data decreased from 44% in 2023 to 40% in 2024. I emphasize that data leaks are a consequence not only of the poor security of InformSystems, but also of the same practice of using one password for several services, Nemkin warned. | |
| | For example, according to Kaspersky Lab, in the first quarter of 2024, more than 19 million passwords of Russians from a variety of services were found in databases published on the darknet. Last year's value of the indicator is almost 6 times less, which, of course, is a good help for the implementation of personalized attacks, he stressed. | |
| | It is quick and convenient, it is enough to enter the name and region of residence. The database includes information about all debtors, including those who have delays, the deputy explained. | |
Ministry of Internal Affairs: Almost all IT crimes in the Russian Federation are committed from call centers of Ukraine
More than 90% of IT crimes in Russia are committed from call centers located in Ukraine. This was announced on June 27, 2024 by the director of the legal department of the Ministry of Internal Affairs of Russia, Alexander Avdeiko.
Alexander Avdeiko noted that technologies provided by NATO countries are used to commit crimes. He stressed that this is actually part of the information and sabotage struggle. Avdeiko also said that as part of the fight against cybercrime in 40 regions of Russia, more than 1000 SIM banks, 11 server stations and over 250 thousand were seized. SIM cards.
According to the Ministry of Internal Affairs, the damage from IT crimes in 2023 amounted to 156.5 billion rubles. In recent years, the number of such crimes has increased significantly, and their share in the total number of crimes has increased to 34.8%. Avdeiko added at the end of June 2024 that remote theft and fraud account for more than 70% of all IT crimes.
Interior Minister Vladimir Kolokoltsev said that the total damage from IT crimes for 2023-2024 exceeded 210 billion rubles. He noted that since 2020, the number of crimes using information technology has increased by a third. In 2023, about 500 thousand people suffered from IT fraud, of which a quarter were pensioners.
Avdeiko also noted that previously a significant part of IT crimes were committed from places of imprisonment. However, thanks to legislative measures and the efforts of the FSIN, this problem was significantly reduced.
According to the Ministry of Internal Affairs, there is an increase in the number of cases of illegal access to computer information. If in 2020 their share among all IT crimes did not exceed 1%, by 2024 this is already every eighth crime. The representative of the Ministry of Internal Affairs Irina Volk said that the department is actively improving measures to counter cybercrime, and the staff of special units to combat such crimes has increased fivefold since 2020.[9]
Fraudsters began to intimidate mortgage delinquency
VTB identified a fraud scheme with. The mortgage credits bank announced this on June 17, 2024. Attackers assure that the client has a delay and offer him to resolve the problem. To do this, they are asked to inform data SNILS and the codes from. With SMS this, they information can gain access to their personal account Public services and then to an online bank to steal money or issue loans.
In this scheme, fraudsters call on mobile communications and, on behalf of a bank employee, report an alleged delay in a mortgage loan. If a person has no mortgage, then the call is interrupted. And if there is, then despite objections, attackers continue to convince a potential victim about problems with the bank, which must be solved urgently. Moreover, they argue that there is information about the delay in the Bureau of Credit Histories. Fraudsters are asked to name the SNILS number and the code that goes to SMS. Having received them, fraudsters enter the state portal and personal accounts of online banks, issuing loans and withdrawing money from current accounts. At the same time, fraudsters specifically draw the interlocutor's attention to the fact that they have no right to request personal information, therefore they send a code to SMS for confirmation, which they ask to voice, counting on the imprudence of a potential victim.
| | The scheme deals with mortgage payments, which people usually take very responsibly. The result of interaction with fraudsters may turn out to be sad: in the absence of delays on the loan, a person may also lose his savings or turn out to be a proper bank if a new loan is issued in his name. Therefore, we urge you to carefully study each fraudulent scenario and share this information with loved ones and friends, - said Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department. | |
VTB announced plans to develop and launch a comprehensive program to protect customers from telephone fraudsters. It will allow, with a probability of up to 99%, to identify if the client communicated with cybercriminals before visiting the bank, and warn him in the available channels about the risks of obtaining a loan or withdrawing money. If the client contacted the attackers the day before, the bank will find out about it and transfer the information to the manager in the office to a work computer.
T-Bank revealed a telephone fraud scheme with Russian Post
T-Zashchita revealed a new scheme of telephone fraud with Russian Post. T-Bank (Tinkoff Bank) announced this on June 17, 2024.
The scheme, in which fraudsters are represented by employees of the Russian Post, intensified in early June 2024. During testing of the Frod-Roulette project by prankers Vovan and Lexus at the T-Dvor site, fraudsters often used this scenario: almost 50% of calls were made to such a scheme.
The pretext is new, the purpose of the scheme is the same - to access the user's personal account on Public services or. mobile application bank
Allegedly, the Post Office employees call the client, Russia inform about the delivery of the parcel from abroad, for which you need to pay the customs fee. The client refuses to pay for the package, which he did not order. To refuse the parcel, fraudsters are asked to name the code from (SMS in order to allegedly sign an official refusal in the Post databases). RUSSIAN FEDERATION In fact, this is a code for accessing the bank's mobile application. Next, fraudsters can try to withdraw funds, take credit and perform other actions.
Another variation of the scheme is to obtain an access code to Public services, where fraudsters collect the client's personal data in order to use it later to deceive (for example, to inform that he must take part in the investigation of his bank's fraud, that his money is in danger and must be transferred to a secure account).
As of June 17, 2024, T-Bank employees are studying all options for the scheme using the Frod-Roulette project and have already begun to train the Neuroscience technology to recognize new scenarios and break such calls to subscribers.
In connection with the strengthening of banking anti-fraud technologies, fraudsters are looking for new scenarios to get into trust. The scheme with the alleged bank security service is losing its relevance, since many know about it, however, it is still in the top 3 telephone fraud schemes in terms of the number of complaints.
Swindlers are looking for new ways to reach different audiences. For customers of banks aged, they begin to mention various government agencies in a conversation in order to sound more convincing: earlier they were Public services, after they began to mention the Social Insurance Fund and just last weekend a new scheme was discovered with the Russian Post.
In Khabarovsk, the FSB opened a "farm" of SIM cards for Ukrainian special services
On June 13, 2024, it became known that law enforcement officers detained two residents of Khabarovsk who were holding a "farm" with thousands of SIM cards intended for use by the Security Service of Ukraine (SBU). During the raid, 65 SIM-boxes and about 2 thousand were discovered and seized. SIM cards of various providers of the Russian and foreign segment.
According to RIA Novosti, referring to information received from a source in law enforcement agencies, the equipment was used by the Ukrainian special services, including for "false mining of infrastructure facilities in Russia" in order to destabilize the situation. These SIM cards were used to anonymously register accounts on social networks. Subsequently, through such falsified accounts, false messages were sent to the official pages of law enforcement agencies about the planted explosive devices. In particular, the attackers announced the mining of one of the schools in the Bryansk region.
| | Two local residents [Khabarovsk] are involved in the commercial administration of specialized SIM boxes with SIM cards of Russian and foreign telecom operators connected to them, which were used and used by the Ukrainian special services to destabilize the situation in Russia, the law enforcement agencies said. | |
It is known that subscriber numbers operating in SIM boxes were provided "as virtual identifiers for registration on Internet sites." At the same time, the owners of the farm made a profit for renting equipment. As of mid-June 2024, a criminal case was initiated under the article on causing property damage by deception or abuse of trust committed on a large scale (part 1 of article 165 of the Criminal Code of the Russian Federation).[10]
Russians began to cheat on behalf of Wikipedia
Under the attack of the attackers were premium customers of Russian banks. Thus, scammers present themselves as administrators of Wikipedia and offer the victim to edit his biography posted in the Internet encyclopedia. This was reported to TAdviser on June 3, 2024 by representatives of the press service of the State Duma deputy RFAnton Nemkin, citing the words of the commercial director of SafeTech Daria Verestnikova.
When attacking premium customers of banks, there is a shift in the vector from pure social engineering to the technical attack zone, RIA Novosti quoted a representative of SafeTech. According to Verestnikova, attackers call mobile phones even to those about whom the corresponding articles are not yet presented in the encyclopedia, assuring that they are "about to" appear.
To edit the text, citizens allegedly need to install a "special editor application." This application, in turn, can give access to the control of the victim's smartphone or simply allow you to download a bank Trojan that will intercept codes from SMS and push messages, which will also allow you to eventually withdraw money from the victim's bank account, the expert warns.
Attackers began to carry out more and more targeted attacks, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications. According to him, from continuous attacks, for example, mass calls from the "bank security service," fraudsters switched to targeted ones. This is due to the actualization of measures to combat fraudsters. In particular, in Russia for more than a year there has been a platform for blocking calls from substitution numbers "Antifrod," to which both large and small telecom operators are connected. In addition, the tightening of the responsibility of the banking sector for allowing unauthorized transfers by the user led to the development by financial organizations of their own anti-fraud platforms, the deputy emphasized.
| | "Now you are unlikely to be able to easily carry out a large transfer to an unfamiliar number - the bank will probably contact you and clarify the details of the operation. We also see the first results of work in the field of improving the level of digital literacy. According to NAFI, in 2023, the digital literacy index reached 71%, "Nemkin added. | |
Telephone scammers in Russia began to offer to undergo fluorography at the expense of compulsory medical insurance in order to steal data from Public services
Telephone scammers in Russia began to offer to undergo fluorography at the expense of compulsory medical insurance in order to steal data from State Public services. SafeTech CEO Denis Kalemberg spoke about the new deception scheme in May 2024.
According to him, the swindlers call the victim and remind about the passage of fluorography. Suspicions often do not arise, because it is necessary to undergo this procedure once a year, Kalemberg said in a conversation with RIA Novosti.
| | The caller offers to choose the nearest clinic from among real medical institutions to pass, choose the date and time of admission. And to confirm the recording, just name the code from SMS, - said the expert. | |
After the attackers have taken possession of the code, they can use it to confirm the debiting of funds from the account. This development of the situation is possible if the attackers received the data of the victim's card or hacked into her mobile bank.
Or using the code, criminals will have access to their personal account on the Public services portal, which gives them a number of opportunities - from obtaining loans from microfinance organizations (MFIs) to gaining access to information about a person's accounts and income that can be resold.
According to Denis Kalemberg, telephone scammers apply other schemes related to the topic of compulsory health insurance. So, attackers call Russians under the guise of insurers, declare the need to replace the compulsory medical insurance policy and convince them to download the alleged application of the Ministry of Health. In fact, this is a program that allows you to gain remote access to the device and steal funds, the CEO of SafeTech told the agency.[11]
Telephone scammers in Russia switched to attacks on companies
In early May 2024, information appeared that telephone scammers in Russia partially switched their attention from ordinary citizens to companies. Moreover, enterprises with foreign participation and organizations engaged in foreign economic activity are of particular interest to cybercriminals.
Alexey Lukatsky, the host of the Post Lukatsky Telegram channel, spoke about new types of fraud. The essence of the scheme boils down to the fact that cybercriminals call former employees of companies with foreign participation: the target is, in particular, CEOs and accountants, information about which can be found in the Unified State Register of Legal Entities. Hiding behind work in law enforcement agencies and threatening criminal prosecution under various articles, including treason, fraudsters request various information, for example, accounting documents. The data obtained can then be used for financial fraud.
| | If you have recently been listed in any such company, then be prepared for the corresponding calls and messages, "says Lukatsky. | |
The fraudulent scheme has various variations. In particular, messages to employees can be received allegedly from the "former CEO," who, under various pretexts, requests certain information. These can be investigative measures or simply "assistance."
The head of the cybersecurity center of Trust LLC (F.A.C.C.T. - formerly the Russian branch of Group-IB) Yaroslav Kargalev emphasizes that the purpose of such schemes is to collect data for use in other attacks based on social engineering methods. For a potential victim, for example, the recipient of the letter, it will seem as legitimate as possible and not arouse suspicion. The use of topics related to accounting issues may indicate that the further development of the attack will be aimed at employees of the financial sector.[12]
Telephone scammers in Russia make from 10 million calls daily
Telephone scammers in Russia make from 10 to 15 million calls daily. Igor Ashmanov, a member of the Presidential Council for the Development of Civil Society and Human Rights (HRC), spoke about this in April 2024.
