With power and principal exploited by scammers and the subject of a special military operation. The fighters ask their relatives to order something, for example equipment, a thermal imager or a quadcopter. They find the merchandise online, transfer money to the seller, and are left with nothing. Another favorite trick: they want to send your money to sponsor the Armed Forces of Ukraine, you need to urgently withdraw everything and put it in a “safe” account.
“There was a slight decrease for 2-3 weeks at the beginning of the SVO, now we are seeing growth again, every day 10-15 financial crimes are recorded in the region,” says Artem Lazdyn, head of the anti-fraud department. from the Criminal Investigation Department of the Main Directorate of the Ministry of Internal Affairs for the Sverdlovsk Region.
I can’t reach the bells
Last year phishing sites were more likely to deceive, today social engineering is being used again, accounting for 54 percent of thefts.
“Apparently, our society has acquired certain skills in buying on the Internet, so scammers had to switch to a more expensive method – they talk to the victim for 1-2 days to play the scenario,” says Alexander Salnikov, an expert in security. at the Ural State Bank of Russia.
The total financial losses of Sverdlovsk residents for 11 months of 2022 exceeded 1.5 billion rubles, for all of 2021 it was 1.2. 1167 criminal cases were initiated, where victims were deceived using IT technologies, 21 of them went to court, 42 to other regions under jurisdiction, RG was told at the Central Directorate of Internal Affairs of the Sverdlovsk Region.
The pseudo-exchange call center, which the Ural police managed to detect, operated in Russia, and callers working under the “bank or Interior Ministry employee” scheme are usually located on the territory of Ukraine. West, the Baltic States or Poland. They use fake IP numbers, not only Moscow 495, 499, but also Russian mobile operators, as well as Kazakh, Belarusian, Korean and Japanese. Unfortunately, in the last year, interaction through Interpol has practically stopped, says Artem Lazdyn, so it is very difficult to determine the exact location of the organizers.
By law, number substitution is prohibited in Russia, and top-tier mobile operators try to follow this rule, but regional carriers are too lazy or expensive to install special equipment. However, there is hope that this technological loophole will close soon: reforms to the federal communications law are being prepared. If the operators have to take responsibility, even in the form of large fines (from 200 to 800 thousand rubles for individual entrepreneurs and 500 thousand – a million for legal entities), then obviously there will be more people who want to strengthen security measures to change the number. As expected, any citizen of Russia will be able to file a complaint through the public services portal, and the Ministry of Digital Development will carry out the verification.
do not talk to strangers
– General safety rules are as follows: we just stop talking about your deposit account being “guarded” or “beneficially located”. If you have doubts that the call is really from the bank, call the contact center (the number is indicated on the back of the card), but in no case press the “call back” button, recommends Alexander Salnikov. – One more tip: do not ignore even a failed attack, transfer the information to a credit institution. They each have a “Report a Scammer” section on their website or mobile app. The Central Bank accumulates those numbers and blocks them through the General Prosecutor’s Office and Roskomnadzor. In particular, in the third quarter of 2022, 280 thousand were blocked.
By the way, on October 20 of last year, reforms were made to the laws on the national payment system and banks. We are talking about the operational exchange between the interaction and response center of the information security department of the Bank of Russia (FinCERT) and the police in the framework of initiated criminal cases and even at the stage of receiving applications. FinCERT collects all information about incidents, which will certainly help investigators, but the new rule will take effect only a year from now.
– The main problem is that those deceived by their own hands violate all possible security principles: they transfer account data or other important information to third parties – CVV codes, SMS passwords – they withdraw money themselves and deposit money into another account at through an ATM, so it is legally considered that the fault lies with the citizen. By law, banks have the right not to compensate the amount if customers violated the terms of the contract, hence the low return rate: in the third quarter of 2022, one percent of funds, in 2021 – 1.5 , explains Alexander Salnikov.
Unfortunately, our colleagues from RG also had to face losses. Now we are collecting material for a separate article, but we can already say: hundreds of people, through distraction or gullibility, fall into financial servitude for years. Fraudsters deftly press their civil liability: how not to help the “investigator” if he is honest and law-abiding? At the same time, the bank is interested not so much in finding the real offender, but in the fact that the victim paid him the entire amount with interest.
It would seem that the police and the Central Bank devote a lot of effort to prevention. So, last year in the Middle Urals, police departments held 4709 meetings with labor collectives, 79.5 thousand conversations with pensioners, produced 72 thousand useful videos, memos, brochures, placing them on multimedia screens, on the “drag line ” from public transport, in stores However, people continue to transfer money to who knows who, which means that exhortations alone are not enough. It is necessary to toughen the legal regulation of distance banking services themselves. There is already some progress: on January 17, the Supreme Court sent a new trial for a case in which a client challenged the issuance of a loan by fraudsters via SMS.
What scenarios scammers use
• Game on the Internet exchange. To begin with, a small amount is deposited into the account, 10-13 thousand, after three days the first income comes – two thousand. With enthusiasm, a person begins to translate more and more. A Sverdlovsk resident ultimately lost 10 million rubles. When he wanted to withdraw profit, the “broker’s” phone suddenly turned out to be unavailable.
• Attackers send vacancies by email, SMS or instant messaging: sales in markets, high salaries, part-time work. For more information, follow the link. Then “HR managers” correspond with you. They can ask for bank card details, mobile number. And they will offer to make an entrance fee for registering an account – from 500 rubles. The money ends up in the pockets of the scammers, and they use the card and phone details to hack into your personal account.
• Some banks have removed their apps from major online stores due to sanctions, now you need to download update packs from special resources. This is what scammers use when sending links. To confirm the operation, a code is sent to the SMS, the victims do not read the full text, only the numbers, and they call the “manager”. In fact, this can be a request to connect an additional number to an online bank, a loan application, etc.
• Duplicate calls: first a call comes from a robot with a loan offer, the person refuses. Repeated call: “Issued loan”. This is not so, but the balance of the subscriber is disturbed, he loses vigilance.
Important
As of October 1, 2022, the Central Bank orders credit institutions to use the self-prohibition mechanism: refusal of customers from online transactions or their limitation. “To do this, banks need to clarify the terms of the agreement concluded with each client, which takes time. However, the vast majority already allow setting limits on online transfers,” emphasizes Alexander Salnikov. In addition, the Central Bank drafted a bill on the self-prohibition of granting credit: users will be able to do so on the public services portal, the information will be sent to the credit bureaus. If a person needs a loan again, he will simply cancel the ban. True, access to money will be received only after two days.
