Fraudsters stealing funds from bank customer accounts have adopted a new method of deceiving citizens. This is stated in the report of the Center for Monitoring and Response to Computer Attacks in the Credit and Financial Sphere (FinCERT) of the Information Security Department of the Bank of Russia.

“In 2019, a new way to deceive victims appeared in the arsenal of attackers. The technology of replacing the outgoing telephone number with the numbers identical to the call centers of credit organizations allowed them to successfully impersonate bank security officers and, under the guise of blocking suspicious transactions, steal victims ’funds,” the document says.

In this regard, the number of messages about the phone numbers of attackers received by FinCERT has significantly increased. It is noted that the number of blocked phone numbers increased almost 39 times - from 127 (for the period from September 1, 2017 to August 31, 2018) to 4936 (for the period from September 1, 2018 to August 31, 2019).

The FinCERT report indicates that one of the factors that allows fraudsters to successfully implement their schemes is the low level of “computer hygiene” of citizens. We are talking about clicking on dubious links, downloading unverified applications, as well as refusing to install antivirus software and, if available, ignoring warnings.

As experts of the Central Bank emphasize, it is these actions that lead to the fact that attackers gain access to the primary data of bank cards, as well as logins and passwords from your personal account. Meanwhile, to complete the payment you need to get a CVC or CVV code and a one-time password to confirm the operation. Such information is obtained by fraudsters through personal contact.

“And here the second factor is decisive - the level of criticality of thinking in a stressful situation. Stress does not have to be negative: it is a strong emotional shock that can be positive and joyful, ”the document explains.

  • Growth chart for blocked phone numbers
  • © cbr.ru

According to the first deputy director of the information security department of the Central Bank of the Russian Federation, Artem Sychev, the Bank of Russia intends to seek amendments to the law on communications so that mobile operators do not refuse to the regulator upon requests to block substitute phone numbers. According to him, at present "there are operators who refuse to block at all."

“As a rule, our appeals are mostly related to the substitution of phone numbers, and the operators in this do not always meet, referring to the lack of norms in the law. Here, obviously, we will initiate changes to the law on communications, ”Sychev said on the sidelines of the FINOPOLIS forum of innovative financial technologies.

Expert recommendation

An expert in the field of cybersecurity Alexei Lukatsky, in an interview with RT, noted that the method of fraud reported by the Bank of Russia is very simple and is used everywhere by attackers.

“This method is really quite popular. Moreover, it is easy to implement even for an ordinary person: in various app stores for mobile devices you can find programs that allow you to change the number to any other, ”the expert explained.

The specialist notes that customers of financial institutions need to be very distrustful of calls from banks.

“The only defense method in this case is vigilance and distrust of such calls. In case of a call allegedly from a security service or even from a real security service, a client of a financial institution must hang up and call back at the number indicated on the official page of the bank’s website or on the bank’s card. Already then it is possible to find out whether the described situation really took place to be or whether it is fraudulent actions of cybercriminals, ”Lukatsky explained.

In turn, an expert in the field of information security Alexander Vlasov added that this type of fraud, which is carried out by specially trained people with a credible voice, refers to social engineering.

“Therefore, when you were taken by surprise, for example, on the street, and they say that money is leaking from your card, you start to get scared and the control in your head goes off. The main thing is not to succumb to any panic. Recommendation to all cardholders: go to your bank’s website, find the “Security” section, where it is written not to tell anyone your card number, password numbers. All that the bank’s security services can do is to ask you whether you made this transaction or not, ”said Vlasov.

“If you got a call from the Bank’s security service, calmly start a conversation: where did the transaction occur, for what amount. While you ask these questions, you will calm down and remember the basic instructions. Never call your PIN number, three digits from the back of the card. Bank employees are strictly forbidden to ask about this, ”explained the interlocutor of RT.