According to him, personal data is "the starting capital of a fraudster or recruiter," so their protection is a matter of national security. Igor Ashmanov also cited data according to which telephone fraud accounts for about 15-20% of all voice calls.
According to a survey by the All-Russian Center for the Study of Public Opinion (VTsIOM), which were released in February 2024, 67% of Russians have faced telephone fraud over the past 6-12 months. To a lesser extent, SMS fraud is widespread: one in six (17%) faced similar attempts at deception.
In April 2024, the legal service "Unified Protection Center" announced that since the beginning of the year, telephone scammers have stolen more than 600 million rubles from Russians. According to the study, in the Russian Federation since 2015, the number of victims of fraudulent schemes has increased by 72%. The most common fraudulent methods were financial pyramids, false requests for help to relatives and promises to protect funds.
According to the legal service, in 2024 there were new schemes of deception related to the conviction of treason and criminal cases. Fraudsters use various methods to deceive citizens and cause them a sense of fear. If in 2023 the main schemes were financial pyramids, assistance to relatives and protection of money, then in 2024 the priority was treason, criminal cases and protection of money.
Fraudsters call the victims, posing as FSB officers, and accuse them of sending money to Ukraine from their accounts. If the victim denies these allegations, the scammers begin to call her back, posing as fictional generals.[13]
Fraudsters began to attack Russians under the guise of financial monitoring officers, Public services and the police
Fraudsters began to attack Russians under the guise of financial monitoring officers, Public services and the police. The victims of this scheme are asked to install a special antivirus on the device, while in fact an application with remote control is hidden under it. In most cases, scammers force the victim to go to a specially prepared site, where you can download an application with remote control, which provides hackers with access to a person's device. Also, a link to an infected application can be dropped through an SMS message, Dmitry Khomutov, director of Ideco, told Gazeta.Ru.
According to the press service of the State Duma deputy RFAnton Nemkin on April 16, 2024, such a scheme is dangerous because fraudsters using remote access can not only intercept any information and use it for blackmail, but also manage finances - for example, transfer all savings to their accounts. In addition, by completely "cleaning" the device, they can turn it into a "brick," depriving you of access to all personal information, Anton Nemkin emphasized.
On average, new fraudulent schemes in Russia appear almost every week. Moreover, fraudsters do not even try to make their schemes convincing - the main thing on which they rely is the human factor.
| | The main thing for a fraudster is to keep you off balance. In this state, a person is not able to thoughtfully analyze his actions and often commits such actions that would seem to him something impossible in a calm state, the deputy emphasized. | |
First of all, the attackers are trying to use the stress factor - they intimidate citizens that their device is already infected, and all data can be deleted, report theft of funds or an incident that happened to one of your relatives, Anton Nemkin recalled.
| | My main advice is to always stay calm and not give in to stress if information comes to you from an unverified source. If you feel that the second side is trying to put pressure on you, intimidating, showing impatience and nervousness - it is better to put the tube right away. The longer you talk with the attacker, the more chances of still losing your personal data or even finances, the parliamentarian added. | |
As Nemkin recalled, according to the data, Ministry of Finance RUSSIAN FEDERATION almost every resident of Russia has encountered financial fraudsters at least once in the last year. Moreover, telephone fraud is still one of the most popular.
In Russia, using eSIM, they began to "steal" phone numbers from ordinary SIM cards
On March 14, 2024, F.A.C.C.T. (formerly Group-IB in Russia) announced the identification of a new scheme for stealing mobile numbers from Russian users to gain access to their online banking. Attackers have learned to "steal" phone numbers using eSIM - a built-in SIM card. Read more here.
Fraud schemes with the function of broadcasting a smartphone screen have appeared in Russia
In early March 2024, it became known about the appearance in Russia of new fraud schemes with the function of broadcasting a smartphone screen. They were told about them in "Sberbank."
As Izvestia writes with reference to a representative of a credit institution, swindlers call customers from a fake account using a name similar to 900 and the bank's logo, and ask if they have updated their banking mobile application. If the victim says "no," then the false worker of the bank says about the need to wait for a call from a specialized specialist to update the application.
Then another fraudster calls through the messenger, where there is a function of broadcasting the screen during a video call. As explained in "Sberbank," such a scheme is used to confuse the victim of deception and force her to fulfill the requirements of criminals. The second "employee" explains that he calls via video link to establish the identity of the client by biometrics. Then he asks to turn on the screen demonstration mode to connect a certain "robotic system for diagnosing the account." After that, the victim of the fraud is asked to go to the bank's mobile application, which, as the criminals assure, is "absolutely safe," since only the robot will see the screen.
However, in reality, after turning on the broadcast and switching to the application, fraudsters get the opportunity to see card numbers, amounts on accounts and codes in SMS from the bank. The swindlers can then use the findings to steal money and arrange loans in the names of the victims.
According to experts interviewed by the newspaper, fraudulent schemes using the broadcast of a smartphone or computer screen have been used in Russia before, but in 2024, attackers began to introduce themselves as bank employees. One of the victims of such fraud in 2024 lost 210 thousand rubles.[14]
Russians are lured by advertisements for paid voice acting of films to steal samples of their voice. Then they steal money from their relatives
Russians are lured by advertisements for paid voice acting of films to steal samples of their voice. Then they steal money from their relatives and friends. Angara Security, a company specializing in information security, spoke about the new fraud scheme in early March 2024.
Telephone scammers began to deceive Russians on behalf of MPSC employees
Telephone scammers began to deceive Russians on behalf of MPSC employees. This was reported in February 2024 by the Security Code company.
Swindlers in a conversation on the phone inform the victim that a letter has come to his name. At the same time, the correct last name, first name and patronymic, its address and the address of the MPSC, from which the call comes, are called. Fraudsters ask a person if he will come for a letter to the MPSC or can be sent by mail at the place of registration. If the victim chooses the second option, the caller says that the number of this message will come to SMS and asks to name it.
Only in the message comes not the departure number, but the code for confirming registration in some service. Further, the fraudster, having access to the victim's account, is already using it for his own purposes, experts from the Security Code company warn.
The use of such a scheme was recorded in several regions of Russia, including the Kamchatka Territory. The regional ministry of digital development warned citizens that the My Documents center, State Public services technical support, banks and other organizations never request numbers, codes and other information from SMS messages.
| | If you received a call on behalf of the "My Documents" center and asked for such data, these are scammers. Immediately reset the conversation and block the number, - advise the Ministry of Digital Development of the Kamchatka Territory. | |
They also recalled that you cannot inform callers of the login and password from the account, call them codes from SMS and follow suspicious links from messages. Employees of the "My Documents" centers do not have access to the citizen's account on the Public services portal and will never request such data, this is confidential information, the department added.[15]
"Sberbank": Russians receive up to 15 million fraudulent calls every day
Every day, Russians receive up to 15 million fraudulent phone calls. The deputy chairman Sberbank Stanislav Kuznetsov cited such data at one of the forums in mid-February Yekaterinburg 2024.
| | According to expert estimates, up to 8 million phone calls are made per day to Russian citizens, but taking into account instant messengers, this figure has greatly increased. We admit that up to 15 million call attempts occur daily, including messenger channels, - said Kuznetsov. | |
According to him, the main channels of cyber fraudsters are virtual PBXs, instant messengers and SIM boxes (devices that are used to store a large number of SIM cards).
| | If in the traditional areas of telephony we managed to do a lot and manage these risks, then new (channels) appeared. Here we were not really ready... And we have not learned today to record the statistics of these areas. This is a new challenge, we manage to do something already, configure our systems, but much has not yet been possible, - said the Deputy Chairman of the Board of Sberbank. | |
In mid-February 2024, Stanislav Kuznetsov also spoke about the appearance in Russia of a new scheme of embezzlement of money with the alleged "abduction" of a person.
| | Just a few days ago, we recorded an incident when a person was already deceived, but got involved in a sophisticated scheme that we call "kidnapping." The victim is told to buy a ticket, go to another city, settle in a hotel, do not take the phone, "he said (quote from TASS). | |
After a person allegedly disappears, fraudsters call the victim's relatives and demand a ransom. Kuznetsov noted that Sberbank prevented these scenarios of theft of money and transfers in time.[16]
Arrested four telephone fraudsters who deceived pensioners in Moscow for 50 million rubles
The court arrested four couriers on charges of embezzling about 50 million rubles from Moscow pensioners. The press service of the capital's prosecutor's office announced this on February 12, 2024. Read more here.
Fraudsters began to fake the voices of Russians with the help of AI and deceive their relatives in instant messengers
Fraudsters began to fake with the help AI of the voice of Russians and deceive their relatives and friends in instant messengers. On January 11, 2024, this scheme was reported in the department for organizing the fight against the illegal use of information and communication technologies. MINISTRY OF INTERNAL AFFAIRS Russia More. here
2023
The Central Bank cited a list of phrases of telephone scammers, after which you need to hang up
On December 29, 2023, the Bank of Russia cited a list of phrases of telephone fraudsters, after which, according to the regulator, it is necessary to hang up. The list was published on the official Telegram channel of the Central Bank, and it looks like this:
- "A loan application has been made." The Central Bank recommends putting the phone down if the loan application has not been sent;
- "Employee of the Central Bank." Employees of the Central Bank do not contact individuals to perform banking operations;
- "Special and Secure Account." Fraudsters offer to transfer funds to a certain "special account" for safety, but such do not exist, indicate in the Central Bank;
- "Investigative actions are underway, help detain fraudsters and do not disclose information." Law enforcement officers do not carry out procedural actions by phone and do not offer to participate in the detention of fraudsters;
- "Your money is trying to steal, a suspicious operation has been recorded." Banks, as noted by the Central Bank, can suspend such operations without the participation of the client;
- "The SIM card is about to expire." The SIM card of the mobile operator, the Central Bank noted, has no expiration date;
- "Dictate the code from the SMS message." The code is an analogue of a handwritten signature, it cannot be sent or reported;
- "You are concerned about a financial security specialist, a bank security officer." In this case, the fraudster will be interested in the card data or the code from SMS.
The Bank of Russia warns that if at least one of the above phrases sounded in the conversation, the user should immediately end the conversation, then call the official number of the organization or the hotline on his own.
The Central Bank adds that criminals sometimes impersonate employees of departments and "send fake certificates through instant messengers." The regulator stressed that fraudsters know well how to deceive a person by causing the necessary emotions from him.[17]
The ratio of women and men caught on the tricks of telephone scammers turned out to be approximately the same - 50.4% against 49.6%
VTB has compiled a portrait of customers who fell for the tricks of scammers. In 2023, the ratio of women to men turned out to be approximately the same - 50.4% against 49.6%, in 2022 the share of women was 52%. The average age of the "victim" ranged from 35 to 44 years. This was announced on October 20, 2023 by representatives of VTB.
According to a VTB study, women are slightly more likely to be attacked by fraudsters - in 50.4% of cases. The largest number of attacks are on bank customers aged 35 to 44 years (25.4%). The share of clients from 45 to 54 years old decreased by 4 percentage points. and began to occupy about 21%, from 55 to 64 years old - 17%, from 25 to 34 years old and people of the older generation (from 65 years old) - 14% each. Young people began to fall for the tricks of fraudsters more - the share of clients under the age of 25 increased from 4 to 8%.
Most of the "victims" live in Moscow (20.4%), the Moscow region (8.5%) and St. Petersburg (6.6%). Fraudulent activity is also high in the Novosibirsk (3.9%) and Samara regions (3.5%), Krasnodar Territory (3.2%), Sverdlovsk Region (3.2%). The North Caucasus has lost its leadership in the minimum number of attackers' activity. This year, less than 1% of fraudulent cases occur in the Orenburg region, the Khanty-Mansi Autonomous Okrug, Omsk, Vologda, Murmansk regions, Primorsky Territory, and the Republic of Buryatia.
The largest share of affected customers, calculated from the VTB Online audience in the region, falls on the Novosibirsk, Voronezh, Samara regions and Khabarovsk Territory. However, this figure does not exceed 0.3%.
| | Fraudulent attacks can be directed against Russians of any gender, age, social status and place of residence. However, first of all, attackers are attracted to middle-aged people, since they work hard and are financially stable. The rate of attacks on young people under the age of 25 also doubled. The most common deceptions based on social engineering, about one in three cases falls on loan processing. Defeat fraudsters and save your money will help, first of all vigilance and financial literacy. The client can become a victim of intruders only if he himself informs them of his personal data. Therefore, carefully read the texts of SMS notifications from the bank. Customers' money is kept safe only in the account that the client himself physically opened in the servicing bank. noted Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department | |
VTB specialists calculated that since the beginning of 2023, the bank has received 5.3 million messages about calls from fraudsters, which is 20% less than in the same period in 2022. The bank managed to save more than 9.5 billion rubles in accounts. Most of the calls are made by scammers from a mobile phone - 74%, messengers account for 20%, from city numbers - 4%.
Sberbank warns of a fraudulent scheme involving several relatives at once
Sber On August 28, 2023, he warned of a fraud scheme based on the use of family ties. Telephone scammers inform a person that allegedly unscrupulous employees bank are trying to apply for him credit and steal money. To save the money, the victim must issue a loan "to exhaust the credit potential" and, together with personal savings, transfer it to a "safe account." After the victim transfers funds to criminals, they begin to ask her about the presence of relatives, because according to fraudsters they "may also be in danger."
New victims are persuaded to take similar actions. As a result, several people united by family ties at once become victims of the crime: they transfer both their own and borrowed funds to fraudsters.
| | Family values are very important for Russians, and fraudsters began to use it for criminal purposes. If one relative is convinced that he is trying to prevent a loan in his name, then other family members, trusting him, may lose their critical perception and suffer from the actions of intruders. As a result, several people, falling into the networks placed by criminals, lose their savings and become loan debtors. I want to remind you of the main rules of financial security: do not talk about anything with scammers, in no case inform anyone of your personal data and the data of relatives, and if you still have doubts, call back to the contact center of your bank and clarify whether everything is in order, said Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank.
| |
FBI reveals new phone fraud scheme in which victim becomes FBI
On July 18, 2023, the Internet Crime Complaint Center (IC3) as part of the FBI announced that cybercriminals had adopted a new telephone fraud scheme in which the victim in some sense becomes a courier.
Attackers, as noted, target primarily the elderly. Criminals impersonate support specialists of a particular company by contacting a potential victim by phone, via email, text message or through a pop-up window. They further report that suspicious activity is recorded on the user's account. Another possible trick is to inform that the victim is entitled to any monetary compensation, for example, for subscriptions or services.
The following instructions contain a phone number by which the user can seek help. As soon as the victim dials this number, the fraudster says that the only way to send money is to connect to the user's computer and deposit funds into the bank account. To do this, you need to download a certain program that actually contains malicious components. Then the victim is asked to go to his bank account, as a result of which the attackers have credentials at their disposal.
The peculiarity of the scheme is that cybercriminals really transfer "compensation," but the amount transferred turns out to be significantly higher than agreed. After that, the scammers, hiding behind the alleged dismissal, ask the victim to return the difference in cash by wrapping the money in a magazine or newspaper. The criminals are asked to send such a parcel to the specified address. Meanwhile, with the user's bank details at their disposal, fraudsters can empty his account.[18]
Russians warned about a new fraudulent scheme with online cinemas
In July 2023, it became known about a new fraudulent scheme with online cinemas in Russia. Swindlers send a message to potential victims in instant messengers and offer work allegedly to evaluate online cinemas. The newsletter indicates a phone number for feedback, and also mentions popular streaming platforms in Russia. Real employment is not confirmed, while communication with such "employers" can lead to theft of funds, the Prime agency reports, citing a statement from one of the Russian banks. Read more here.
The Central Bank of the Russian Federation told about a new telephone fraud
On July 10, 2023, the Central Bank of the Russian Federation spoke about a new telephone fraud. Now the swindlers, calling their victims, not only introduce themselves as employees of the regulator, but also send e-mail messages with an invitation to a personal reception at the Central Bank of the Russian Federation.
As reported in the Telegram channel of the Bank of Russia, fraudulent letters begin with an appeal by name and patronymic, they indicate the reception time and the real address of the Central Bank in the region of residence of the potential victim. As the sender of the message by spoofing the email address, they indicate the domain of the Bank of Russia cbr.ru.
The attackers also turn to a potential victim by name and patronymic and indicate the time of reception and the address of the local branch of the Bank of Russia. After sending a letter, they contact the recipient personally and, under various pretexts, try to find out the details of his bank card and SMS code or persuade him to transfer money.
| | The Bank of Russia, on its own initiative, does not invite citizens to a personal reception, its employees do not call people and do not send copies of any documents to anyone, do not request personal and banking information, do not offer to make any transactions with the account... Fraudsters are often represented by Bank of Russia employees. Therefore, be vigilant, - emphasized in the Central Bank. | |
The regulator recommends not responding to this kind of invitation and deleting it if there was no appointment. For any banking issues, the Central Bank recommends calling the bank at the phone number indicated on the back of the card or on the website of the credit institution.
Experts remind Russians that to protect against intruders, you cannot transfer your confidential data to anyone, such as passwords and logins from accounts in services, codes from SMS and push notifications.[19]
The Central Bank of the Russian Federation explained why fraudsters call and remain silent in the phone
At the end of June 2023, the Central Bank of Russia explained why fraudsters call and remain silent. According to Dmitry Ibragimov, deputy head of the Security Department of the Central Bank of the Central Bank for the Central Federal District, a "silent" call is first made to check whether the number is valid.
Scammers also need to find out if the user will answer an unfamiliar incoming number or ignore it. If initially the user did not answer the incoming call, and then called back after some time, then this will be a positive subscriber for the scammers. As in the case if the user of the SIM card answers immediately. It's like a primary filter before the next attack, such as a cold call from bank security.
In addition, attackers can make calls, listen to a voice and update their database. For example, to map a subscriber's voice to attributes such as the caller's gender and age in the database. Suppose that the fraudsters already have the data of the owner of the SIM card and they refer the owner to Petrov Evgeny Petrovich, born in 1980. After the call and the subscriber's answer to it, the voice will be automatically recorded on the PC, and then updated from the point of view: whether the man or woman answered, the estimated age is recognized by the timbre of the voice. Somehow, it is not necessary to act on such "silent" calls on purpose, because such a call itself does not carry any danger, the representative of the Central Bank specified.
The caller does not need to worry about whether he answered the call correctly or said something superfluous, for example, "Yes, I listen!" There is a myth that fraudsters can record a "Yes" answer and use it to confirm a serious financial transaction, obtain a loan or transfer money. In reality, this is not the case, notes Dmitry Ibragimov.
According to him, it is impossible to remotely confirm such operations in one word "Yes." Banks will not take on potential risks associated with insufficient identification of the client, that is, until they fully make sure that it is the client who transfers the order to dispose of their own funds, transactions are excluded. In addition, the operator of any bank in any case will distinguish the recorded voice from the natural one, although in June 2023 IT technologies are constantly developing and improving, Ibragimov assured.[20]
Fraudsters began to steal money from the accounts of Russians, sending messages with an offer to make money on the valuation of hotels
In Russia, fraudsters began to steal money from the accounts of Russians, sending messages with an offer to make money on the valuation of hotels. This became known on June 20, 2023.
According to RIA Novosti, attackers use the hotel booking service as bait in their new hybrid scenario. They create a group in instant messengers or send an SMS message in which they offer to evaluate the hotel booking service and hotel photos on the Booking website. The text indicates a link to the Telegram channel, where the client can discuss in more detail with his personal "manager" further conditions for "employment" according to the assessment of hotels. However, when switching to the announcement, the topic is adjusted - the client is offered to help online stores "in sales" and promise large revenues of up to tens of thousands of rubles a day.
Attackers send a client a link to a phishing site where he needs to pre-register using his personal data: full name, email address and mobile phone number. After registration, the client needs to pay a certain amount to the specified account in order to begin performing tasks to evaluate various goods of online stores. At the end of each "business" day in the customer's account, the initially invested amount is doubled or tripled. However, it will not be possible to withdraw the "earned" money, and any attempts to contact the personal "manager" will not lead to anything.
According to experts, this appointment is similar to the scheme for hiring various marketplaces. The main goal is to lure as much money out of a potential victim as possible. To protect yourself and protect yourself from such attacks, we recommend not responding to suspicious spam mailings, not participating in group chats, whose participants are not familiar to you and generally refrain from communicating with strangers on the Internet and instant messengers.[21]
Sberbank recorded an increase in the number of telephone fraud attempts against Russians to 8.6 million per day
The number of attempts at telephone fraud against Russians by mid-June 2023 reached 8.6 million per day against 5 million a year earlier. This was announced on June 14, 2023 by the deputy chairman of the board. Sberbank Stanislav Kuznetsov
| | The main threat is telephone fraud, the share of which in the total volume of cyber fraud is 90%. And the number of attempts at telephone fraud is growing, "he said in a conversation with RIA Novosti. | |
According to Kuznetsov, among the fraudulent schemes that cybercriminals use against bank customers, the scheme with transfer or contribution to a "safe account" still dominates: over 77% of the total volume of fraud attempts. As part of this scheme, most often criminals appear to be employees of the "security service" and talk about a certain "change in financial number," intimidate by issuing a loan in the name of the client or an attempt to withdraw money from the account.
The attackers do not come up with fundamentally new ideas, but only introduce new varieties of the mentioned scheme, the representative of Sberbank noted.
To convince victims of the veracity of their words, fraudsters are increasingly sending them fake documents through instant messengers. Recently, for example, swindlers have been using fake "identity certificates of a qualified bank employee," said Stanislav Kuznetsov.
Also, according to him, the criminals learned to call entire families at once. If the victim does not succumb to persuasion, fraudsters contact her loved ones, convincing them to influence the "stubborn" relative. At the same time, the swindlers "are represented by bank or police officers, report on a possible theft of funds and ask to take action," Kuznetsov explained.
| | This "approach" can lead to losses of more significant amounts, since there is a possibility that other family members will also fall under the influence, - warned the top manager of Sberbank.[22] | |
Fraudsters have learned to fake the numbers of any subscribers in Russia in order to call on their behalf
Fraudsters have learned to fake the numbers of any subscribers, said T1Viktor Gulevich, director of the information security competence center at the end of May 2023.
Thus, any Russian can become a "fraudster" if attackers disguise the call as the desired number. You can protect yourself by ordering detailed calls from the operator, there will be no fake calls in detail.
As Viktor Gulevich explained to Prime, fraudsters use the technology of replacing the caller ID (Caller ID) through the services of virtual providers of IP telephony and SIP telephony (a protocol for exchanging data on the network).
| | If you are informed that calls are received from your phone number that you did not make - this is the main sign of illegal actions of fraudsters, the expert said. | |
According to Alexander Vurasko, an expert in the direction of special services Solar JSOC of RTK-Solar, the problem is that due to the technical restrictions of communication networks, there are no truly effective methods for countering number substitution by May 2023.
Despite the fact that Russian telecom operators have introduced anti-fraud systems that have made it almost impossible to replace numbers in their networks, if the number was replaced before the call came to the network of the Russian operator, it becomes much more difficult to track such a substitution, explains Alexander Vurasko.
| | Attackers often choose arbitrary numbers for substitution, however, sometimes they gravitate to any specific phones. Most likely, this is simply due to the unwillingness after each call to change the replacement number, - said the expert in a conversation with Izvestia. | |
The publication adds that situations often arise when victims call the number owners, addressing them with claims. But real subscribers most often have nothing to do with any criminal schemes, they themselves suffer reputational risks due to fraudsters who discredit their contact details.[23]
Fraudsters began to " put pressure" on the relatives of their "victims" to access the family budget
In May 2023, VTB clients report a new fraud scheme, when not only they are attacked, but also their relatives. Attackers contact each of the family members, convincing them of the need to influence the "victim." Their main task is to convince the interlocutors of the need to make financial transactions that will ultimately lead to theft of funds.
The fraudster calls the potential victim, posing as a bank employee or law enforcement officer. He reports that the client's funds can allegedly be stolen by intruders, and urgent measures must be taken to save them. In case of refusal, the "employee" switches to a more aggressive manner of communication and threatens to call the interlocutor's relatives in order to convey the importance and veracity of his words through them. Next, he really contacts the nearest circle of potential victims by phone - these may be parents, spouse or children.
They seek to convince threats of reality and are asked to influence their relative to take measures to "save" their own or family funds from theft.
During the conversation, fraudsters use social engineering technology, using already common topics to deceive - applying for a loan, conducting dubious transactions on cards and bank accounts, changing a financial or trusted phone number in a bank, transferring funds to a "safe" account and others. The share of social engineering today remains extremely high and accounts for almost 90% of all attacks.
"Attackers are excellent at psychological techniques and deftly manipulate the emotions of their victims. If earlier they called allegedly on behalf of family members, reporting on the incident of force majeure and the need to transfer money to resolve it, now they themselves are actively using the existing contacts of relatives. As a result, entire families are already facing threats and extortion. Such an aggressive psychological impact can lead to dangerous situations and withdrawal of funds on a much larger scale, because the entire family budget is under threat. Therefore, it is very important not only to comply with the financial security rules for your part, but also to talk about them to your loved ones and be in touch with each other and the bank for the prompt verification of such information, "said Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department.
Scammers began to call potential victims via video link
VTB has recorded another trend of fraudulent attacks: now attackers call potential "victims" via video link, posing as bank employees and imitating work in the office. All such calls go through instant messengers. The bank announced this on May 19, 2023.
Fraudsters make the first call, as a rule, through a messenger or through regular telephone communication. If the interlocutor does not believe that a bank employee communicates with him, then the attacker calls back via video link, depicting the service from the bank office. As a result, the "victim" remains in no doubt about the credibility and seriousness of the caller's words.
Then fraudsters use standard schemes to gain access to the money of a bank client - they convince them to issue a credit application, change a trusted phone number, transfer money to a "secure account," update a bank application or download remote access tools to check its work, or simply start requesting SMS codes under various pretexts to gain access to the personal account of a bank client.
| | Messengers have become the main channel for the activity of scammers. The share of calls to them has grown by almost 15 percentage points. since the beginning of the year, and in May 2023 reaches 64%, significantly overtaking telephone attacks. All such calls are made solely for the purpose of obtaining personal information for criminal purposes, possibly even for obtaining photos and video images of customers. It is important to note that real bank employees will not use such communication channels. Thanks to the constant work of banks with financial security rules, customers have become more active in recognizing and reporting calls from cybercriminals. At VTB, every tenth client passes on the number of the fraudster and describes in detail the scenario of an attempt to deceive, - said Nikita Chugunov, senior vice president, head of VTB's digital business department. | |
A Russian citizen did not succumb to the tricks of fraudsters and they signed him up as a volunteer to participate in a special operation in Ukraine
Ukrainian fraudsters could not rob a resident of Yuzhno-Sakhalinsk with money and, in retaliation, registered him as a volunteer to participate in a special operation in Ukraine. According to local police, an unknown person called the 50-year-old man and introduced himself as an employee of the State Public services portal. He said that the man's personal account was hacked. During the conversation, the fraudster asked where he kept his money, but he could not lure this information out. Sakhalinets issued only data from his personal account at the Public services. Three days later, the man went to the portal application and found that he had been volunteered for the SVO.
Taxi driver Zhanishbek returned the money to a pensioner who was tried to rob telephone scammers
24-year-old Zhanishbek fulfilled the order on the afternoon of April 21, 2023. The taxi driver arrived on Belomorskaya Street to pick up the parcel from an 84-year-old pensioner. The woman handed him a bag, and Zhanishbek, just in case, clarified whether there was money there. The pensioner shook her head, so the taxi driver with a calm soul went to the recipient.
On the way, they called him. The caller was clearly nervous and asked Zhanishbek to deliver the bag to the spot as soon as possible. The taxi driver decided to check the parcel and was right: there were 500 thousand rubles inside. The driver immediately realized that the pensioner fell for the trick of scammers. He pulled out the money, handed them an empty bag and returned to Belomorskaya to give the amount to his grandmother.
However, no one opened the door to him. Then the taxi driver decided to call the police. He was taken to the department, where the guy voluntarily gave half a million belonging to the pensioner. The money was handed over to the hostess, and they also had a conversation with their grandmother that they should not believe strangers who call on the phone, writes Baza.
Telephone fraudsters who worked for the Armed Forces of Ukraine were detained in Moscow
In April 2023, telephone fraudsters who worked for the Armed Forces of Ukraine were detained in Moscow. The attackers cashed the money stolen from the Russians at ATMs, converted it into cryptocurrency and transferred it to anonymous accounts in Ukraine.
Ukrainian call centers invented a scheme of deception with "abduction"
Ukrainian call centers in the spring of 2023 invented a new scheme of deception. The mother of the assistant senator of the Federation Council Elena Silkina could be "kidnapped" by telephone scammers. Scammers convince people to hide, and then extort money from their relatives.
According to Baza sources, fraudsters have recently begun to practice a "remote" divorce scheme. It looks like this: unknown persons call the victim, report the threat of persecution and convince them to hide in a temporary shelter. You need to get to it yourself, and on the way you need to throw away the phone (after all, it is allegedly followed) and buy a new one with a SIM card. So that the victim could not be traced.
Then a person, confusing traces and changing transport, gets to the "shelter" - an ordinary apartment rented for rent. At the same time, she must pay for housing herself, in no case contacting relatives or relatives. At the same time, scammers call their relatives, report "abduction" and aggressively demand a ransom. In such cases, criminals do not even see directly with the victim herself - she simply "hides" at home.
One of the interlocutors of "Baza" said that recently it was using this method that the mother from the family of his friends was "stolen." According to him, the woman was found at the place where the signal of her phone was last recorded - the police combed the communication salons in that area, and in one of them the missing was identified, after which she was found by a new number.
In April 2023, 76-year-old Tatyana Grigorievna, who before the loss herself drove from home to the Leningradsky railway station, is also looking for the same way - with the help of communication salons near Belorusskaya. She was later discovered in a hotel.
Fraudsters detained in Dnepropetrovsk who stole 3 million euros from Czech residents
In April 2023, a fraudulent group was liquidated in Dnepropetrovsk, which stole almost 3 million euros from the inhabitants of the Czech Republic. Fraudsters organized several call centers, whose employees lured money from people by phone. They acted according to a proven scheme: they introduced themselves as bank employees and police officers, forcing victims to transfer money to allegedly "safe accounts." 6 alleged organizers of the criminal community were detained, among them - citizens of Ukraine and the Czech Republic.
Fraudsters change numbers to foreign ones similar to Russian ones
Attackers engaged in theft of funds from Russians by phone will change phone numbers to foreign ones from the end of 2022 to bypass the protection of mobile operators, Kommersant wrote in February 2023.
At the same time, foreign numbers are visually disguised as Russian. For example, numbers with the code + 423 belong to Liechtenstein, but "pretend" to be calls from the Primorsky Territory, the code + 905 of Turkey resembles the mobile numbering adopted in Russia, and + 472 of Norway is similar to the code of the Belgorod region.
However, the most common fraudsters used the codes of Japan and Korea + 8 (1, 2) and the international code, which operates in Kazakhstan and Russia + 7.
Most of the unwanted calls at the end of 2022 were received from Russians from the numbers of Turkey, Kazakhstan and Iran.
95% of fraudulent calls to Russians are made from the territory of Ukraine
95% of fraudulent calls to Russians are made from the territory of Ukraine - 800-900 call centers are located there. Such data in February 2023 was shared by the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov. According to him, the center of telephone fraud remains the city of Dnipro - earlier about 1100 call centers worked there, now - about 150.
Scripts for telephone scammers are not written in Ukraine, but by Western countries: for this they use any information reason, said Vladimir Komlev, general director of the National Payment Card System.
Ukrainian fraudster was able to persuade a resident of the Moscow region to transfer him almost one and a half million, and then set fire to the branch of Sberbank
On the morning of February 7, 2023, 48-year-old Alexei, a resident of the village of Porechye near Ruza, received a call from a "bank security officer," writes Baza. He convinced the man that his accumulations were at risk and needed to be protected. To do this, you need to take a loan of 1.4 million rubles, after which you sent the amount to the fraudster.
However, the offender did not lag behind. "Bank employee" was able to explain to Alexei that in order to identify fraudsters, he needs to set fire to the office of Sberbank. The fraudster sent instructions on how to mix the "Molotov cocktail" and a few hours later Alexey was already at the branch in Ruza. After making sure there were no people in the bank, he opened the door and threw the bottle into the corner. It is believed that telephone fraudsters have been covered by the Ukrainian SBU for years.
Fraudsters learned to calculate people who recently sold housing, and began to "addressedly" lure money from them
In January 2023, when calling, they impersonate representatives of banks, real estate companies or law enforcement agencies, and convince victims to transfer funds to a "safe" account.
2022
Subscribers around the world lost $53 billion due to telephone scammers using digital technologies
In 2022, mobile subscribers globally lost approximately $53 billion due to telephone fraud and unwanted calls. This is stated in a report released on March 20, 2023 by Juniper Research.
Attackers use various techniques to deceive cellular users. This is, in particular, unauthorized call forwarding or forgery of the caller ID. The ultimate goal of criminals is to gain financial advantage. Experts say that despite the ongoing development of robocall prevention systems, phone fraud losses are on the rise. Attackers are constantly improving their methods and tactics using affordable digital technologies. By 2027, global losses in this sector could reach $70 billion.
It is noted that more than 50% of the total damage associated with fraudulent robocalls is in North America. According to the annual report of the Robokiller service, in 2022, Americans received 225.69 billion text messages generated by robotic systems. This is 157% more compared to 2021, when the number of fraudulent messages was estimated at 87.85 billion. At the same time, the number of robotic calls from intruders rose on an annualized basis by 8% - from 72.24 billion to 78.24 billion.
According to a study by Robokiller, in 2022, fraudulent messages related to the delivery of certain orders were most often sent - more than 12 billion messages. In second place were robotexts concerning various financial services: they accounted for almost 4 billion shipments. The top three messages on the COVID-19 pandemic are closed - approximately 2.87 billion shipments at the end of 2022.[24]
In the US, scammers stole $11 million with deepfakes imitating someone else's voice
In 2022, fraudsters, using artificial intelligence models to accurately imitate (deepfake) human voices, stole about $11 million from their victims in the United States alone. Such data are contained in the report of the Federal Trade Commission (FTC), published on February 23, 2023.
Modern AI tools are able to mimic a person's voice, including emotional tone, based on the analysis of several voice phrases. And, for example, the Microsoft VALL-E system based on a neural network requires a sample of only three seconds. Such tools are actively used by attackers, misleading gullible users. Most often, fraudsters present themselves as relatives of the victim, demanding to transfer money under one pretext or another. For example, in 2022, one married couple in the United States sent $15,000 through a bitcoin terminal to a criminal, believing that they were talking to their son. A generated AI voice told them he needed money to pay off legal fees after he was involved in a car accident that killed a US diplomat.
In general, as noted, in 2022, more than 5,100 people became victims of such schemes in the United States. Experts say that such attacks can be carried out from anywhere in the world, and therefore it is extremely difficult to track down criminals. Often there is also uncertainty about which agencies have jurisdiction to investigate cases where scammers operate from different countries.
The FTC report says that in general, victims of attackers lost almost $8.8 billion in 2022 as a result of attacks of various types. This is 30% more compared to 2021. At the same time, the greatest damage was caused by investment fraudulent schemes: the damage from them amounted to more than $3.8 billion. In second place are fraud with impostors, the losses from which in 2022 reached $2.6 billion against $2.4 billion a year earlier.[25]
Hackers began to massively attack telecom operators around the world to take possession of someone else's phone number
On December 2, 2022, IT specialists CrowdStrike announced the discovery of a new cybercriminal scheme: attackers attack telecommunications companies and organizations in the field (outsourcing business processes BPO) in order to take possession of someone else's phone number. More. here
Telecom operators will be forced to report on replacement numbers to the Ministry of Digital Development
As it became known in early December 2022, the Ministry of Digital Development will have the right to ask operators for data on a completed call based on citizens' appeals through the Public services. The corresponding amendments to the law "On Communications," prepared by a group of members of the Federal Assembly headed by Artem Sheikin, a member of the Federation Council Committee on Constitutional Legislation and State Building. Read more here.
A deceived pensioner was detained in Moscow, who began working for fraudsters to return the money
In Moscow, in November 2022, a pensioner from Reutov, deceived by fraudsters, was detained. Having become a victim of swindlers, he agreed to an offer to "work" for them in order to return his savings and close debts. As a result, the pensioner was detained while receiving 5 million rubles from a new victim.
Arrest of 100 people in Britain for phone number swap services for fraudsters
Investigators in Britain have discovered a site that offered customers phone number substitution services. Through this site, thousands of scammers from different countries were engaged in calling their victims, paying for the services of spoofing numbers with crypt.
Potential victims were contacted, posing as employees of well-known banks or government agencies. In Britain alone, more than 200,000 people suffered from such calls, and the damage is estimated at least $3.9 million.
Police officers hacked into the site's database and obtained information about 59,000 users. In November 2022, 100 people have already been arrested.
Detention of fraudsters in St. Petersburg who stole more than 150 thousand rubles
In St. Petersburg in November 2022, bank fraudsters were detained who stole customer funds through social engineering. In Kolpino, they found special equipment to redirect traffic. For six months, the connection of more than 12 thousand SIM cards was recorded there, through the balance sheets of which more than 150 million rubles passed. It was established that the money was stolen by fraudsters with the transfer of funds to "secure accounts."
The Central Bank of the Russian Federation announced a new telephone fraud. The bait is the fight against the theft of data
In November 2022, the Central Bank of Russia warned of a new telephone fraud. The bait is the fight against the theft of personal data.
The essence of the scheme is as follows. Criminals call bank customers under the pretext of prompt investigation. They are presented by law enforcement officers who allegedly conduct a case of massive leaks of personal data from banks. Moreover, they act, in their words, directly on behalf of the Central Bank.
| | The fraudster calls the person and reports that among the compromised data may be his information. He offers to check with the leak database in order to attract the interlocutor as a victim, - said the Bank of Russia. | |
Further, the criminal clarifies with the person in which particular bank he is served, asks for card data, including a three-digit code on the back. For greater persuasiveness, fraudsters refer to official documents from the Central Bank, naturally false.
To convince a potential victim of the plausibility of the story, a fraudster can send him a photo of a fake document about conducting operational-search measures to the messenger or e-mail, the Central Bank warned.
They also recalled that neither bank employees nor law enforcement officers ever request bank card details (its number, three-digit code on the reverse side, SMS code).
The Central Bank recommends when communicating the phone with unknown:
- do not give them bank card details;
- not to succumb to threats;
- not to enter into correspondence with them;
- do not call them back;
- it is best to interrupt the conversation and block the number of scammers;
- if there are doubts about the safety of money in a bank account, you can independently call your bank at the number indicated on its official website or on the back of your bank card.[26]
In Krasnoyarsk, telephone scammers accidentally called the press service of the Ministry of Internal Affairs
In Krasnoyarsk, telephone swindlers accidentally called the press service of the Ministry of Internal Affairs (MIA). After that, a courier was detained, who took money from the victims of telephone fraud. This was reported in the department on September 15, 2022. Read more here.
Russia is creating a unified system for checking subscriber data to combat telephone fraudsters
At the end of August 2022, new details about the unified information system for checking information about subscribers (UIS PSA) became known. The corresponding bill is in terms of priorities for consideration by the State Duma in the autumn session, Izvestia was told in the financial market committee of the lower house. Read more here.
Telephone scammers in Russia began to call through instant messengers
VTB recorded another scenario of telephone fraud, as reported by TAdviser on June 1, 2022. Attackers use robot calls through instant messengers for subsequent switching allegedly to a "VTB specialist."
Photo source: ixbt.com
Under the pretext of confirming an application to change a trusted phone number or issuing a credit application, fraudsters call customers through instant messengers, allegedly on behalf of a robotic bank assistant. If the client says that he did not leave applications for changing the phone number or for a loan, then the robot switches the subscriber to a false specialist of the bank, who is trying to get confidential data: UNK (unique client number), bank card data, codes from SMS to enter his personal account, etc. Using the information received, fraudsters can gain access to funds in the client's accounts, his pre-purchased loans, force them to transfer them to a "special" account, etc.
| | We began to record that fraudsters switched to instant messengers from calls to phone numbers. There are many reasons for this: calls through instant messengers are free, they lack antispam and fraudulent filters, there are no number identifiers, each service is regulated by its own policy. It is much more difficult to track attackers through these channels, and for additional protection, we recommend that customers, through the settings in the smartphone, allow incoming calls in instant messengers only from familiar numbers from the phone book, "said Nikita Chugunov, head of the digital business department - senior vice president of VTB. | |
In April 2022, compared to March, VTB recorded an increase in the activity of fraudsters: the number of phishing resources and clone applications on the Internet increased 11 times. In just four months, VTB has already prevented more than 700 thousand attempts by attackers to steal money from customer accounts. This is almost 1.5 times the result for the same period in 2021. The total amount of funds saved by VTB customers amounted to almost 7 billion rubles.
Now you can provide the phone number of scammers not only through the hotline or in a chat with the bank, but also through a voice assistant in the VTB Online mobile application. Also, using the voice assistant, you can share a suspicious link for verification by VTB specialists by sending it to a chat with the assistant. For additional protection of client funds, there is also a single section with security settings and recommendations in the VTB Online application.
| | Collecting data on telephone scammers through digital services helps protect bank customers from intruders. Voice assistants save customers time by processing calls quickly. The service for collecting fraudulent numbers in the voice assistant was launched in April 2022. In just two months of its operation, customers managed to transfer us more than 1,500 fraudulent numbers. Let me remind you that bank employees do not call customers through instant messengers and will never request such data as UNK to enter their personal account, bank card information, CVC/CVV and one-time codes from SMS, - said VTB Senior Vice President, Head of Digital Business Department Nikita Chugunov. | |
Fraudsters in Russia began to use substitution numbers of citizens
At the end of May 2022, it became known about a new type of telephone fraud. It consists in replacing numbers: moreover, if earlier attackers called on behalf of banks, government agencies and companies, now they have begun to use the numbers of ordinary users.
As the head of the Mousetrap platform Evgenia Lazareva told Izvestia, people call the Russians and say that there was a call from their number "from a bank employee" who was trying to withdraw personal information to steal funds from the account. At the same time, the subscribers themselves did not make any calls and are not related to fraudulent schemes.
The interlocutor of the publication added that there are also appeals from potential victims. So, when trying to call back to the number that is determined by the phone during such a call, a completely different person with different features of speech and even another sex answers, who claims that he has not made any calls lately.
Using the substitution of the number, the attackers are trying not only to lure money from their victims (for example, having received information that this number belongs to the victim's relative, they are trying to obtain money transfers), but also to mislead law enforcement agencies and harm Russian citizens. For example, unsuspecting users used to replace numbers can get into spam databases and be blocked by applications that some Russians use. Also, problems may arise during employment: the company will try to check the applicant's phone in one of these databases or on the application's thematic website and see that the candidate's number is in the category of scammers, spammers and with negative reviews. With such a reputation, the job seeker will be refused, Evgenia Lazareva said.
Lazareva added that most of the attacks on the accounts of Russians come from call centers located in unfriendly countries.
Cybersecurity experts interviewed by the newspaper confirmed that when using the method of changing numbers using IP telephony, you can call on behalf of any subscriber. According to experts, it is impossible to protect yourself from using your number for substitution, but you can prove your innocence by detailing. It is enough to request it from the operator and provide, for example, to the bank to exclude yourself from blacklists.
The Ministry of Digital Development told the publication that by the end of May 2022, the state, together with telecom operators, is working on measures to combat the substitution of subscriber numbers. Thus, the ministry oversees the development of an anti-family telephone system that will track the substitution of a number when transferring a call to the network of another operator.[27]
Central Bank of the Russian Federation warned of a new type of VPN fraud
In early May 2022, the Central Bank of the Russian Federation warned of a new type of VPN fraud. The scheme is that scammers persuade potential victims to visit their blocked sites using such programs. Read more here.
Online banking malware intercepts calls to support
Researchers in the field cyber security from the company "" Kaspersky Lab talked bank trojan about called Fakecalls. In addition to the usual spy functions, he has an interesting ability - to "talk" to the victim, imitating communication with an employee. bank This became known on April 12, 2022. More. here
A large call center of fraudsters in Berdyansk acted in agreement with the authorities of Ukraine
During a military special operation, the Russian military in April 2022 found a call center abandoned by Ukrainian fraudsters in Berdyansk, which had data from at least 20 million Russians. It acted in agreement with the Ukrainian authorities, while its activities were supported from, Netherlands, and Germany. USA Estonia
2021
9 out of 10 fraudulent calls to bank customers in Russia are made by robots
On November 22, 2021, it became known about a surge in telephone fraud using robotic assistants in Russia. This method accounts for 9 out of 10 calls from attackers, told Kommersant in a bank from the top 5 in the Russian Federation.
Another credit institution, one of the 20 largest in the country, confirmed an increase in the number of customer complaints about fraudulent calls using robotic assistants, specifying that such attacks account for almost half of such calls.
According to the manager of RTM Group, Yevgeny Tsarev, the attacks with automatic calling of the base began about six months ago in connection with the widespread introduction of bank voice assistants in banks, as well as informing the population about fraudulent calls on behalf of the "bank security service" or "Interior Ministry officer." Tsarev noted that six months ago the automatic call of the base was rare, the cases were isolated.
According to the expert, calls using a robot increase the coverage of victims. Robotic attacks have another plus - the population trusts such calls more.
According to the newspaper in Tinkoff Bank, the use of robots allows fraudsters to gain the trust of bank customers who seem to be with a bot from the bank's security service. VTB clarified to Kommersant that robocalls are easily organized, because autoinformers are increasingly included in the standard package of office telephony contracts.
According to the director of the, information security GPB Alexey Pleshkov if the victim believed, to the robot it is highly likely that she will believe the persuasion of the fraudster and in live dialogue. The use of bank number substitution technology in such attacks only strengthens trust.
According to Ilya Suloev, director of the Otkritie Bank DIB, from the point of view of protection measures, telecom operators and regulators could make a significant contribution to the fight.[28]
The share of fraudulent calls in Russia from abroad reached 70%
By November 2021, about 70% of fraudsters' calls Russia come from abroad, while two years earlier this share was 40%. Such data were provided by the deputy chairman of the board. Sberbank Stanislav Kuznetsov
According to him, the main source of such calls is the Ukrainian city of the Dnieper, in which there are many Russian-speaking youth, and there are apparently not enough opportunities for honest earnings. Earlier, up to 1000 fraudulent call centers could work in the Dnieper, but over the past year their number has decreased to 150, Kuznetsov said in an interview with Izvestia.
| | Those who worked according to the most primitive scheme were eliminated: "Your card is blocked, dictate the CVV code." There are large centers operating according to more ingenious schemes of deception, - he said. | |
In early October 2021, Kuznetsov also designated Ukraine as the "capital" of telephone fraud. According to him, on average, Sberbank customers receive 3-7 thousand calls a day, sometimes their number reaches 10 thousand.
| | 50% of citizens do not take the phone at all for various reasons and do not answer such calls, but with 1% of citizens [fraudsters] still manage to talk, - added Kuznetsov. | |
He noted that most often fraudsters are represented by law enforcement officers (Ministry of Internal Affairs, General Prosecutor's Office, etc.). They call a potential victim, say a bank employee is trying to steal their money and asking for help catching the gunman. To do this, you need to transfer money to a safer account right now. In addition, employees can receive money or property under the guise of conducting a special operation to catch criminals.
In addition, they are swindlers trying to convince a potential victim that they are not calling her from 900 because they are talking on a secure technical line.
| | А что цитируем-то? | |
Special forces soldier died during the arrest of a telephone fraudster in St. Petersburg
On November 9, 2021, it became known about the death of an employee of the Special Rapid Response Unit (SOBR) during the arrest of a telephone fraudster in St. Petersburg. Read more here.
