Scammers have developed a new New Year's approach to Russians
The uniqueness of the new scheme is that the fraudster does not intimidate the client, but tries to play on his greed
/NOVOSTIVL/ On the eve of the New Year, the scammers changed their tactics of working with bank clients. Now, instead of being intimidated by unauthorized transactions, they often offer some particularly attractive products, such as deposits with increased profitability. Even agreeing to simply read the terms and conditions, the client, in the process of clicking on the link sent, transfers to the attackers the login and password from his personal account in the bank. Experts note that earlier this approach was used mainly in phishing mailings, but it got a second life amid the rush of real New Year offers from banks.
Clients of several large Russian banks started complaining about the new fraud scheme. The cybercriminals call from the bank's number and report that a new currency deposit with an increased rate has appeared, which is not yet on the site, but can already be opened if you follow the link that the "manager" is ready to send. Whether someone tried to take advantage of the offer is not known for certain. A bank customer who received such a call called the credit organization himself, suspecting something was wrong.
The essence of the fraudulent scheme is that the link sent to the victim leads to a site that is very similar to the page for entering a personal account in a bank. The client enters his username and password, which immediately become known to the scammers. Further actions are no longer important, a person can even open a deposit on a fake website and transfer funds there, while scammers transfer money from his real personal account to their accounts, explains Evgeny Tsarev, manager of RTM Group.
The uniqueness of the new scheme is that the fraudster does not intimidate the client, but tries to play on his greed. Until now, the most common ways to convince a client to entrust his personal data to a fraudster have been based on the fact that there is a threat to his funds. For example, the fraudster presented himself as a bank security officer who allegedly identified a suspicious operation to withdraw funds from a client's account. Not so long ago, a scheme appeared when a fraudster introduces himself as a law enforcement officer and asks for help to expose a dishonest bank employee who has access to a client's account. In all these cases, in order to prevent a potential threat, the victim is asked to disclose information that will help withdraw money from his account, for example, complete card details, including the CVV code.
For a year, fraudsters remotely lured out 150 billion rubles from citizens. According to Ivan Shubin, head of the information security service of the Eleksnet Group of Companies (part of the MKB group), the promise of a profitable investment is indeed a new script for telephone scammers, who previously played with the desire to make money mainly in phishing mailings. “But whatever the legend of the cybercriminals, the method of theft is old - fraudsters are trying to get the opportunity to control the card or account of a potential victim,” he adds.
VTB did not come across a new scheme, but confirmed that more than 90% of fraud cases are related to social engineering methods. “This year, the attackers have intensified in connection with the pandemic and are trying to deceive citizens using more and more new scenarios,” they said.
The timing of the scheme's appearance can be explained by the fact that just before the New Year, banks traditionally hold special promotions and offer customers holiday deposits with increased profitability. So, this year has already announced seasonal special offers Sovcombank, SKB-Bank, Ural Bank for Reconstruction and Development and a number of other players.
Scammers seem to be following trends. In the cases that Kommersant was told about, we are talking specifically about foreign currency deposits, while in November, citizens immediately put $ 1.4 billion on bank accounts, including $ 615 million in Sberbank, more than $ 230 million in VTB, more $ 220 million - to Alfa-Bank, more than $ 120 million - to Gazprombank. Evgeny Tsarev notes that fraudsters using social engineering tools really track what is happening in the market and "try to offer the most relevant and plausible scheme."