Telephone fraud
Main article: Telephone fraud
2025
Telephone scammers in Russia began to call stores and lure money under the pretext of checking terminals
Fraudsters have developed a new scheme to deceive owners and employees of retail stores, posing as specialists of acquiring companies and demanding a transfer of funds for "testing" payment terminals. Attackers convince victims to transfer large amounts to bank cards under the pretext of conducting a technical check of equipment with the promise of a refund within 15-20 minutes. The Department for Organizing the Fight against the Illegal Use of Information and Communication Technologies MINISTRY OF INTERNAL AFFAIRS Russia on August 26, 2025 warned of the spread of such schemes.
According to Rossiyskaya Gazeta, in one of the recorded cases, the store director transferred ₽60 thousand from his personal account to the fraudster after a telephone conversation with a person who introduced himself as an employee of an acquiring company. The attacker convinced the head of the outlet of the need to urgently check the operability of the payment terminal.
To increase trust, fraudsters use a multi-stage contact scheme with potential victims. Initially, the call is received by the store administrator, who then hands over the handset to the director or other responsible person. This approach creates the illusion of official appeal and reduces the suspicion of recipients.
Criminals exploit the real practice of interacting stores with the technical services of acquiring companies. Retail outlets do receive periodic calls from representatives of cashless payment services regarding maintenance and equipment configuration.
The scheme provides for the creation of an artificial time pressure for making a decision by the victim. Fraudsters focus on the urgency of the audit and the need to immediately follow the instructions, leaving no time for reflection or consultation with colleagues.[1]
Telephone scammers began to send messages to Russians about the death of a friend
On March 12, 2024, the Department for Organizing the Fight against the Illegal Use of Information and Communication Technologies MINISTRY OF INTERNAL AFFAIRS RUSSIAN FEDERATION reported that fraudsters are actively using a new scheme to deceive Russians. Attackers send messenger users messages about the death of their acquaintances, trying to inject recipients on computers. malware
Mass mailing is recorded in the Telegram messenger. Cybercriminals inform users that a certain person has died. The message may look something like this: "Hi. You know him? Passed away tonight... My condolences. " In this case, a file is attached to the message, allegedly containing a photograph of the deceased. However, this attachment has an APK extension and actually contains a virus.
 | Fraudsters always try to put pressure on emotions. The Telegram messenger records a mailing list with messages about the death of friends. The newsletter contains APK files that initiate the installation of malicious software. Be careful, calm and check any incoming information, - notes the cybercrime department. |  |
The APK file may contain malicious code designed, for example, to steal personal data. Attackers can later use this information to steal funds from the victim's accounts or organize other fraudulent schemes.[2]
The appearance in Russia of a new scheme to deceive Russians under the guise of kidnapping
The official representative of the Ministry of Internal Affairs of Russia, Irina Volk, announced on February 21, 2025, a new telephone fraud scheme in which criminals stage kidnapping for ransom from their relatives.
According to Kommersant, the attackers use a scheme in which they convince the victim to stop communicating with relatives, force them to leave their region and hide in another city. After that, the criminals get in touch with the family, reporting the alleged abduction and threatening with physical violence. To increase the pressure, they demand large amounts of money as a ransom. Such a scheme allows fraudsters to manipulate the victim's loved ones, creating a sense of real threat and forcing them to urgently transfer money.
As an example of the disclosed crime, the representative of the Ministry of Internal Affairs cited the case of a 16-year-old Muscovite, whom fraudsters convinced to sell maternal gold jewelry and leave for the Vladimir region to transfer money. At the same time, they demanded ₽500 thousand from the mother of the teenager under the pretext of ensuring his safety.
Thanks to the prompt actions of law enforcement agencies, it was possible to prevent the transfer of money to criminals and establish the whereabouts of the teenager. On this fact, a criminal case was initiated under Articles 30 and 159 of the Criminal Code of Russia (attempted fraud).
This warning appeared against the background of the intensification of the fight against cybercrime in Russia. The government approved the concept of a state system for combating crimes committed using information technology. According to the Investigative Committee of Russia, for the nine months of 2024, 564 thousand crimes in the IT sector were committed, which is 15.3% more than in 2023.
Within the framework of the new concept, it is planned to create a specialized digital platform for the prompt exchange of information between law enforcement agencies, banks and telecom operators, which should increase the effectiveness of combating such crimes.[3]
New telephone fraud: scammers began to steal Russian accounts on Public services using intercoms
Videoglaz, a company specializing in providing ready-made security solutions, revealed a new fraud scheme in February 2025, in which attackers gain access to citizens' accounts on the Public services portal under the pretext of replacing the keys to the intercom. Read more here.
2024
Fraudsters distribute fake phones of the State Public services support service
Russian intelligence service vulnerabilities data breaches DLBI and analyzed fraudulent schemes with the help of which citizens are stolen access to. portal "Public services"
In addition to the already known schemes for obtaining an SMS code confirming a password change using social engineering, there are several new possibilities for attacks on contacts of the service support service.
In particular, fraudsters create fake reference sites on which they publish fake phones of the State Public services support service, and then, using search promotion, achieve their appearance in the top 10 search engines. In addition, SMS messages are sent about an allegedly unsuccessful login attempt or even account hacking, also containing a fake support number.
DLBI experts note that the new schemes can dramatically increase the efficiency of fraudsters, as they fully automate the first stage of victim processing, and live "operators" of fraudulent call centers communicate with those who believe that they have contacted " support service and are ready to execute teams of fraudsters.
| | So far, we are separated from the mass use of such schemes by the relatively high complexity of organizing large-scale SMS mailings, as well as the labor intensity and duration of search promotion of fake sites. However, if the "tests" that we see now show the effectiveness of fraudsters, a technical solution will be found, just as SIM boxes replaced VoIP telephony after restricting international traffic, "said DLBI founder Ashot Hovhannisyan. - You will need to protect yourself from new schemes, as before, first of all, to the users themselves. To do this, it is best to take the Public services support phone on the service website itself and enter it into contacts in order to use it only in the future, not paying attention to what comes in SMS, and even more so not trying to find it in search services, he added. | |
A new telephone fraud scheme has appeared in Russia - it is aimed at salary card holders
Police have recorded a new type of phone scam targeting salary card holders. Attackers send fake SMS messages about forced deductions from wages. This became known on November 21, 2024.
Fraudsters use a mass mailing of fake bank notifications, in which they report allegedly upcoming mandatory deductions from wages in favor of a special military operation on the basis of a non-existent government order.
The scheme works by sending messages with official-looking links, when navigating through which attackers gain access to victims' bank cards. Scammers suggest that recipients refuse fictitious monthly contributions by clicking on malicious links.
The Office of the Ministry of Internal Affairs for Ugra emphasizes that any fundraising to support a special military operation is carried out exclusively on a voluntary basis. Deductions from wages cannot be made without the written consent of the employee.
The police have noted an increase in the number of such cases of fraud in recent days. Attackers carefully simulate official bank notifications, which increases the likelihood of trust from message recipients.
Law enforcement agencies urge citizens to be vigilant and not respond to suspicious reports of unauthorized deductions from wages. When receiving such SMS, it is recommended to immediately contact the bank through official communication channels.[4]
A new fraud scheme has appeared in Russia: swindlers send flowers or another gift
In mid-November 2024, it became known that swindlers in Russia are actively using a new fraud scheme aimed at stealing funds from citizens' accounts. To do this, attackers send flowers or another gift to the victim.
The scheme is based on social engineering techniques. The person to whom the present is intended often believes that he is from a loved one, a colleague at work or, for example, a grateful client. The essence of the trick is that after a while, fraudsters posing as courier service employees contact the recipient of the gift. Attackers are asked to dictate the "delivery confirmation code," motivating this by the need to generate reports for the employer. In fact, the digital combination received on the victim's phone gives criminals access to the user's online banking.
Thus, by passing the code to false delivery employees, the victim risks losing money or finding himself with unexpected loans. In particular, in one of the recorded cases, an employee of a medical institution was delivered a bouquet of flowers, after which they tried to apply for a loan in the amount of 2 million rubles. The woman managed to avoid financial losses only thanks to the vigilance of the bank's security specialists, who discovered suspicious activity and blocked the operation.
It is also said that telephone scammers can call subscribers under the guise of law enforcement officials or employees of financial organizations. Under various pretexts, attackers convince people to install supposedly protective solutions, telecom support applications or services for receiving medical care on a smartphone. If a person agrees, cyber wrestlers send him a malicious file in the messenger.[5]
Telephone scammers in Russia began to use deepfakes of dead people to lure money from relatives
In early November 2024, it became known that a new cybercriminal scheme based on artificial intelligence technologies was gaining momentum in Russia. Telephone scammers use deepfakes of dead people, luring money from their relatives here under various pretexts.
Intimidation of company executives on behalf of the FSB
Telephone scammers began to intimidate company executives in Russia, posing as FSB officers. The attackers send letters on behalf of the FSB Information Protection and Special Communications Center, warning of an alleged data leak and demanding assistance. This was announced at the end of October 2024 by specialists from the Center for Digital Expertise of Roskachestvo.