Telephone scammers in Russia began to send victims fake photos of documents of the Ministry of Internal Affairs
In early November 2021, it became known that telephone scammers in Russia began to send victims fake photographs of documents of law enforcement officers or Bank of Russia employees. Moreover, this method of deception is rapidly gaining popularity.
As Vedomosti writes with reference to Fyodor Muzalevsky, director of the technical department of RTM Group, dozens of such incidents have already been recorded in the second half of 2021, but in reality the bill can go to thousands. According to him, by the beginning of November 2021, out of the total number of fraudulent calls, cases with the provision of photos of fake certificates occupy no more than 5%, but the prospect of growth is high.
The use of fake documents helps to position the victim with the fraudster, which is why attackers can request much larger amounts. Muzalevsky says that usually in such conversations, fraudsters appear to be law enforcement officers and say that illegal actions are carried out against the client or a fraudulent loan is issued, so it is in the interests of the victim to cooperate with the investigation and transfer all the money to a secure account. "
The Bank of Russia is aware of this fraud scheme, a representative of the regulator told the newspaper, without specifying whether the Central Bank recorded an increase in the number of cases using photos of forged documents; he also recalled that the Bank of Russia, on its own initiative, does not send letters to citizens, does not call or send messages.
The total number of fraudulent calls using the "call from the Ministry of Internal Affairs" has not changed, the ratio between calls without forged documents and with them has changed - the latter are really becoming more and more, said Alexander Kalinin, head of the Group-IB monitoring and response center.[29]
Beeline subscriber accidentally found out that 1.7 thousand corporate numbers were registered to it
A TAdviser resident who faced Moscow Ekaterina Litvinova fraud when registering cell numbers for her turned to the editorial office. personal data According to the citizen, it follows that she saw in her personal account on (EPGU Unified Portal state and Municipal Services, "Goservugi") 1732 information messages about the provision of the service "Activation of Corporate Card SIM." Read more here. [1]
Deputy Chairman of Sberbank called Dnipro the capital of telephone fraud
The deputy Sberbank Stanislav Kuznetsov Ukrainian chairman of the board called the city of Dnipro the capital of telephone fraud, about 150 were organized there. call centers This became known on October 4, 2021.
According to Kuznetsov, in 2020 there were about 1,000 call centers of intruders in the Dnieper. The Ministry of Internal Affairs and the Central Bank record an increase in the number of calls from the beginning of 2021, but fraudsters "flowed" from Sberbank customers to other banks, he said.
| | "In 2021, the trend is a call from a police officer, from the prosecutor's office, from the Investigative Committee, and so on," said Stanislav Kuznetsov. | |
According to the Ministry of Internal Affairs, for 9 months of 2021, the number of such cases increased by 15% compared to 2020, and according to the Bank of Russia - by 30%.
In Sberbank, according to him, since the beginning of the year, a reduction in the number of attacks on bank customers has been recorded by about half. According to Kuznetsov, telephone scammers "flowed" from Sberbank customers to customers of other credit institutions.
| | 50% of citizens do not take the phone at all for various reasons and do not answer such calls, but fraudsters still manage to talk with 1% of citizens, "Kuznetsov added. | |
According to Sberbank estimates, telephone scammers steal 3.5-5 billion rubles from Russian bank accounts every month. [30].
Sberbank: Telephone scammers steal 3.5-5 billion rubles from Russian accounts every month
According to Sberbank, fraudsters steal more than 3.5-5 billion rubles from the accounts of Russians every month. Stanislav Kuznetsov, deputy chairman of the board of the largest credit institution in the Russian Federation, announced this in June 2021.
According to him, the average check for a successful fraudulent operation is about 8 thousand rubles. One fraudulent call center accounts for from 3 to 7 thousand calls per day, while in half of the cases swindlers do not call - 1% of calls work, Kuznetsov told RIA Novosti.
He clarified that fraudsters receive information about Russians through the shadow personal data market. He said that when studying the shadow market, the bank found 12 trading platforms for the sale of information from financial organizations, cellular operators and payment systems, nine of which can be used to purchase bank card data.
| | Most often, information from compromised databases of external services - delivery of goods, government agencies, online stores - is available, - said Kuznetsov. | |
The deputy chairman of the board of Sberbank said that by June 2021, fraudsters had become more "patient," as they could not convince people to transfer money for one call due to the increased level of cyber literacy of citizens and technical means of protection. In this regard, a new type of fraud has appeared. An attacker under the guise of a recruiter offers to employ a highly paid job, communicates with a client for several days, can arrange a video conference for an interview.
In May 2021, Kuznetsov said that telephone fraud can be defeated by the end of the year, if the necessary measures are taken at the level of telecom operators. According to him, this will reduce the number of fraudulent phone calls by about 70-80%.[31]
In Moscow, fraudsters draw up loans using biometrics
In Moscow, multiple cases of using customer votes by scammers to issue loans or other financial products have been recorded. This became known on April 10, 2021.
According to the, TASS Information Agency of Russia referring to Moscow law enforcement officers, fraudsters initially call customers banks and ask questions requiring a monosyllabic "yes" or "no." Having received the necessary answers, they are used to issue loans for their victims, using these "loopholes" -. biometric data
| | Knowing that some banks provide a loan service using biometric data, attackers make calls to bank customers who already have a voice recognition service connected and ask questions that only yes or no answers are required. The conversation is recorded, and after the answers are used by fraudsters to issue loans for their victims, - TASS quotes a police statement. | |
Victims learn about the design of loans when money is debited from their card.
The police advise Muscovites to be vigilant in case of suspicious calls, not to transfer their card data to anyone and never, and in case of calls offering biometric data collection, answer that you yourself will come to the bank branch. To save your savings, you should use several types of protection, for example, a codeword or confirmation through a contact center. It will be even more reliable to set a limit on withdrawing money. As soon as notifications about the withdrawal of funds come, you need to immediately block the card[32].
Scheme involving swindlers who, under the guise of police officers, investigate data breaches
In March 2021, it became known about a new telephone fraud scheme. Swindlers call, posing as police officers, and tell a potential victim that someone tried to withdraw their money from the bank by proxy. After that, the attackers lure information out - allegedly to investigate the data leak.
In the case of the RIA Novosti correspondent, they tried to assure him that the attackers allegedly wanted to steal money from his bank account using a "notarized power of attorney." At the same time, theft of funds was allegedly avoided thanks to the vigilance of a bank employee, but now it is necessary to find out how the data leak occurred. In order to get on the trail of "those who have issued a power of attorney," fraudsters are asked to tell by phone about which banks a person is served in, assuring that an audit will be launched in these credit institutions.
| | Police officers never ask for information on which banks you are served in, and so on. They request all the information from the bank directly, - said in an interview with the agency in a credit institution. | |
As the head of the ONF project "For the Rights of Borrowers" Yevgeny Lazareva noted, the legend with calls from scammers under the guise of police officers investigating data leaks has recently become especially widespread, although schemes using "law enforcement officers" have been met before.
Further development of events with such a call depends only on the imagination and diligence of the fraudsters, the expert noted. Having retrieved information about accounts and cards, attackers use them to steal funds and issue fake loans, and also replenish numerous databases that are sold for a lot of money on the darknet, Lazareva explained. According to her, such false policemen are asked to give explanations and disclose information by phone.[33]
Central Bank of the Russian Federation: Telephone swindlers began to be represented by police officers
On January 22, 2021, the Central Bank of the Russian Federation warned of a new type of telephone fraud: swindlers are introduced by officers of the Ministry of Internal Affairs and other law enforcement agencies and report the initiation of criminal cases against bank clients.
Thus, as the regulator said, attackers are trying to obtain personal data, payment card data, information about transactions made on the card, and so on from clients of credit institutions. This information is used by scammers to steal money from citizens' accounts.
The Central Bank informed banks that such a telephone fraud scenario is being used more and more often, asked to take it into account and warn customers about the risks of disclosing personal data and payment card data.
The regulator stressed that it does not submit applications to law enforcement agencies regarding transactions without the consent of clients of credit institutions. If during a telephone conversation a stranger refers to a criminal process initiated by the Bank of Russia, this is an attacker, the Central Bank warned.
The press service of the Ministry of Internal Affairs explained that in the event of a criminal case against a citizen, a summons is officially sent to the mailing address at his place of residence to call the police department to the investigator or interrogator. The summons can be sent both within the framework of the initiated criminal case, and within the framework of a pre-investigation check, other procedural actions. In the case of a call on behalf of the police, the ministry recommends that he find out the number of the unit where the alleged employee serves, and call the duty station to clarify whether he works for them.
According to a study conducted by the Bank of Russia, almost every second Russian has faced fraud. At the same time, among companies, the indicator is less - about a third of respondents dealt with cybercriminals.[34]
2020
Theft of 150 billion rubles from Russians by phone and via the Internet
In 2020, scammers stole 150 billion rubles from Russians by phone and over the Internet. This is evidenced by the calculations of BrandMonitor, based on data from the All-Russian Center for the Study of Public Opinion (VTsIOM).
As Kommersant writes with reference to a BrandMonitor study, the following fraud schemes were the most profitable for swindlers:
- Scammers received 66 billion rubles, posing by phone as representatives of financial organizations and withdrawing money through ATMs;
- 46.5 billion rubles earned on fictitious medical services;
- 18.6 billion rubles were brought to the attackers by phishing sites and non-existent online stores.
The average damage to citizens from telephone fraudsters in 2020 varies from 27 thousand to 50 thousand rubles, depending on the context of the call. In particular, the victim of swindlers, who appear to be employees of medical institutions, on average loses more than 50 thousand rubles, while calls allegedly on behalf of banks cost Russians 27 thousand rubles.
As the source of the publication noted, the amount of fraudsters' earnings can be called "cosmic," since they are twice the amount of net profit that VTB (one of the largest banks in the country) plans to earn by the end of 2020 - 70-75 billion rubles.
It is noted that in 2020, banks and the Central Bank of the Russian Federation have repeatedly increased the blocking of fraudulent telephone numbers, or attempts to steal from the accounts and cards of Russians. Fraudsters intensified during the pandemic, when residents of the country stayed at home, often made purchases via the Internet, or turned to doctors for treatment, tests or examinations.
In 2020, two trends that strengthen each other met: the annual significant increase in fraud and the transition of the population to remote work, which increases the importance of communication tools and the loyalty of people to incoming unfamiliar calls, believes Alexei Malnev, head of the Jet CSIRT Incident Monitoring and Response Center for Jet Infosystems.
In the first 6 months of 2020, the Central Bank blocked about 10 thousand telephone numbers of intruders, the Kommersant newspaper writes. The indicator has grown 4 times compared to 2019. Experts expected another wave of fraud on the eve of the New Year, the newspaper notes.[35]
Named the most popular regions among telephone scammers
On December 29, 2020, it became known that Moscow and the region topped the list of the most popular regions among telephone scammers. This conclusion follows from a study by BI.Zone (Secure Information Zone, Bison), a subsidiary of Sberbank, which Interfax got acquainted with.
In just a year, fraudsters made about 15 million calls, and Sberbank received more than 3.4 million complaints about them. For comparison: in 2019, only 2.5 million complaints were recorded.
The capital region accounts for 28.8% of all calls. Next come: St. Petersburg and the Leningrad Region (8.7%), Krasnodar Territory (3.4%), Sverdlovsk Region (3.1%), Rostov Region (2.4%), Samara Region (2.3%). Among the goals of fraudsters are also residents of the Chelyabinsk, Nizhny Novgorod and Novosibirsk regions (2% each), Tatarstan and Bashkiria (1.9% each), as well as the Krasnoyarsk Territory (1.5%). The company's experts associate the popularity of Moscow and St. Petersburg among fraudsters with the population and its solvency in these cities.
The largest number of unwanted calls is in the daytime (14:00) and evening (from 16:00 to 20:00). The least calls are from 2pm to 3.10pm, when presumably "scammers leave for lunch."[36]
A type of fraud using voice fake technology has appeared in the Russian Federation
In Russia, the type of fraud using social engineering and voice tampering technology is gaining momentum. This became known on December 28, 2020. This trend was reported in information security companies. Among the scammers when using social engineering were calls allegedly from law enforcement agencies.
A " bank security officer" tells the caller he is working closely with police and warns of a call from authorities soon. The call does occur, but from a replacement number (it is defined as real). Allegedly, the police act according to the old scheme: they request data cards, CVV and codes from. SMS Such fraud was recorded in, Norilsk the head of the information security department told the publication "" with SearchInform Aleksei Drozd reference to the data MINISTRY OF INTERNAL AFFAIRS region.
Another case, according to him, was recorded in Ugra. An unknown person called the woman and introduced himself as a security officer of a large bank. The applicant immediately realized that they were trying to deceive her, and stopped talking with the attackers. After that, the scammers called the Ugra woman again from the dummy number of the duty unit of the Russian MIA Administration for the Khanty-Mansi Autonomous Okrug-Ugra and introduced themselves as police officers. They reported that they were developing scammers who called her and asked her to follow the instructions of the scammers so as not to disrupt the operation. The resident agreed to assist law enforcement agencies, as a result, the criminals gained access to the victim's personal account and stole about 150 thousand rubles[37].
Kaspersky Lab: the share of spam from unknown numbers was 63%
Kaspersky Lab on December 3, 2020 presented reltates for analyzing the most common telephone and online fraud schemes in 2020. According to statistics from Kaspersky Who Calls, in Russia in 2020, among all incoming from unknown numbers, the share of spam was 63%, and the share of calls with suspected fraud was 5.9%. Read more here.
The Ministry of Digital Development proposes to oblige telecom operators to block fraudsters' numbers
On November 16, 2020, it became known about the proposal of the Ministry of Digital Development to oblige operators to establish systems for countering fraud (fraud) using telephone numbers and establishing a source of traffic.
As Kommersant writes with reference to the corresponding bill, the Ministry of Digital Development proposes to block numbers, from which spam calls or calls are made using replacement numbers. Such numbers, according to the text of the document, will be blocked after complaints from subscribers and preliminary verification of them.
By frode on communication networks, Ministry of Digital Development recommends understanding traffic in which a subscriber is called through a replacement number, having received unauthorized access to operator equipment or special equipment and software. This, in turn, leads to a violation of the security of the network and the rights of third parties, the newspaper notes. It is proposed to consider as telephone spam messages or calls whose purpose is to distribute ads without the consent of the subscriber.
""has already supported the Rostelecom measures proposed by the Ministry of Digital Development, calling them effective. The company noted that the costs will be insignificant, since large telecom operators are already using such systems. "" VimpelCom confirmed that they also use similar systems. MTS They added that the bill requires "detailed study," and in "" MegaFon they reported that they were studying the proposals received.
The general director of the consulting company Orderkom Dmitry Galushko, in turn, in a conversation with Kommersant noted that the installation of additional equipment will lead to the costs of operators. According to him, the fight against fraud is the task of the state, which is carried out at the expense of taxpayers.
The publication says that in July-September 2020, the Central Bank transmitted information to operators about 9.6 thousand numbers identified on suspicion of committing fraud. Of these, only 66 are blocked.[38]
"Jet infosystems": telephone scammers have changed the way they enter into trust in the victim
On November 12, 2020, the company ITJet Infosystems"" announced that it had recorded a change in the deception schemes used by telephone fraudsters in the creditfinancial field. Now, when calling from a phone number bank , the attackers offer the victim to come to the nearest branch of the financial organization and try to convince her that the main fraudsters are bank employees.
The attack begins standard: the victim is called under the guise of bank employees and asked to confirm an attempt to transfer money by card or purchase on a well-known online resource. After that, fraudsters use an unexpected proposal to proceed to the nearest branch of the bank and clarify how long a person will need on the road. Halfway through, it turns out that employees of the branch to which the victim is sent are suspected of committing a dubious operation, so she is convinced to immediately transfer money from the card to a secure account through a mobile bank. The victim is dictated a phone number or card linked to an account in another bank, explaining this by transferring through an insurance agent. If the operation is blocked, the person is warned that the very unreliable employees will call him, and for protection they offer a script of the "correct" answers that are actually needed to unlock the operation.
Another important innovation of the attack is the attempts of attackers "in between" to find out from the victim information about the latest transactions on the card or in the Internet bank. The danger here lies in the fact that this information can be used by the bank as one of the ways to verify customers. The presence of data on the victim's latest operations and phone number allows attackers to call the bank's call center on her behalf and attempt to change the login and password from their personal account to gain full access to the RBS.
| | Attackers regularly adapt the scripts used, and this example proves this once again. The offer to come to the bank's office significantly increases the confidence in callers, because no one expects this from fraudsters. This effect is enhanced by a good imitation of the work of the bank's call center due to the participation in the conversation of several people at once, posing as specialists of different levels and owning the corresponding communication scripts. In addition, scammers come up with any ways to stay in touch with the victim and prevent her from hanging up. Therefore, the simplest and, perhaps, effective recommendation comes down to stopping the conversation as early as possible and calling the bank back at the official number, - comments Alexey Sizov, head of the anti-fraud department of the Center for Applied Security Systems of Jet Infosystems. | |
According to statistics, in the first half of 2020, at the initiative of the Central Bank, over 9.7 thousand fraudulent telephone numbers were blocked, which is almost four times more than in the same period in 2019. In about 80% of cases, attackers used phone number substitution technologies and introduced themselves as employees of a financial institution.
Robots began calling Russians from fraudulent call centers
At the end of October 2020, it became known about the use of robots in fraudulent call centers in Russia. First, potential victims are called automatically, and a person connects at the next stage, when the most distrustful clients are weeded out.
| | The robot says: "Your card in this bank is blocked, call us back at this number." Allegedly, the bank's security officers answer the victim when calling back, "Qrator Labs technical director Artem Gavrichenkov told Kommersant. | |
According to him, by the end of October 2020, swindlers make hundreds of calls a day using robots. This method of fraud is really experiencing a wave of popularity, confirmed to the newspaper the head of the analytical department of Infosecurity a Softline Company Darya Koshkina.
Fraudsters also use fake service numbers, IP-telephony mass mailings SMS and messages in instant messengers on behalf of the bank, said the deputy head of the company's computer forensics laboratory. Group-IB Sergey Nikitin Customers are warned about the "problem" by the answering machine, with the help of it a living person contacts the victims, Nikitin said.
The head of the information security department of "SearchInform" Aleksei Drozd noted that the scheme uses the technique of "reverse social engineering": gullible victims call back the attackers themselves, so they do not have to prove anything. If the victim believes the robot and calls the "support service," the chance of success is higher than with a regular call, the expert adds. The level of initial trust in such calls among people is higher and because they are not yet accustomed to the fact that attackers can use car calls, says Andrei Zaikin, head of Information Security at CROC.[39]
Almost half of all fraudulent call centers are housed in prisons
Almost half of all fraudulent call centers are in prison. The total income of attackers reaches more than 75 million rubles a month. This became known on September 29, 2020.
| | It is not individual attackers who call customers, but employees of professional "contact centers." 40-50% of them are in prison. We record that fraudsters are in almost every third institution of the penitentiary service in, Russia- said the Newsdeputy chairman of the board in an interview with the newspaper "." Sberbank Stanislav Kuznetsov | |
According to Kuznetsov, one call center consisting of 50 "employees" can make about 20 thousand calls a week. A potential victim picks up the phone in half of the cases. 70% of people refuse to talk to scammers.
As for the fight against call centers in prisons, according to Kuznetsov, the State Duma in the first reading adopted a bill introducing a procedure for blocking cellular communications in prisons. It is assumed that the cellular operator will disconnect the communication at the request of the head of the territorial body of the Federal Penitentiary FSIN.
The deputy chairman of the bank's board also noted that in 2020 the number of requests from Sberbank customers regarding telephone fraud doubled compared to 2019. Bank employees recorded about 2.9 million customer complaints about attempts to[40] of[41].
Cheating through creating celebrity friend lookalike WhatsApp profiles
On September 18, 2020, it became known about a new method of fraud through WhatsApp in Russia. Scammers create double profiles of celebrity friends and deceive. Read more here.
In Moscow, up to 60% of telephone fraud is committed from the territory of Ukraine
The number of remote crimes (committed using the Internet and phones) that occurred in Moscow has increased by 120% since the beginning of this year. This was announced in August 2020 by the deputy head of the 6th department of the criminal investigation department of the Main Directorate of the Ministry of Internal Affairs in Moscow, Sergei Klindukhov.
| | "For seven months of this year, more than 25 thousand crimes committed remotely have already been committed. The dynamics of the increase is 120% compared to last year, "he said, speaking at the Public Chamber of Moscow. | |
| | "From our unspoken statistics it follows that 50 − 60% of calls come from Ukraine, that is, the call center is located in Ukraine. We establish them promptly, but we cannot bring them to criminal responsibility, "he explained. | |
| | According to him, the most unprotected segments of the population who are subject to the influence of fraudsters are pensioners. "Our proposals are prevention: distribution of some videos at stops, in bank branches, distribution of leaflets, articles through the media. Just preventive measures, "concluded Klindukhov. | |
Telephone fraud accounts for more than 90% of all clashes with attackers "masked" bank workers
According to a Kaspersky Lab survey, on average, the amount of damage from the actions of fraudsters posing as employees of banking organizations is five thousand rubles. This was reported on August 11, 2020 in Raiffeisen Bank.
According to the survey, in the first half of 2020, more than half of Russians (58%) encountered attackers acting on behalf of banks at least once. In the overwhelming majority of cases (more than 90%) we are talking about telephone fraud, and calls are received mainly during working hours - from Monday to Thursday, from 11 to 18 hours.
Attackers are seriously preparing for such calls and are actively using social engineering methods. So, in 42% of cases, they completely called the correct name, surname and patronymic of the one to whom they called. The most common legends were the need to confirm the data (72%), the message about blocking the card (58%) and the loan offer (57%).
In almost half of the cases (46%), attackers tried to get a code from SMS or card data, and in every fifth case (21%), they convinced them to transfer the money allegedly to a secure account.
| | "The volume of telephone fraud continues to grow, but unfortunately, many people still do not know how to recognize intruders and lose money as a result of the simplest schemes. We remind you that a real employee of a financial organization will never object to the completion of the conversation, but the fraudster, on the contrary, will make every effort and resort to various psychological tricks so that the one to whom he calls does not hang up. Therefore, in any case, it is better to end the conversation and call back to the official number of the bank, "recalled Sergey Golovanov, a leading expert at Kaspersky Lab. | |
The growing interest of fraudsters in a scheme based on the confidence of citizens in well-known banking analysts on the market was recorded by Raiffeisen Bank experts in the first half of 2020. The names of Denis Poryvay and Stanislav Murashov enjoy the greatest attention from fraudsters. Swindlers call bank customers on their behalf, offering "investment ideas," schemes for their implementation and details for transferring funds to an account. Immediately after the transaction, the "analyst" disappears, respectively, customers lose money, and real analysts receive reputational damage.
| | "Banking analysts never initiate contact with individuals, do not offer them investment ideas, do not discuss the details of their implementation, do not ask for personal information, including financial information, and do not offer any financial transactions. For any call from such an "analyst," we recommend that you hang up and call the bank directly at the number indicated on the back of the card. It is also worth contacting the bank when receiving a letter of this content, "said Pavel Nagin, head of the monitoring and prevention of cyber attacks at Raiffeisen Bank information security department. | |
Sites determine the numbers of Russians without their knowledge. A new phone spam epidemic begins
On February 17, 2020, it became known about the growing new wave of telephone spam in Russia. It is associated with the development of technology for determining the number of users visiting sites from mobile devices.
According to Izvestia, some companies offer entrepreneurs installation services on the website of a special program code that allows calculating the phone number of Internet users. Often, trap sites are linked from social networks.
The first to attack the residents of Russia were real estate companies that call people with the offer of their services. According to the publication, calls follow an hour and a half after visiting the site.
The head of the analytical center Zecurion Vladimir Ulyanov said that using the technology of fixing the number of a visitor to the site, you can increase the client base by 300%. At the same time, it is impossible to communicate with representatives of companies providing such services - calls come from virtual PBX numbers, which cannot be called back.
As Alexander Bagov, senior pentester of the audit department of Digital Securities, explained to the newspaper, it is technically easy to find out the number of those who log in from mobile devices. A special code is installed on the site that allows you to determine the phone number and affect the consumer not through contextual advertising, but through direct communication.
It is noted that the use of such technology can violate two laws - "On personal data" and "On advertising." Experts also say that due to the fact that Russian users do not complain to the FAS and Roskomnadzor about violations of their rights, illegal practice continues to spread. Unauthorized collection and use of personal data entails a fine of up to 75 thousand rubles.[42]
2019
Attackers prefer the phone to all other communication channels
The share of social engineering in the total number of embezzlement of funds from the accounts of individuals in Russia in 2019 increased by 10 percentage points, to 90%, according to a study by a subsidiary of Sberbank - BI.Zone (Safe Information Zone, Bison). This became known on June 19, 2020.
| | Attackers continue to exploit human credulity. In terms of theft, the share of social engineering in 2019 increased by 10 percentage points and now accounts for 90% of all types of fraud. At the same time, the share of malware decreased from 9% to 3%, "the study says. | |
Stanislav Kuznetsov, deputy chairman of the board of Sberbank, spoke about the share of social engineering in 90% of thefts from the accounts of individuals in July 2018.
| | The scale of the activity of attackers in this direction is impressive: the organizers of such criminal groups are recruiting entire call centers. They hire people full-time with the sole task of tricking bank clients into stealing money from them, Bi.zone experts point out. | |
They also note that attackers prefer the phone to all other communication channels: in 2019, the share of calls was 90%. The number of fraudulent SMS, according to the company, decreased in 2019 to 5% from 33% a year earlier.
| | Previously, the main tools for stealing money were fake bank cards and sms-banking. In 2019, the situation changed: fraud using mobile applications came first. Such operations were 50% of the total, the study said. | |
It showed that cyber theft using bank cards accounts for 30% of the total number of fraudulent transactions. At the same time, sms-banking has sharply lost popularity among cybercriminals, it now accounts for 12% of thefts[43].
Tinkoff: The average check for card loss/theft has decreased almost 2 times in 2 years - to 9,800 rubles
On March 10, 2020, Tinkoff informed TAdviser about a large-scale study of fraud in the Russian banking sector. The average amount for all fraud attempts is about 14,000 rubles. At the same time, the average check of successful fraud per client (may include several operations) at the end of 2019 amounted to 9,300 rubles. Over the year, this amount decreased by 13%.
Machine learning technologies helped to reduce the average check for card loss/theft in two years by almost half - up to 9,800 rubles.
Customers lose the most money when they provide card data and SMS codes - about 27,700 rubles.
In 42% of cases when fraudsters try to lure SMS codes and card data from customers, they are presented by the security service of third-party banks. Read more here.
Prisoners in the Ryazan colony earn tens of millions of rubles on telephone fraud
On December 24, 2019, the 13th series of the documentary film "Chronicles of the Gulag of the 21st Century" was published on the Gulagu.net YouTube channel, from which it became known that prisoners in the Ryazan colony earn tens of millions of rubles from telephone fraud.
The founder of the Gulagu.net project and the author of the film, Vladimir Osechkin, sent a statement indicating signs of crimes in the correctional institution to the head, Investigative Committee of Russia Alexandra Bastrykina prosecutor general, Yury Chaika first deputy director FSB Russia Sergei Korolev and Minister of Justice of the Russian Federation. Alexander Konovalov
The authors of the investigation claim that an organized criminal community (OPS) was formed from among the criminals serving sentences, as well as current employees of the IK-3 and UFSIN in the Ryazan region. The video presents fragments of correspondence and telephone conversations of members of the OPS.
According to Vladimir Osechkin, members of the OPS managed many accounts and bank cards directly from the PKU IK-3 the Federal Penitentiary Service of Russia in the Ryazan Region from 2016 to 2019 through mobile banking using access to the Internet to and account management in several. banks
In his letter, Vladimir Osechkin points out the embezzlement of 20 million rubles of the Federal Penitentiary Service IK-3 the Federal Penitentiary Service of Russia in the Ryazan Region. In a conversation with MBH Media, the founder of the Gulagu.net project said that prisoners, with the approval of the administration, extorted more than 50 million rubles a year by phone. Men on the phone and the Internet rubbed themselves into the trust of wealthy women from Moscow and deceived them to transfer money to their accounts, which they then cashed. According to Osechkin, the colony employees provided prisoners with round-the-clock access to mobile communications, the Internet and drugs for bribes.[44]
Beeline city numbers are the most popular among scammers
Bank scammers in 60% of cases call from city numbers. Beeline
2.5 million complaints about phone fraud in a year
Social engineering has supplanted all other types of cyber fraud in recent years. Sberbank In 2019 alone, 2.5 million complaints about telephone fraud were received - calls under the guise of the bank's security service. Compared to 2017, the growth was 15 times, and many cases are simply unknown, since customers did not report them to the bank. Fraudsters have already acquired personal consultants who analyze the methods of counter-response of banks. In 2019, Sberbank calculated the number of unique numbers from which attackers call - there were 170 thousand of them.
Calls under the guise of labor inspectors
In mid-November 2019, Rostrud warned of a new form of phone fraud. Attackers call companies, impersonate labor inspectors and offer to buy literature to avoid the negative consequences of unscheduled inspections. Also, fraudsters offer paid services for preparing for allegedly preparing control and supervisory measures.
| | Callers are presented by employees of the state labor inspectorate and report that work is underway against the employer, during which unscheduled inspections are planned, the press service of Rostrud reports. | |
Such fraudulent actions were recorded in Moscow, Stavropol, Perm, Krasnodar Territories, Khanty-Mansi Autonomous Okrug, Komi Republic, Penza, Kirov, Volgograd, Samara, Saratov, Ulyanovsk, Vladimir, Voronezh, Kostroma, Oryol, Bryansk, Tver, Smolensk, Kursk, Ryazan, Murmansk, Lipetsk, Astrakhan regions - in total 24 regions.
In connection with the increasing cases of fraud, Rostrud sent a letter to the Ministry of Internal Affairs with a request to take response measures. The department also recalls that Rostrud and the state labor inspectorate, in principle, do not provide paid services. Any information can be obtained free of charge on the official information resource Онлайнинспекция.рф or in the regional labor inspectorate.
The service also urged employers to be vigilant and report similar cases of fraud to law enforcement agencies.
The department also has a service "Duty Inspector," which allows you to ask a question on labor law and receive an answer within three working days.
As noted in the company Group IB, vishing is especially popular among attackers - a type of telephone fraud, when, during a telephone conversation, criminals disguised as bank security officers, prosecutors, the pension fund, the tax service or medical institutions are trying to deceive victims of their bank card data or force them to transfer money to the desired account or phone number for some non-existent service, tax, win.[45]
Central Bank: the number of fraudulent calls with the substitution of bank numbers is growing sharply
On September 27, 2019, it became known about the frequency of fraudulent calls in Russia with the substitution of the bank number. According to the Central Bank, in June-August alone, fraudsters managed to replace about 200 bank numbers.
According to Kommersant, in the summer of 2019, the Central Bank sent information to telecom operators about more than 2.5 thousand numbers from which calls to Russian customers were received. At the request of the financial regulator, operators in 218 cases blocked the number, in 59 - imposed restrictions on the use of financial services, and in 198 - found a substitution of the bank number. However, in more than two thousand cases, no measures were taken due to the lack of legal grounds.
The share of calls with bank number substitution by mid-summer reached 35% of the total number of fraudulent calls, said Ilya Suloev, deputy director of the Otkritie information security department |. Rosbank faced a wave of calls from scammers in early July. Alfa-Bank also recorded the substitution of the number.
A new surge in fraudulent calls was recorded in September 2019, Artem Sychev, First Deputy Head of the Information Security Department of the Bank of Russia, told the publication. According to him, legislative amendments will also be required to implement technical protection measures.
Many of the Central Bank's appeals received in the summer were "technically incorrect," a representative of VimpelCom explained to the publication. According to him, sometimes the lists provided for blocking numbers indicated those that banks use for outgoing calls to customers. Blocking such numbers would lead to the fact that banks could not get through to customers, the operator noted.
The statistics of the Central Bank reflect only a small part of the problem, Vlad Wolfson, commercial director of MegaFon, told the publication.[46]
Notes
- ↑ Beeline spoke about the scheme where the victim herself calls the fraudster
- ↑ 400 call centers and accomplices in Russia: how Ukrainian telephone fraud schemes work
- ↑ Personal display: New online fraud scheme is gaining momentum
- ↑ warns of a new cyber fraud scheme
- ↑ Bilaine told about a new fraud scheme
- ↑ Suppressed the activities of an extensive network of communication nodes that were used for remote fraud
- ↑ Russian courts warned of a new telephone fraud scheme
- ↑ Strength test: fraudsters have found a new way to attack Russians
- ↑ Nine out of ten IT crimes in Russia are committed from Ukraine, the Ministry of Internal Affairs said
- ↑ In Khabarovsk, found a "farm" with SIM cards that used the SBU
- ↑ Russians warned about the trick of scammers offering to undergo fluorography
- ↑ New scheme from fraudsters from the adjacent side
- ↑ The HRC told how many calls a day are made by fraudsters in Russia
- ↑ Saw the code: how scammers use the screen broadcast function to steal money
- ↑ Experts talked about scammers calling on behalf of MPSC employees
- ↑ "Sberbank" estimated the number of fraudulent calls in Russia
- ↑ Telegram channel of the Central Bank of the Russian Federation
- ↑ Increase in Tech Support Scams Targeting Older Adults and Directing Victims to Send Cash through Shipping Companies
- ↑ New scheme of fraudsters - invitation to "personal reception to the Central Bank"
- ↑ The Central Bank explained why fraudsters call and remain silent in the phone
- ↑ Fraudsters began to offer Russians a "job" to evaluate hotels on Booking
- ↑ Sberbank reported a rapid increase in the number of telephone fraud attempts
- ↑ Russians warned how "fraudsters" can be made of them
- ↑ Mobile subscribers will lose $58 bn to fraudulent robocalls
- ↑ Thousands scammed by AI voices mimicking loved ones in emergencies
- ↑ Central Bank warned of a new scheme of telephone scammers
- ↑ On-call fiction: scammers began to use Russians to replace numbers
- ↑ Financial institutions faced a sharp increase in auto attacks on customers
- ↑ Telephone scammers began to use fake IDs of the Ministry of Internal Affairs more often
- ↑ The deputy chairman of Sberbank called Dnipro the capital of telephone fraud
- ↑ Sberbank calculated how many fraudsters steal from the accounts of Russians per month
- ↑ In Moscow, fraudsters draw up loans using biometrics
- ↑ Fraudsters came up with a new scheme to lure money from Russians
- ↑ Bank of Russia warns of new phone fraud scheme
- ↑ Not caught - not a conversation. Over the year, fraudsters remotely lured 150 billion rubles from citizens
- ↑ Experts named the most popular regions among telephone scammers
- ↑ A new type of fraud using voice fraud technology has appeared in the Russian Federation
- ↑ Operators are put on a call. It is proposed to block telephone fraudsters at the network level
- ↑ Robots as part of an organized group. Fraudulent call centers are switching to auto-calling
- ↑ [https://www.securitylab.ru/news/512563.php deceive Almost half
- ↑ all fraudulent call centers are placed in prisons]
- ↑ Everything about spam: a new method of stealing personal data is distributed in the Russian Federation
- ↑ The share of social engineering in thefts from citizens' accounts in the Russian Federation in 2019 increased by 10 percentage points, to 90% - Bi.zone
- ↑ OPS in colony No. 3 for "former employees." On embezzlement of more than 20,000,000 rubles, corruption in the PKU IK-3, the Federal Penitentiary Service for the Ryazan Region and the Federal Penitentiary FSIN
- ↑ Rostrud warned of fraud cases in connection with unscheduled inspections
- ↑ Fraudsters occupied phones
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |