Writes about this "Kommersant".
It is noted that the funds were stolen by an authorized client of the bank by changing the sender's account number.
As specified, the fraudster entered the bank's mobile application under a legal username and password, put it into debug mode, studied the order and structure of the RBS API calls (application programming interface).
“Knowing all the necessary parameters of API requests, the attacker generates an order to transfer funds, indicating the victim's account in the field“ Sender's account number ”,” the document explains.
The scammers learned the victim's account numbers from open sources.
According to the newspaper, the regulator recommends that banks, together with software suppliers, conduct a vulnerability check of remote banking services.
Earlier, the head of Sberbank, German Gref, said that telephone scammers are gaining popularity in attacks on bank customers using voice forgery.
According to him, this is a big threat, which is difficult for a person to fight.
He noted that with the development of technology and artificial intelligence, the popularity of such tricks is increasing.
Ivan Makarov, spokesman for Otkritie Bank for the Northwestern Federal District, told Nation News how to avoid telephone scams.