According to TASS, fraudsters send letters to the heads of organizations stating that they come on behalf of the FSB. The letters contain information about the need to conduct "consultation conversations" with employees, the list of which is attached as a separate file. This list often lists almost all employees of the company. Managers are asked to organize phone calls with these employees and strictly warn them about confidentiality, since the information allegedly has a stamp "For official use."
With the assistance of the head, fraudsters begin to call the company's employees. They claim that there was a data breach at the company and demand that their own savings be transferred to the specified account, promising their return along with the premium in a few days. In some cases, attackers also accuse employees of treason or financing terrorism, citing alleged transfers of funds to hostile states. Employees are urged to transfer all the money to a "safe account," arguing that this will save the remaining funds. In case of refusal, fraudsters threaten to initiate a criminal case.
According to the head of the center for digital expertise of Roskachestvo, Sergei Kuzmenko, when receiving suspicious calls, you need to pay attention to signs of manipulative influence. If there are threats of criminal prosecution or dismissal during a conversation, the requirement to maintain the confidentiality of the conversation, as well as pressure to coerce cooperation or try to turn against someone, the conversation should be immediately completed and contact law enforcement agencies. Kuzmenko also stressed that real representatives of state bodies and financial institutions never require immediate action and do not use methods of intimidation.[6]
A new telephone fraud scheme in Russia: a victim is persuaded by SMS to independently call attackers
In October 2024, Beeline announced the identification of a new telephone fraud scheme in Russia. Attackers send SMS messages in which they convince potential victims to independently call the indicated numbers, allegedly to solve problems with the account on the Public services portal.
Beeline's director of fraud management, Pyotr Alferov, said in October 2024 that customer complaints about receiving suspicious SMS have recently become more frequent. The messages talk about an attempt to log into the Public services account and the need to change the password, for which it is proposed to call the specified number.
The operator, together with partners, is working on restructuring anti-fraud processes to block outgoing customer calls to fraudulent numbers. This measure aims to prevent a new scheme of deception.[7]
They call up via video link and ask to show the phone screen. A scheme of fraud with ad sites has appeared in Russia
A new scheme of fraud using video links and screen demonstrations began to spread in Russia, which was reported by cybersecurity experts in September 2024. Attackers actively use ad sites, contacting sellers under the guise of buyers, offering a video call to check the product. During the conversation, scammers are asked to show the phone screen, which allows them to see the banking confirmation codes and gain access to the victim's financial applications.
According to Izvestia, one of these schemes was recorded in Moscow, as a result of which the victim lost ₽14,5 thousand. A woman selling a sofa over the Internet agreed to a video call with the alleged buyer, who allegedly transferred money for the goods. When no SMS was received confirming the transfer, the buyer offered to turn on the display of the phone screen for verification. At the time of displaying the confirmation code on the screen, the attacker managed to carry out a debiting operation. As a result, the seller lost his money. Law enforcement agencies have launched an investigation.
In the
Such schemes are often built on social engineering, where scammers use a variety of psychological tricks to gain access to personal information. According to Kaya Mikhailov, head of information security at iTPROTECT, such cases are happening more and more often. Criminals, under various pretexts, persuade users to turn on the display of the screen in order to gain access to banking applications and personal data.
Experts warn that fraudsters can use the codes obtained in this way to change the phone number associated with the bank account and withdraw funds. As explained in the company iTPROTECT, such attacks can become especially dangerous if the victim does not have time to interrupt the operation in time. After receiving the code, fraudsters can change the settings of the banking application and steal money from the account.[8]
Telephone scammers began to deceive Russians participating in court cases
In Russia, a new fraud scheme has been recorded aimed at participants in court proceedings. This was announced in mid-September 2024 by the joint press service of the courts of the Volgograd region. Criminals call citizens, posing as assistant judges, and try to lure personal data from them under the pretext of sending documents to familiarize themselves with the case materials through the "state services" portal.
According to RAPSI, the attackers have detailed information about the case: they exactly name the surname, first name, patronymic of the citizen, as well as judges and the case number. During the conversation, fraudsters offer to send the case materials for review, but for this they ask to dictate the digital code that comes to the citizen's mobile phone. After receiving the code, the swindlers instantly interrupt the conversation.
According to representatives of the judicial system, such a fraud scheme is illegal, and no court sends documents through the "state services" portal, and also does not require the provision of personal data or digital codes by phone. Deceived citizens can become victims of theft of their confidential information, which can lead to financial losses and other consequences.
Fraudsters actively use the confidence of Russians in official sources, which makes their criminal actions especially dangerous. The courts urge citizens to be vigilant and not hand over their data or codes to strangers, even if they claim to act on behalf of the judiciary.[9]
Telephone scammers in Russia began to offer discount tariffs for communication
A new fraud scheme has appeared in Russia, in which attackers offer citizens discount tariffs for mobile communications, posing as employees of operators. This was reported in September 2024 by the press service of the Beeline operator, citing a sharp increase in the number of such cases in recent months.
According to RIA Novosti, fraudsters call subscribers, posing as communication employees, and offer to connect "profitable" non-public tariffs, allegedly with significant discounts. Most often, they promise a discount of up to 50%, followed by an automatic tariff extension. However, to confirm the connection, the attackers demand to transfer the money in advance, allegedly for the "guaranteed connection" of the tariff. After the victims transfer money, communication with the "representatives" is terminated, and the promised service is never provided.
| | Recently, cases of fraud related to mobile tariffs have become more frequent. Attackers call subscribers under the guise of telecom operator employees and offer to connect non-public or discount tariffs, the Beeline press service said. | |
Often, communication with scammers continues through instant messengers such as Telegram, where attackers continue to convince their victims to transfer money. One recent case shows that after a client transferred funds for two months of services, scammers deleted the chat and completely stopped communicating. Such situations cause serious concerns among operators and experts.
Earlier it was reported that the Ministry of Internal Affairs of Russia managed to liquidate a network of fraudulent communication nodes in 13 regions of the country, which allowed criminals to remotely and anonymously contact victims from abroad. Fraudsters have used technological tools such as SIM boxes to hide their real numbers and manipulate gullible citizens.
According to the Ministry of Internal Affairs, the network operated under the guidance of an anonymous curator located outside Russia, who attracted young people to the scheme via the Internet. He gave instructions on how to deceive Russians by posing as representatives of telecom operators or other organizations.[10]
The Ministry of Health of Russia warned about the appearance of a fraudulent scheme with an application for cashback
Russia In recorded another fraudulent scheme. By, to data Ministry of Health telephone scammers offer users to install a "special" application allegedly to receive cashback. This was announced on September 12, 2024 by the press service of a member of the committee on State Duma of the Russian Federation information policy, information technology and communications. Anton Nemkin
| | Now swindlers call and convince to install the "application of the Ministry of Health" if they have recently undergone medical examinations in order to get cashback. After the application is on the phone, fraudsters give the victim a form for entering data and... get access to a bank card, - said the ministry in its Telegram channel. | |
| | For example, a scenario has recently spread in which attackers reported the need to extend the compulsory medical insurance policy. All that needed to be done was to also install an allegedly special application from the ministry, the deputy recalled. | |
| | Pensioners are active users of digital technologies. For example, according to the Beeline study, 75% of respondents in the 56-70 age group have touch gadgets for September 2024, and 87% of older Russians use the Internet, according to the Weber agency. At the same time, digital literacy skills are not developed among everyone, which is very actively used by attackers. Therefore, such schemes of deception, unfortunately, consistently fall into the tops of fraudulent scenarios, "the deputy explained. | |
| | The problem we faced this year - the complication of malicious attacks - is here too. A significant part of the population has already been warned about traditional deception schemes, but a call asking to install the application can corny drive a person into a stupor. Especially if we are talking about the older generation, not all of them know about the danger of installing malicious software, - said the deputy. | |
The consequences of such an installation can be theft of a user's personal savings, collection of personal data and data on a person's activity in other services. In addition, the malware can connect the device to a botnet in order to subsequently use the phone's resources in the background. {{quote 'Advanced phishing applications can record what is happening on the user's screen, including the process of entering data for entering online banking and on "Public services," Nemkin warned. }}
| | You always need to clarify the information yourself. Representatives of the ministry or employees of other organizations never call first. If a person is faced with a similar call, you need to hang up and call the contacts indicated on the official pages of the authorities. According to the results of the second quarter of 2024, attackers stole about 4.8 billion rubles from bank accounts of citizens and companies - a colossal value. But the solution to the problem largely depends on the personal caution of citizens, the deputy emphasized. | |
Telephone scammers began to deceive Russians who are facing court hearings
In September 2024, it became known about a new telephone fraud scheme aimed at participants in litigation. Fraudsters call citizens awaiting participation in court hearings and present themselves to court officers, accurately naming personal data and information about the upcoming case. The scheme is particularly troubling as criminals use real-world trial data, making their calls extremely compelling.
Fraudsters voice the surname, name and patronymic of a citizen, the date and time of the court session, as well as the details of the case in which the person participates. The callers claim that they sent court notices through the "Unified Portal of State and Municipal Services" and offer to gain access to documents by dictating a digital code sent to the phone. As soon as the victim reports this code, the conversation is immediately interrupted, and attackers gain access to personal information.
The head of the United Press Service of St. Petersburg Courts Daria Lebedeva was one of the first to draw attention to this problem. In a statement, she stressed that any requirements to provide digital codes or passwords to receive court notices are not legal and illegal.
| | We inform you that obtaining court notices or copies of court acts by providing any additional codes or passwords is illegal and does not comply with the current procedural legislation, Lebedeva said. | |
She urged citizens to immediately interrupt conversations with such scammers and not provide their personal data or passwords.
The first cassation court of general jurisdiction also confirmed the increase in the activity of fraudsters aimed at participants in trials. Court representatives drew attention to the fact that court employees never request personal data of citizens by phone and do not use digital codes or passwords for notifications.[11]
Telephone scammers began to call Russians under the guise of public utilities. Schemes
On July 15, 2024, it became known that a new wave of telephone fraud was recorded in Russia. The attackers began to call citizens, posing as employees of large energy companies such as Mosenergo and Mosenergosbyt.
According to Izvestia, fraudsters use various pretexts to obtain confidential information from victims. Among the most common schemes are the purpose of checking electric meters, recalculating payments and offering discounts on housing and communal services in honor of the anniversary. The ultimate goal of cybercriminals is to get a code from SMS to access your personal account on the Public services portal.
According to a law enforcement source, the first statements about such cases began to arrive at the end of May 2024, and in June 2024, appeals became widespread. In mid-July 2024, dozens of criminal cases were initiated, according to many statements, checks are carried out.
Most of the victims are pensioners from Moscow and the Moscow region. The damage from the actions of fraudsters is estimated at millions of rubles. So, one of the victims lost almost 2 million rubles, and the other victim transferred 19.3 million rubles to the attackers.
Experts note that the scheme using the names of energy sales companies is new. Daria Verestnikova, commercial director of the IT company SafeTech, explained that fraudsters are constantly changing their scenarios, adjusting to the current situation.
Marat Safiulin, a federal expert at the Association for the Development of Financial Literacy, stressed that utilities are a convenient cover for fraudsters, since all residents use their services daily and regularly pay bills.
Mosenergo PJSC reported that the company does not work directly with citizens, and recommended that when receiving suspicious calls, immediately contact law enforcement agencies.[12]
Telephone scammers began to introduce themselves as bailiffs
Fraudsters are now pretending to be employees of the Federal Bailiff Service (FSSP), this was announced on July 2, 2024 by the press service of Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications, citing Izvestia.
Attackers notify citizens about the presence of enforcement proceedings against them and under this pretext steal funds.
By, to data MINISTRY OF INTERNAL AFFAIRS telephone scammers began to use another attack scenario. They inform a potential victim of the initiation of enforcement proceedings and insist on the immediate repayment of existing debt.
The department stressed that bailiffs cannot call the debtor through any communication services, report the presence of debt, and even more so send details for payment.
| | This is due to the fact that such scenarios have become recognizable among the population, and people do not respond to them in the same way as they did a couple of years ago. As a result, fraudsters are forced to use strategies in which more and more new organizations appear: it may be a city polyclinic, MPSC, Russian Post. One thing is important - attackers always seem to be an authoritative and most often state organization. Therefore, it is not so difficult to protect yourself in a sense - it is enough to remember that representatives of state authorities will never call if a citizen has not previously applied for their services. Even if the information reported looks realistic, then the first thing to do is to call the organization on your own. All numbers are on official websites, the deputy advised. | |
| | Scammers are now looking into their victims. For example, a profile on social networks, a place of work. Most of the information, of course, is taken from leaked databases. The key goal is to gain the user's trust by collecting additional information. For example, attackers can attack users who do have debt obligations. Therefore, it is important not only to remember that fraudsters can use different information, but also apply preventive protection measures. First of all, follow the basic rules of digital literacy, which not everyone does. For example, according to NAFI, the share of those who are confident in the ability to independently protect their data decreased from 44% in 2023 to 40% in 2024. I emphasize that data leaks are a consequence not only of the poor security of InformSystems, but also of the same practice of using one password for several services, Nemkin warned. | |
| | For example, according to Kaspersky Lab, in the first quarter of 2024, more than 19 million passwords of Russians from a variety of services were found in databases published on the darknet. Last year's value of the indicator is almost 6 times less, which, of course, is a good help for the implementation of personalized attacks, he stressed. | |
| | It is quick and convenient, it is enough to enter the name and region of residence. The database includes information about all debtors, including those who have delays, the deputy explained. | |
Fraudsters began to intimidate mortgage delinquency
VTB identified a fraud scheme with. The mortgage credits bank announced this on June 17, 2024. Attackers assure that the client has a delay and offer him to resolve the problem. To do this, they are asked to inform data SNILS and the codes from. With SMS this, they information can gain access to their personal account Public services and then to an online bank to steal money or issue loans.
In this scheme, fraudsters call on mobile communications and, on behalf of a bank employee, report an alleged delay in a mortgage loan. If a person has no mortgage, then the call is interrupted. And if there is, then despite objections, attackers continue to convince a potential victim about problems with the bank, which must be solved urgently. Moreover, they argue that there is information about the delay in the Bureau of Credit Histories. Fraudsters are asked to name the SNILS number and the code that goes to SMS. Having received them, fraudsters enter the state portal and personal accounts of online banks, issuing loans and withdrawing money from current accounts. At the same time, fraudsters specifically draw the interlocutor's attention to the fact that they have no right to request personal information, therefore they send a code to SMS for confirmation, which they ask to voice, counting on the imprudence of a potential victim.
| | The scheme deals with mortgage payments, which people usually take very responsibly. The result of interaction with fraudsters may turn out to be sad: in the absence of delays on the loan, a person may also lose his savings or turn out to be a proper bank if a new loan is issued in his name. Therefore, we urge you to carefully study each fraudulent scenario and share this information with loved ones and friends, - said Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department. | |
VTB announced plans to develop and launch a comprehensive program to protect customers from telephone fraudsters. It will allow, with a probability of up to 99%, to identify if the client communicated with cybercriminals before visiting the bank, and warn him in the available channels about the risks of obtaining a loan or withdrawing money. If the client contacted the attackers the day before, the bank will find out about it and transfer the information to the manager in the office to a work computer.
T-Bank revealed a telephone fraud scheme with Russian Post
T-Zashchita revealed a new scheme of telephone fraud with Russian Post. Tinkoff Bank previously announced this to T-Bank (TBank) on June 17, 2024.
The scheme, in which fraudsters are represented by employees of the Russian Post, intensified in early June 2024. During testing of the Frod-Roulette project by prankers Vovan and Lexus at the T-Dvor site, fraudsters often used this scenario: almost 50% of calls were made to such a scheme.
The pretext is new, the purpose of the scheme is the same - to access the user's personal account on Public services or. mobile application bank
Allegedly, the Post Office employees call the client, Russia inform about the delivery of the parcel from abroad, for which you need to pay the customs fee. The client refuses to pay for the package, which he did not order. To refuse the parcel, fraudsters are asked to name the code from (SMS in order to allegedly sign an official refusal in the Post databases). RUSSIAN FEDERATION In fact, this is a code for accessing the bank's mobile application. Next, fraudsters can try to withdraw funds, take credit and perform other actions.
Another variation of the scheme is to obtain an access code to Public services, where fraudsters collect the client's personal data in order to use it later to deceive (for example, to inform that he must take part in the investigation of his bank's fraud, that his money is in danger and must be transferred to a secure account).
As of June 17, 2024, T-Bank employees are studying all options for the scheme using the Frod-Roulette project and have already begun to train the Neuroscience technology to recognize new scenarios and break such calls to subscribers.
In connection with the strengthening of banking anti-fraud technologies, fraudsters are looking for new scenarios to get into trust. The scheme with the alleged bank security service is losing its relevance, since many know about it, however, it is still in the top 3 telephone fraud schemes in terms of the number of complaints.
Swindlers are looking for new ways to reach different audiences. For customers of banks aged, they begin to mention various government agencies in a conversation in order to sound more convincing: earlier they were Public services, after they began to mention the Social Insurance Fund and just last weekend a new scheme was discovered with the Russian Post.
Russians began to cheat on behalf of Wikipedia
Under the attack of the attackers were premium customers of Russian banks. Thus, scammers present themselves as administrators of Wikipedia and offer the victim to edit his biography posted in the Internet encyclopedia. This was reported to TAdviser on June 3, 2024 by representatives of the press service of the State Duma deputy RFAnton Nemkin, citing the words of the commercial director of SafeTech Daria Verestnikova.
When attacking premium customers of banks, there is a shift in the vector from pure social engineering to the technical attack zone, RIA Novosti quoted a representative of SafeTech. According to Verestnikova, attackers call mobile phones even to those about whom the corresponding articles are not yet presented in the encyclopedia, assuring that they are "about to" appear.
To edit the text, citizens allegedly need to install a "special editor application." This application, in turn, can give access to the control of the victim's smartphone or simply allow you to download a bank Trojan that will intercept codes from SMS and push messages, which will also allow you to eventually withdraw money from the victim's bank account, the expert warns.
Attackers began to carry out more and more targeted attacks, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications. According to him, from continuous attacks, for example, mass calls from the "bank security service," fraudsters switched to targeted ones. This is due to the actualization of measures to combat fraudsters. In particular, in Russia for more than a year there has been a platform for blocking calls from substitution numbers "Antifrod," to which both large and small telecom operators are connected. In addition, the tightening of the responsibility of the banking sector for allowing unauthorized transfers by the user led to the development by financial organizations of their own anti-fraud platforms, the deputy emphasized.
| | "Now you are unlikely to be able to easily carry out a large transfer to an unfamiliar number - the bank will probably contact you and clarify the details of the operation. We also see the first results of work in the field of improving the level of digital literacy. According to NAFI, in 2023, the digital literacy index reached 71%, "Nemkin added. | |
Telephone scammers in Russia began to offer to undergo fluorography at the expense of compulsory medical insurance in order to steal data from Public services
Telephone scammers in Russia began to offer to undergo fluorography at the expense of compulsory medical insurance in order to steal data from State Public services. SafeTech CEO Denis Kalemberg spoke about the new deception scheme in May 2024.
According to him, the swindlers call the victim and remind about the passage of fluorography. Suspicions often do not arise, because it is necessary to undergo this procedure once a year, Kalemberg said in a conversation with RIA Novosti.
| | The caller offers to choose the nearest clinic from among real medical institutions to pass, choose the date and time of admission. And to confirm the recording, just name the code from SMS, - said the expert. | |
After the attackers have taken possession of the code, they can use it to confirm the debiting of funds from the account. This development of the situation is possible if the attackers received the data of the victim's card or hacked into her mobile bank.
Or using the code, criminals will have access to their personal account on the Public services portal, which gives them a number of opportunities - from obtaining loans from microfinance organizations (MFIs) to gaining access to information about a person's accounts and income that can be resold.
According to Denis Kalemberg, telephone scammers apply other schemes related to the topic of compulsory health insurance. So, attackers call Russians under the guise of insurers, declare the need to replace the compulsory medical insurance policy and convince them to download the alleged application of the Ministry of Health. In fact, this is a program that allows you to gain remote access to the device and steal funds, the CEO of SafeTech told the agency.[13]
Telephone scammers in Russia switched to attacks on companies. Schemes
In early May 2024, information appeared that telephone scammers in Russia partially switched their attention from ordinary citizens to companies. Moreover, enterprises with foreign participation and organizations engaged in foreign economic activity are of particular interest to cybercriminals.
Alexey Lukatsky, the host of the Post Lukatsky Telegram channel, spoke about new types of fraud. The essence of the scheme boils down to the fact that cybercriminals call former employees of companies with foreign participation: the target is, in particular, CEOs and accountants, information about which can be found in the Unified State Register of Legal Entities. Hiding behind work in law enforcement agencies and threatening criminal prosecution under various articles, including treason, fraudsters request various information, for example, accounting documents. The data obtained can then be used for financial fraud.
| | If you have recently been listed in any such company, then be prepared for the corresponding calls and messages, "says Lukatsky. | |
The fraudulent scheme has various variations. In particular, messages to employees can be received allegedly from the "former CEO," who, under various pretexts, requests certain information. These can be investigative measures or simply "assistance."
The head of the cybersecurity center of Trust LLC (F.A.C.C.T. - formerly the Russian branch of Group-IB) Yaroslav Kargalev emphasizes that the purpose of such schemes is to collect data for use in other attacks based on social engineering methods. For a potential victim, for example, the recipient of the letter, it will seem as legitimate as possible and not arouse suspicion. The use of topics related to accounting issues may indicate that the further development of the attack will be aimed at employees of the financial sector.[14]
Fraudsters began to attack Russians under the guise of financial monitoring officers, Public services and the police
Fraudsters began to attack Russians under the guise of financial monitoring officers, Public services and the police. The victims of this scheme are asked to install a special antivirus on the device, while in fact an application with remote control is hidden under it. In most cases, scammers force the victim to go to a specially prepared site, where you can download an application with remote control, which provides hackers with access to a person's device. Also, a link to an infected application can be dropped through an SMS message, Dmitry Khomutov, director of Ideco, told Gazeta.Ru.
According to the press service of the State Duma deputy RFAnton Nemkin on April 16, 2024, such a scheme is dangerous because fraudsters using remote access can not only intercept any information and use it for blackmail, but also manage finances - for example, transfer all savings to their accounts. In addition, by completely "cleaning" the device, they can turn it into a "brick," depriving you of access to all personal information, Anton Nemkin emphasized.
On average, new fraudulent schemes in Russia appear almost every week. Moreover, fraudsters do not even try to make their schemes convincing - the main thing on which they rely is the human factor.
| | The main thing for a fraudster is to keep you off balance. In this state, a person is not able to thoughtfully analyze his actions and often commits such actions that would seem to him something impossible in a calm state, the deputy emphasized. | |
First of all, the attackers are trying to use the stress factor - they intimidate citizens that their device is already infected, and all data can be deleted, report theft of funds or an incident that happened to one of your relatives, Anton Nemkin recalled.
| | My main advice is to always stay calm and not give in to stress if information comes to you from an unverified source. If you feel that the second side is trying to put pressure on you, intimidating, showing impatience and nervousness - it is better to put the tube right away. The longer you talk with the attacker, the more chances of still losing your personal data or even finances, the parliamentarian added. | |
As Nemkin recalled, according to the data, Ministry of Finance RUSSIAN FEDERATION almost every resident of Russia has encountered financial fraudsters at least once in the last year. Moreover, telephone fraud is still one of the most popular.
In Russia, using eSIM, they began to "steal" phone numbers from ordinary SIM cards
On March 14, 2024, F.A.C.C.T. (formerly Group-IB in Russia) announced the identification of a new scheme for stealing mobile numbers from Russian users to gain access to their online banking. Attackers have learned to "steal" phone numbers using eSIM - a built-in SIM card. Read more here.
Fraud schemes with the function of broadcasting a smartphone screen have appeared in Russia
In early March 2024, it became known about the appearance in Russia of new fraud schemes with the function of broadcasting a smartphone screen. They were told about them in "Sberbank."
As Izvestia writes with reference to a representative of a credit institution, swindlers call customers from a fake account using a name similar to 900 and the bank's logo, and ask if they have updated their banking mobile application. If the victim says "no," then the false worker of the bank says about the need to wait for a call from a specialized specialist to update the application.
Then another fraudster calls through the messenger, where there is a function of broadcasting the screen during a video call. As explained in "Sberbank," such a scheme is used to confuse the victim of deception and force her to fulfill the requirements of criminals. The second "employee" explains that he calls via video link to establish the identity of the client by biometrics. Then he asks to turn on the screen demonstration mode to connect a certain "robotic system for diagnosing the account." After that, the victim of the fraud is asked to go to the bank's mobile application, which, as the criminals assure, is "absolutely safe," since only the robot will see the screen.
However, in reality, after turning on the broadcast and switching to the application, fraudsters get the opportunity to see card numbers, amounts on accounts and codes in SMS from the bank. The swindlers can then use the findings to steal money and arrange loans in the names of the victims.
According to experts interviewed by the newspaper, fraudulent schemes using the broadcast of a smartphone or computer screen have been used in Russia before, but in 2024, attackers began to introduce themselves as bank employees. One of the victims of such fraud in 2024 lost 210 thousand rubles.[15]
Russians are lured by advertisements for paid voice acting of films to steal samples of their voice. Then they steal money from their relatives
Russians are lured by advertisements for paid voice acting of films to steal samples of their voice. Then they steal money from their relatives and friends. Angara Security, a company specializing in information security, spoke about the new fraud scheme in early March 2024.
Telephone scammers began to deceive Russians on behalf of MPSC employees
Telephone scammers began to deceive Russians on behalf of MPSC employees. This was reported in February 2024 by the Security Code company.
Swindlers in a conversation on the phone inform the victim that a letter has come to his name. At the same time, the correct last name, first name and patronymic, its address and the address of the MPSC, from which the call comes, are called. Fraudsters ask a person if he will come for a letter to the MPSC or can be sent by mail at the place of registration. If the victim chooses the second option, the caller says that the number of this message will come to SMS and asks to name it.
Only in the message comes not the departure number, but the code for confirming registration in some service. Further, the fraudster, having access to the victim's account, is already using it for his own purposes, experts from the Security Code company warn.
The use of such a scheme was recorded in several regions of Russia, including the Kamchatka Territory. The regional ministry of digital development warned citizens that the My Documents center, State Public services technical support, banks and other organizations never request numbers, codes and other information from SMS messages.
| | If you received a call on behalf of the "My Documents" center and asked for such data, these are scammers. Immediately reset the conversation and block the number, - advise the Ministry of Digital Development of the Kamchatka Territory. | |
They also recalled that you cannot inform callers of the login and password from the account, call them codes from SMS and follow suspicious links from messages. Employees of the "My Documents" centers do not have access to the citizen's account on the Public services portal and will never request such data, this is confidential information, the department added.[16]
Fraudsters began to fake the voices of Russians with the help of AI and deceive their relatives in instant messengers
Fraudsters began to fake with the help AI of the voice of Russians and deceive their relatives and friends in instant messengers. On January 11, 2024, this scheme was reported in the department for organizing the fight against the illegal use of information and communication technologies. MINISTRY OF INTERNAL AFFAIRS Russia More. here
2023
Sberbank warns of a fraudulent scheme involving several relatives at once
Sber On August 28, 2023, he warned of a fraud scheme based on the use of family ties. Telephone scammers inform a person that allegedly unscrupulous employees bank are trying to apply for him credit and steal money. To save the money, the victim must issue a loan "to exhaust the credit potential" and, together with personal savings, transfer it to a "safe account." After the victim transfers funds to criminals, they begin to ask her about the presence of relatives, because according to fraudsters they "may also be in danger."
New victims are persuaded to take similar actions. As a result, several people united by family ties at once become victims of the crime: they transfer both their own and borrowed funds to fraudsters.
| | Family values are very important for Russians, and fraudsters began to use it for criminal purposes. If one relative is convinced that he is trying to prevent a loan in his name, then other family members, trusting him, may lose their critical perception and suffer from the actions of intruders. As a result, several people, falling into the networks placed by criminals, lose their savings and become loan debtors. I want to remind you of the main rules of financial security: do not talk about anything with scammers, in no case inform anyone of your personal data and the data of relatives, and if you still have doubts, call back to the contact center of your bank and clarify whether everything is in order, said Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank.
| |
FBI reveals new phone fraud scheme in which victim becomes FBI
On July 18, 2023, the Internet Crime Complaint Center (IC3) as part of the FBI announced that cybercriminals had adopted a new telephone fraud scheme in which the victim in some sense becomes a courier.
Attackers, as noted, target primarily the elderly. Criminals impersonate support specialists of a particular company by contacting a potential victim by phone, via email, text message or through a pop-up window. They further report that suspicious activity is recorded on the user's account. Another possible trick is to inform that the victim is entitled to any monetary compensation, for example, for subscriptions or services.
The following instructions contain a phone number by which the user can seek help. As soon as the victim dials this number, the fraudster says that the only way to send money is to connect to the user's computer and deposit funds into the bank account. To do this, you need to download a certain program that actually contains malicious components. Then the victim is asked to go to his bank account, as a result of which the attackers have credentials at their disposal.
The peculiarity of the scheme is that cybercriminals really transfer "compensation," but the amount transferred turns out to be significantly higher than agreed. After that, the scammers, hiding behind the alleged dismissal, ask the victim to return the difference in cash by wrapping the money in a magazine or newspaper. The criminals are asked to send such a parcel to the specified address. Meanwhile, with the user's bank details at their disposal, fraudsters can empty his account.[17]
Russians warned about a new fraudulent scheme with online cinemas
In July 2023, it became known about a new fraudulent scheme with online cinemas in Russia. Swindlers send a message to potential victims in instant messengers and offer work allegedly to evaluate online cinemas. The newsletter indicates a phone number for feedback, and also mentions popular streaming platforms in Russia. Real employment is not confirmed, while communication with such "employers" can lead to theft of funds, the Prime agency reports, citing a statement from one of the Russian banks. Read more here.
The Central Bank of the Russian Federation told about a new telephone fraud
On July 10, 2023, the Central Bank of the Russian Federation spoke about a new telephone fraud. Now the swindlers, calling their victims, not only introduce themselves as employees of the regulator, but also send e-mail messages with an invitation to a personal reception at the Central Bank of the Russian Federation.
As reported in the Telegram channel of the Bank of Russia, fraudulent letters begin with an appeal by name and patronymic, they indicate the reception time and the real address of the Central Bank in the region of residence of the potential victim. As the sender of the message by spoofing the email address, they indicate the domain of the Bank of Russia cbr.ru.
The attackers also turn to a potential victim by name and patronymic and indicate the time of reception and the address of the local branch of the Bank of Russia. After sending a letter, they contact the recipient personally and, under various pretexts, try to find out the details of his bank card and SMS code or persuade him to transfer money.
| | The Bank of Russia, on its own initiative, does not invite citizens to a personal reception, its employees do not call people and do not send copies of any documents to anyone, do not request personal and banking information, do not offer to make any transactions with the account... Fraudsters are often represented by Bank of Russia employees. Therefore, be vigilant, - emphasized in the Central Bank. | |
The regulator recommends not responding to this kind of invitation and deleting it if there was no appointment. For any banking issues, the Central Bank recommends calling the bank at the phone number indicated on the back of the card or on the website of the credit institution.
Experts remind Russians that to protect against intruders, you cannot transfer your confidential data to anyone, such as passwords and logins from accounts in services, codes from SMS and push notifications.[18]
Fraudsters began to steal money from the accounts of Russians, sending messages with an offer to make money on the valuation of hotels
In Russia, fraudsters began to steal money from the accounts of Russians, sending messages with an offer to make money on the valuation of hotels. This became known on June 20, 2023.
According to RIA Novosti, attackers use the hotel booking service as bait in their new hybrid scenario. They create a group in instant messengers or send an SMS message in which they offer to evaluate the hotel booking service and hotel photos on the Booking website. The text indicates a link to the Telegram channel, where the client can discuss in more detail with his personal "manager" further conditions for "employment" according to the assessment of hotels. However, when switching to the announcement, the topic is adjusted - the client is offered to help online stores "in sales" and promise large revenues of up to tens of thousands of rubles a day.
Attackers send a client a link to a phishing site where he needs to pre-register using his personal data: full name, email address and mobile phone number. After registration, the client needs to pay a certain amount to the specified account in order to begin performing tasks to evaluate various goods of online stores. At the end of each "business" day in the customer's account, the initially invested amount is doubled or tripled. However, it will not be possible to withdraw the "earned" money, and any attempts to contact the personal "manager" will not lead to anything.
According to experts, this appointment is similar to the scheme for hiring various marketplaces. The main goal is to lure as much money out of a potential victim as possible. To protect yourself and protect yourself from such attacks, we recommend not responding to suspicious spam mailings, not participating in group chats, whose participants are not familiar to you and generally refrain from communicating with strangers on the Internet and instant messengers.[19]
Fraudsters have learned to fake the numbers of any subscribers in Russia in order to call on their behalf
Fraudsters have learned to fake the numbers of any subscribers, said T1Viktor Gulevich, director of the information security competence center at the end of May 2023.
Thus, any Russian can become a "fraudster" if attackers disguise the call as the desired number. You can protect yourself by ordering detailed calls from the operator, there will be no fake calls in detail.
As Viktor Gulevich explained to Prime, fraudsters use the technology of replacing the caller ID (Caller ID) through the services of virtual providers of IP telephony and SIP telephony (a protocol for exchanging data on the network).
| | If you are informed that calls are received from your phone number that you did not make - this is the main sign of illegal actions of fraudsters, the expert said. | |
According to Alexander Vurasko, an expert in the direction of special services Solar JSOC of RTK-Solar, the problem is that due to the technical restrictions of communication networks, there are no truly effective methods for countering number substitution by May 2023.
Despite the fact that Russian telecom operators have introduced anti-fraud systems that have made it almost impossible to replace numbers in their networks, if the number was replaced before the call came to the network of the Russian operator, it becomes much more difficult to track such a substitution, explains Alexander Vurasko.
| | Attackers often choose arbitrary numbers for substitution, however, sometimes they gravitate to any specific phones. Most likely, this is simply due to the unwillingness after each call to change the replacement number, - said the expert in a conversation with Izvestia. | |
The publication adds that situations often arise when victims call the number owners, addressing them with claims. But real subscribers most often have nothing to do with any criminal schemes, they themselves suffer reputational risks due to fraudsters who discredit their contact details.[20]
Fraudsters began to " put pressure" on the relatives of their "victims" to access the family budget
In May 2023, VTB clients report a new fraud scheme, when not only they are attacked, but also their relatives. Attackers contact each of the family members, convincing them of the need to influence the "victim." Their main task is to convince the interlocutors of the need to make financial transactions that will ultimately lead to theft of funds.
The fraudster calls the potential victim, posing as a bank employee or law enforcement officer. He reports that the client's funds can allegedly be stolen by intruders, and urgent measures must be taken to save them. In case of refusal, the "employee" switches to a more aggressive manner of communication and threatens to call the interlocutor's relatives in order to convey the importance and veracity of his words through them. Next, he really contacts the nearest circle of potential victims by phone - these may be parents, spouse or children.
They seek to convince threats of reality and are asked to influence their relative to take measures to "save" their own or family funds from theft.
During the conversation, fraudsters use social engineering technology, using already common topics to deceive - applying for a loan, conducting dubious transactions on cards and bank accounts, changing a financial or trusted phone number in a bank, transferring funds to a "safe" account and others. The share of social engineering today remains extremely high and accounts for almost 90% of all attacks.
"Attackers are excellent at psychological techniques and deftly manipulate the emotions of their victims. If earlier they called allegedly on behalf of family members, reporting on the incident of force majeure and the need to transfer money to resolve it, now they themselves are actively using the existing contacts of relatives. As a result, entire families are already facing threats and extortion. Such an aggressive psychological impact can lead to dangerous situations and withdrawal of funds on a much larger scale, because the entire family budget is under threat. Therefore, it is very important not only to comply with the financial security rules for your part, but also to talk about them to your loved ones and be in touch with each other and the bank for the prompt verification of such information, "said Nikita Chugunov, Senior Vice President of VTB, Head of the Digital Business Department.
Scammers began to call potential victims via video link
VTB has recorded another trend of fraudulent attacks: now attackers call potential "victims" via video link, posing as bank employees and imitating work in the office. All such calls go through instant messengers. The bank announced this on May 19, 2023.
Fraudsters make the first call, as a rule, through a messenger or through regular telephone communication. If the interlocutor does not believe that a bank employee communicates with him, then the attacker calls back via video link, depicting the service from the bank office. As a result, the "victim" remains in no doubt about the credibility and seriousness of the caller's words.
Then fraudsters use standard schemes to gain access to the money of a bank client - they convince them to issue a credit application, change a trusted phone number, transfer money to a "secure account," update a bank application or download remote access tools to check its work, or simply start requesting SMS codes under various pretexts to gain access to the personal account of a bank client.
| | Messengers have become the main channel for the activity of scammers. The share of calls to them has grown by almost 15 percentage points. since the beginning of the year, and in May 2023 reaches 64%, significantly overtaking telephone attacks. All such calls are made solely for the purpose of obtaining personal information for criminal purposes, possibly even for obtaining photos and video images of customers. It is important to note that real bank employees will not use such communication channels. Thanks to the constant work of banks with financial security rules, customers have become more active in recognizing and reporting calls from cybercriminals. At VTB, every tenth client passes on the number of the fraudster and describes in detail the scenario of an attempt to deceive, - said Nikita Chugunov, senior vice president, head of VTB's digital business department. | |
Ukrainian call centers invented a scheme of deception with "abduction"
Ukrainian call centers in the spring of 2023 invented a new scheme of deception. The mother of the assistant senator of the Federation Council Elena Silkina could be "kidnapped" by telephone scammers. Scammers convince people to hide, and then extort money from their relatives.
According to Baza sources, fraudsters have recently begun to practice a "remote" divorce scheme. It looks like this: unknown persons call the victim, report the threat of persecution and convince them to hide in a temporary shelter. You need to get to it yourself, and on the way you need to throw away the phone (after all, it is allegedly followed) and buy a new one with a SIM card. So that the victim could not be traced.
Then a person, confusing traces and changing transport, gets to the "shelter" - an ordinary apartment rented for rent. At the same time, she must pay for housing herself, in no case contacting relatives or relatives. At the same time, scammers call their relatives, report "abduction" and aggressively demand a ransom. In such cases, criminals do not even see directly with the victim herself - she simply "hides" at home.
One of the interlocutors of "Baza" said that recently it was using this method that the mother from the family of his friends was "stolen." According to him, the woman was found at the place where the signal of her phone was last recorded - the police combed the communication salons in that area, and in one of them the missing was identified, after which she was found by a new number.
In April 2023, 76-year-old Tatyana Grigorievna, who before the loss herself drove from home to the Leningradsky railway station, is also looking for the same way - with the help of communication salons near Belorusskaya. She was later discovered in a hotel.
Fraudsters change numbers to foreign ones similar to Russian ones
Attackers engaged in theft of funds from Russians by phone will change phone numbers to foreign ones from the end of 2022 to bypass the protection of mobile operators, Kommersant wrote in February 2023.
At the same time, foreign numbers are visually disguised as Russian. For example, numbers with the code + 423 belong to Liechtenstein, but "pretend" to be calls from the Primorsky Territory, the code + 905 of Turkey resembles the mobile numbering adopted in Russia, and + 472 of Norway is similar to the code of the Belgorod region.
However, the most common fraudsters used the codes of Japan and Korea + 8 (1, 2) and the international code, which operates in Kazakhstan and Russia + 7.
Most of the unwanted calls at the end of 2022 were received from Russians from the numbers of Turkey, Kazakhstan and Iran.
Fraudsters learned to calculate people who recently sold housing, and began to "addressedly" lure money from them
In January 2023, when calling, they impersonate representatives of banks, real estate companies or law enforcement agencies, and convince victims to transfer funds to a "safe" account.
2022
"Voice phishing." A new telephone fraud scheme has appeared in Russia
In mid-July 2022, it became known about the appearance in Russia of a new telephone fraud scheme. It was called "voice phishing" or "vishing."
Speaking about what the new scam method is, Kaspersky Lab reported that cybercriminals send emails, stylizing them as messages from a service, for example, a large online store, a payment system or a software site, access to which is provided by subscription. The text of the letter says that allegedly someone is trying to withdraw money from the client's account.
To prevent a transaction, swindlers ask to call back on the specified phone, and then in a live conversation they try to get the personal data they need to steal funds.
The task of the message is to force the user to act quickly and thoughtlessly. Typically, the text is designed to appear to be created automatically. Most likely, this is necessary so that the victim does not think of answering the letter, but immediately leads her to the idea of calling the indicated number. As a rule, attackers sound very convincing, they can rush or intimidate a subscriber so that he does not have time to think.
| | Unfortunately, even advanced users, faced with vishing, can get confused, get trapped and follow the instructions of intruders. We remind you of the need to remain vigilant and in no case do urgently what strangers demand from you, even if they appear to be employees of large well-known organizations, - comments Roman Dedenok, cybersecurity expert at Kaspersky Lab. | |
According to the antivirus company, from March to June 2022 alone, the company's experts recorded about 350 thousand such letters around the world, and their number is growing, almost 100 thousand fell on June.[21]
The Central Bank of the Russian Federation announced a new telephone fraud. The bait is the fight against the theft of data
In November 2022, the Central Bank of Russia warned of a new telephone fraud. The bait is the fight against the theft of personal data.
The essence of the scheme is as follows. Criminals call bank customers under the pretext of prompt investigation. They are presented by law enforcement officers who allegedly conduct a case of massive leaks of personal data from banks. Moreover, they act, in their words, directly on behalf of the Central Bank.
| | The fraudster calls the person and reports that among the compromised data may be his information. He offers to check with the leak database in order to attract the interlocutor as a victim, - said the Bank of Russia. | |
Further, the criminal clarifies with the person in which particular bank he is served, asks for card data, including a three-digit code on the back. For greater persuasiveness, fraudsters refer to official documents from the Central Bank, naturally false.
To convince a potential victim of the plausibility of the story, a fraudster can send him a photo of a fake document about conducting operational-search measures to the messenger or e-mail, the Central Bank warned.
They also recalled that neither bank employees nor law enforcement officers ever request bank card details (its number, three-digit code on the reverse side, SMS code).
The Central Bank recommends when communicating the phone with unknown:
- do not give them bank card details;
- not to succumb to threats;
- not to enter into correspondence with them;
- do not call them back;
- it is best to interrupt the conversation and block the number of scammers;
- if there are doubts about the safety of money in a bank account, you can independently call your bank at the number indicated on its official website or on the back of your bank card.[22]
Telephone scammers in Russia began to call through instant messengers
VTB recorded another scenario of telephone fraud, as reported by TAdviser on June 1, 2022. Attackers use robot calls through instant messengers for subsequent switching allegedly to a "VTB specialist."
Photo source: ixbt.com
Under the pretext of confirming an application to change a trusted phone number or issuing a credit application, fraudsters call customers through instant messengers, allegedly on behalf of a robotic bank assistant. If the client says that he did not leave applications for changing the phone number or for a loan, then the robot switches the subscriber to a false specialist of the bank, who is trying to get confidential data: UNK (unique client number), bank card data, codes from SMS to enter his personal account, etc. Using the information received, fraudsters can gain access to funds in the client's accounts, his pre-purchased loans, force them to transfer them to a "special" account, etc.
| | We began to record that fraudsters switched to instant messengers from calls to phone numbers. There are many reasons for this: calls through instant messengers are free, they lack antispam and fraudulent filters, there are no number identifiers, each service is regulated by its own policy. It is much more difficult to track attackers through these channels, and for additional protection, we recommend that customers, through the settings in the smartphone, allow incoming calls in instant messengers only from familiar numbers from the phone book, "said Nikita Chugunov, head of the digital business department - senior vice president of VTB. | |
In April 2022, compared to March, VTB recorded an increase in the activity of fraudsters: the number of phishing resources and clone applications on the Internet increased 11 times. In just four months, VTB has already prevented more than 700 thousand attempts by attackers to steal money from customer accounts. This is almost 1.5 times the result for the same period in 2021. The total amount of funds saved by VTB customers amounted to almost 7 billion rubles.
Now you can provide the phone number of scammers not only through the hotline or in a chat with the bank, but also through a voice assistant in the VTB Online mobile application. Also, using the voice assistant, you can share a suspicious link for verification by VTB specialists by sending it to a chat with the assistant. For additional protection of client funds, there is also a single section with security settings and recommendations in the VTB Online application.
| | Collecting data on telephone scammers through digital services helps protect bank customers from intruders. Voice assistants save customers time by processing calls quickly. The service for collecting fraudulent numbers in the voice assistant was launched in April 2022. In just two months of its operation, customers managed to transfer us more than 1,500 fraudulent numbers. Let me remind you that bank employees do not call customers through instant messengers and will never request such data as UNK to enter their personal account, bank card information, CVC/CVV and one-time codes from SMS, - said VTB Senior Vice President, Head of Digital Business Department Nikita Chugunov. | |
Fraudsters in Russia began to use substitution numbers of citizens
At the end of May 2022, it became known about a new type of telephone fraud. It consists in replacing numbers: moreover, if earlier attackers called on behalf of banks, government agencies and companies, now they have begun to use the numbers of ordinary users.
As the head of the Mousetrap platform Evgenia Lazareva told Izvestia, people call the Russians and say that there was a call from their number "from a bank employee" who was trying to withdraw personal information to steal funds from the account. At the same time, the subscribers themselves did not make any calls and are not related to fraudulent schemes.
The interlocutor of the publication added that there are also appeals from potential victims. So, when trying to call back to the number that is determined by the phone during such a call, a completely different person with different features of speech and even another sex answers, who claims that he has not made any calls lately.
Using the substitution of the number, the attackers are trying not only to lure money from their victims (for example, having received information that this number belongs to the victim's relative, they are trying to obtain money transfers), but also to mislead law enforcement agencies and harm Russian citizens. For example, unsuspecting users used to replace numbers can get into spam databases and be blocked by applications that some Russians use. Also, problems may arise during employment: the company will try to check the applicant's phone in one of these databases or on the application's thematic website and see that the candidate's number is in the category of scammers, spammers and with negative reviews. With such a reputation, the job seeker will be refused, Evgenia Lazareva said.
Lazareva added that most of the attacks on the accounts of Russians come from call centers located in unfriendly countries.
Cybersecurity experts interviewed by the newspaper confirmed that when using the method of changing numbers using IP telephony, you can call on behalf of any subscriber. According to experts, it is impossible to protect yourself from using your number for substitution, but you can prove your innocence by detailing. It is enough to request it from the operator and provide, for example, to the bank to exclude yourself from blacklists.
The Ministry of Digital Development told the publication that by the end of May 2022, the state, together with telecom operators, is working on measures to combat the substitution of subscriber numbers. Thus, the ministry oversees the development of an anti-family telephone system that will track the substitution of a number when transferring a call to the network of another operator.[23]
Central Bank of the Russian Federation warned of a new type of VPN fraud
In early May 2022, the Central Bank of the Russian Federation warned of a new type of VPN fraud. The scheme is that scammers persuade potential victims to visit their blocked sites using such programs. Read more here.
2021
Telephone scammers in Russia began to send victims fake photos of documents of the Ministry of Internal Affairs
In early November 2021, it became known that telephone scammers in Russia began to send victims fake photographs of documents of law enforcement officers or Bank of Russia employees. Moreover, this method of deception is rapidly gaining popularity.
As Vedomosti writes with reference to Fyodor Muzalevsky, director of the technical department of RTM Group, dozens of such incidents have already been recorded in the second half of 2021, but in reality the bill can go to thousands. According to him, by the beginning of November 2021, out of the total number of fraudulent calls, cases with the provision of photos of fake certificates occupy no more than 5%, but the prospect of growth is high.
The use of fake documents helps to position the victim with the fraudster, which is why attackers can request much larger amounts. Muzalevsky says that usually in such conversations, fraudsters appear to be law enforcement officers and say that illegal actions are carried out against the client or a fraudulent loan is issued, so it is in the interests of the victim to cooperate with the investigation and transfer all the money to a secure account. "
The Bank of Russia is aware of this fraud scheme, a representative of the regulator told the newspaper, without specifying whether the Central Bank recorded an increase in the number of cases using photos of forged documents; he also recalled that the Bank of Russia, on its own initiative, does not send letters to citizens, does not call or send messages.
The total number of fraudulent calls using the "call from the Ministry of Internal Affairs" has not changed, the ratio between calls without forged documents and with them has changed - the latter are really becoming more and more, said Alexander Kalinin, head of the Group-IB monitoring and response center.[24]
In Moscow, fraudsters draw up loans using biometrics
In Moscow, multiple cases of using customer votes by scammers to issue loans or other financial products have been recorded. This became known on April 10, 2021.
According to the, TASS Information Agency of Russia referring to Moscow law enforcement officers, fraudsters initially call customers banks and ask questions requiring a monosyllabic "yes" or "no." Having received the necessary answers, they are used to issue loans for their victims, using these "loopholes" -. biometric data
| | Knowing that some banks provide a loan service using biometric data, attackers make calls to bank customers who already have a voice recognition service connected and ask questions that only yes or no answers are required. The conversation is recorded, and after the answers are used by fraudsters to issue loans for their victims, - TASS quotes a police statement. | |
Victims learn about the design of loans when money is debited from their card.
The police advise Muscovites to be vigilant in case of suspicious calls, not to transfer their card data to anyone and never, and in case of calls offering biometric data collection, answer that you yourself will come to the bank branch. To save your savings, you should use several types of protection, for example, a codeword or confirmation through a contact center. It will be even more reliable to set a limit on withdrawing money. As soon as notifications about the withdrawal of funds come, you need to immediately block the card[25].
Scheme involving swindlers who, under the guise of police officers, investigate data breaches
In March 2021, it became known about a new telephone fraud scheme. Swindlers call, posing as police officers, and tell a potential victim that someone tried to withdraw their money from the bank by proxy. After that, the attackers lure information out - allegedly to investigate the data leak.
In the case of the RIA Novosti correspondent, they tried to assure him that the attackers allegedly wanted to steal money from his bank account using a "notarized power of attorney." At the same time, theft of funds was allegedly avoided thanks to the vigilance of a bank employee, but now it is necessary to find out how the data leak occurred. In order to get on the trail of "those who have issued a power of attorney," fraudsters are asked to tell by phone about which banks a person is served in, assuring that an audit will be launched in these credit institutions.
| | Police officers never ask for information on which banks you are served in, and so on. They request all the information from the bank directly, - said in an interview with the agency in a credit institution. | |
As the head of the ONF project "For the Rights of Borrowers" Yevgeny Lazareva noted, the legend with calls from scammers under the guise of police officers investigating data leaks has recently become especially widespread, although schemes using "law enforcement officers" have been met before.
Further development of events with such a call depends only on the imagination and diligence of the fraudsters, the expert noted. Having retrieved information about accounts and cards, attackers use them to steal funds and issue fake loans, and also replenish numerous databases that are sold for a lot of money on the darknet, Lazareva explained. According to her, such false policemen are asked to give explanations and disclose information by phone.[26]
Central Bank of the Russian Federation: Telephone swindlers began to be represented by police officers
On January 22, 2021, the Central Bank of the Russian Federation warned of a new type of telephone fraud: swindlers are introduced by officers of the Ministry of Internal Affairs and other law enforcement agencies and report the initiation of criminal cases against bank clients.
Thus, as the regulator said, attackers are trying to obtain personal data, payment card data, information about transactions made on the card, and so on from clients of credit institutions. This information is used by scammers to steal money from citizens' accounts.
The Central Bank informed banks that such a telephone fraud scenario is being used more and more often, asked to take it into account and warn customers about the risks of disclosing personal data and payment card data.
The regulator stressed that it does not submit applications to law enforcement agencies regarding transactions without the consent of clients of credit institutions. If during a telephone conversation a stranger refers to a criminal process initiated by the Bank of Russia, this is an attacker, the Central Bank warned.
The press service of the Ministry of Internal Affairs explained that in the event of a criminal case against a citizen, a summons is officially sent to the mailing address at his place of residence to call the police department to the investigator or interrogator. The summons can be sent both within the framework of the initiated criminal case, and within the framework of a pre-investigation check, other procedural actions. In the case of a call on behalf of the police, the ministry recommends that he find out the number of the unit where the alleged employee serves, and call the duty station to clarify whether he works for them.
According to a study conducted by the Bank of Russia, almost every second Russian has faced fraud. At the same time, among companies, the indicator is less - about a third of respondents dealt with cybercriminals.[27]
2020
A type of fraud using voice fake technology has appeared in the Russian Federation
In Russia, the type of fraud using social engineering and voice tampering technology is gaining momentum. This became known on December 28, 2020. This trend was reported in information security companies. Among the scammers when using social engineering were calls allegedly from law enforcement agencies.
A " bank security officer" tells the caller he is working closely with police and warns of a call from authorities soon. The call does occur, but from a replacement number (it is defined as real). Allegedly, the police act according to the old scheme: they request data cards, CVV and codes from. SMS Such fraud was recorded in, Norilsk the head of the information security department told the publication "" with SearchInform Aleksei Drozd reference to the data MINISTRY OF INTERNAL AFFAIRS region.
Another case, according to him, was recorded in Ugra. An unknown person called the woman and introduced himself as a security officer of a large bank. The applicant immediately realized that they were trying to deceive her, and stopped talking with the attackers. After that, the scammers called the Ugra woman again from the dummy number of the duty unit of the Russian MIA Administration for the Khanty-Mansi Autonomous Okrug-Ugra and introduced themselves as police officers. They reported that they were developing scammers who called her and asked her to follow the instructions of the scammers so as not to disrupt the operation. The resident agreed to assist law enforcement agencies, as a result, the criminals gained access to the victim's personal account and stole about 150 thousand rubles[28].
"Jet infosystems": telephone scammers have changed the way they enter into trust in the victim
On November 12, 2020, the company ITJet Infosystems"" announced that it had recorded a change in the deception schemes used by telephone fraudsters in the creditfinancial field. Now, when calling from a phone number bank , the attackers offer the victim to come to the nearest branch of the financial organization and try to convince her that the main fraudsters are bank employees.
The attack begins standard: the victim is called under the guise of bank employees and asked to confirm an attempt to transfer money by card or purchase on a well-known online resource. After that, fraudsters use an unexpected proposal to proceed to the nearest branch of the bank and clarify how long a person will need on the road. Halfway through, it turns out that employees of the branch to which the victim is sent are suspected of committing a dubious operation, so she is convinced to immediately transfer money from the card to a secure account through a mobile bank. The victim is dictated a phone number or card linked to an account in another bank, explaining this by transferring through an insurance agent. If the operation is blocked, the person is warned that the very unreliable employees will call him, and for protection they offer a script of the "correct" answers that are actually needed to unlock the operation.
Another important innovation of the attack is the attempts of attackers "in between" to find out from the victim information about the latest transactions on the card or in the Internet bank. The danger here lies in the fact that this information can be used by the bank as one of the ways to verify customers. The presence of data on the victim's latest operations and phone number allows attackers to call the bank's call center on her behalf and attempt to change the login and password from their personal account to gain full access to the RBS.
| | Attackers regularly adapt the scripts used, and this example proves this once again. The offer to come to the bank's office significantly increases the confidence in callers, because no one expects this from fraudsters. This effect is enhanced by a good imitation of the work of the bank's call center due to the participation in the conversation of several people at once, posing as specialists of different levels and owning the corresponding communication scripts. In addition, scammers come up with any ways to stay in touch with the victim and prevent her from hanging up. Therefore, the simplest and, perhaps, effective recommendation comes down to stopping the conversation as early as possible and calling the bank back at the official number, - comments Alexey Sizov, head of the anti-fraud department of the Center for Applied Security Systems of Jet Infosystems. | |
According to statistics, in the first half of 2020, at the initiative of the Central Bank, over 9.7 thousand fraudulent telephone numbers were blocked, which is almost four times more than in the same period in 2019. In about 80% of cases, attackers used phone number substitution technologies and introduced themselves as employees of a financial institution.
Robots began calling Russians from fraudulent call centers
At the end of October 2020, it became known about the use of robots in fraudulent call centers in Russia. First, potential victims are called automatically, and a person connects at the next stage, when the most distrustful clients are weeded out.
| | The robot says: "Your card in this bank is blocked, call us back at this number." Allegedly, the bank's security officers answer the victim when calling back, "Qrator Labs technical director Artem Gavrichenkov told Kommersant. | |
According to him, by the end of October 2020, swindlers make hundreds of calls a day using robots. This method of fraud is really experiencing a wave of popularity, confirmed to the newspaper the head of the analytical department of Infosecurity a Softline Company Darya Koshkina.
Fraudsters also use fake service numbers, IP-telephony mass mailings SMS and messages in instant messengers on behalf of the bank, said the deputy head of the company's computer forensics laboratory. Group-IB Sergey Nikitin Customers are warned about the "problem" by the answering machine, with the help of it a living person contacts the victims, Nikitin said.
The head of the information security department of "SearchInform" Aleksei Drozd noted that the scheme uses the technique of "reverse social engineering": gullible victims call back the attackers themselves, so they do not have to prove anything. If the victim believes the robot and calls the "support service," the chance of success is higher than with a regular call, the expert adds. The level of initial trust in such calls among people is higher and because they are not yet accustomed to the fact that attackers can use car calls, says Andrei Zaikin, head of Information Security at CROC.[29]
Cheating through creating celebrity friend lookalike WhatsApp profiles
On September 18, 2020, it became known about a new method of fraud through WhatsApp in Russia. Scammers create double profiles of celebrity friends and deceive. Read more here.
Sites determine the numbers of Russians without their knowledge. A new phone spam epidemic begins
On February 17, 2020, it became known about the growing new wave of telephone spam in Russia. It is associated with the development of technology for determining the number of users visiting sites from mobile devices.
According to Izvestia, some companies offer entrepreneurs installation services on the website of a special program code that allows calculating the phone number of Internet users. Often, trap sites are linked from social networks.
The first to attack the residents of Russia were real estate companies that call people with the offer of their services. According to the publication, calls follow an hour and a half after visiting the site.
The head of the analytical center Zecurion Vladimir Ulyanov said that using the technology of fixing the number of a visitor to the site, you can increase the client base by 300%. At the same time, it is impossible to communicate with representatives of companies providing such services - calls come from virtual PBX numbers, which cannot be called back.
As Alexander Bagov, senior pentester of the audit department of Digital Securities, explained to the newspaper, it is technically easy to find out the number of those who log in from mobile devices. A special code is installed on the site that allows you to determine the phone number and affect the consumer not through contextual advertising, but through direct communication.
It is noted that the use of such technology can violate two laws - "On personal data" and "On advertising." Experts also say that due to the fact that Russian users do not complain to the FAS and Roskomnadzor about violations of their rights, illegal practice continues to spread. Unauthorized collection and use of personal data entails a fine of up to 75 thousand rubles.[30]
2019: Calls under the guise of labour inspectors
In mid-November 2019, Rostrud warned of a new form of phone fraud. Attackers call companies, impersonate labor inspectors and offer to buy literature to avoid the negative consequences of unscheduled inspections. Also, fraudsters offer paid services for preparing for allegedly preparing control and supervisory measures.
| | Callers are presented by employees of the state labor inspectorate and report that work is underway against the employer, during which unscheduled inspections are planned, the press service of Rostrud reports. | |
Such fraudulent actions were recorded in Moscow, Stavropol, Perm, Krasnodar Territories, Khanty-Mansi Autonomous Okrug, Komi Republic, Penza, Kirov, Volgograd, Samara, Saratov, Ulyanovsk, Vladimir, Voronezh, Kostroma, Oryol, Bryansk, Tver, Smolensk, Kursk, Ryazan, Murmansk, Lipetsk, Astrakhan regions - in total 24 regions.
In connection with the increasing cases of fraud, Rostrud sent a letter to the Ministry of Internal Affairs with a request to take response measures. The department also recalls that Rostrud and the state labor inspectorate, in principle, do not provide paid services. Any information can be obtained free of charge on the official information resource Онлайнинспекция.рф or in the regional labor inspectorate.
The service also urged employers to be vigilant and report similar cases of fraud to law enforcement agencies.
The department also has a service "Duty Inspector," which allows you to ask a question on labor law and receive an answer within three working days.
As noted in the company Group IB, vishing is especially popular among attackers - a type of telephone fraud, when, during a telephone conversation, criminals disguised as bank security officers, prosecutors, the pension fund, the tax service or medical institutions are trying to deceive victims of their bank card data or force them to transfer money to the desired account or phone number for some non-existent service, tax, win.[31]
Notes
- ↑ Fraudsters began to deceive stores with a new "terminal verification" scheme
- ↑ Ministry of Internal Affairs warned of a new fraud scheme in Telegram
- ↑ The Ministry of Internal Affairs warned about the scheme of fraudsters with the "abduction" of a person
- ↑ Fraudsters came up with a new type of enrichment using salary cards
- ↑ Fraudsters have created a new way to deceive Muscovites by sending flowers and gifts
- ↑ Roskachestvo revealed a new scheme of deception on behalf of FSB officers
- ↑ Beeline spoke about the scheme where the victim herself calls the fraudster
- ↑ Personal display: New online fraud scheme is gaining momentum
- ↑ Court warns of new cyber fraud scheme
- ↑ Bilaine told about a new fraud scheme
- ↑ Russian courts warned of a new telephone fraud scheme
- ↑ Strength test: fraudsters have found a new way to attack Russians
- ↑ Russians warned about the trick of scammers offering to undergo fluorography
- ↑ New scheme from fraudsters from the adjacent side
- ↑ Saw the code: how scammers use the screen broadcast function to steal money
- ↑ Experts talked about scammers calling on behalf of MPSC employees
- ↑ Increase in Tech Support Scams Targeting Older Adults and Directing Victims to Send Cash through Shipping Companies
- ↑ New scheme of fraudsters - invitation to "personal reception to the Central Bank"
- ↑ Fraudsters began to offer Russians a "job" to evaluate hotels on Booking
- ↑ Russians warned how "fraudsters" can be made of them
- ↑ Mistrust phone: attackers in letters deceive people to call them back
- ↑ Central Bank warned of a new scheme of telephone scammers
- ↑ On-call fiction: scammers began to use Russians to replace numbers
- ↑ Telephone scammers began to use fake IDs of the Ministry of Internal Affairs more often
- ↑ In Moscow, fraudsters draw up loans using biometrics
- ↑ Fraudsters came up with a new scheme to lure money from Russians
- ↑ Bank of Russia warns of new phone fraud scheme
- ↑ A new type of fraud using voice fraud technology has appeared in the Russian Federation
- ↑ Robots as part of an organized group. Fraudulent call centers are switching to auto-calling
- ↑ Everything about spam: a new method of stealing personal data is distributed in the Russian Federation
- ↑ Rostrud warned of fraud cases in connection with unscheduled inspections
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |