Scammers in law: they want to impose the duty of blocking ads on phishing sites on social networks

Tens of millions of rubles of Russian citizens annually fall into the hands of swindlers through the so-called phishing sites - fakes of the official portals of various organizations. Experts from the Association of Professional Users of Social Networks and Messengers (APPSIM) believe that the situation can be corrected by making them responsible for blocking fraudulent resources on YouTube and Instagram, the main sites for phishing. This can be done, for example, with the help of amendments to the law "On Advertising", according to some experts. Others are convinced that such a measure is ineffective. RT studied the problem.

As RT was told in APPSIM, the main platforms for posting links to phishing sites are YouTube, Instagram and other social networks.

At the same time, a user of social networks who has fallen for the trick of cybercriminals is left alone with his problem - complaints to providers do not give effective results, and the investigation of such cases is difficult.

But it is still possible to complicate the scammers' task, the association believes.

Thus, in mid-April, APPSIM turned to the Federal Antimonopoly Service (FAS) with a proposal to oblige to bring in accordance with the law "On Advertising" not only commercials, but also links in their descriptions.

Money out the window

Recently, one of the most common baits for victims of fraudsters has become VAT compensation commercials.

The method of social engineering used in this case is typical for most cybercrimes: no criminal actions are taken against the user, he is led to the fact that he himself has given out data to access his finances.

A textbook case in this regard occurred with a 33-year-old resident of Yakutsk, who, flipping through Instagram, became interested in a video from a famous TV presenter.

The TV star talked about the fact that everyone can receive compensation by returning the value added tax paid over the past two years.

Details, according to her, could be found on the website of the "Single Compensation Center" by clicking on the link in the description of the video.

Also on russian.rt.com, the expert spoke about the measures of protection against social engineering

The woman did just that.

A lawyer contacted her and said that she was supposedly entitled to 270 thousand rubles of compensation for VAT.

At the same time, the lawyer estimated her services at only 382 rubles.

“A window popped up, where it was necessary to enter all the card data: date of issue, name, CVC code.

I entered everything, ”the victim later told the police.

This was followed by the requirement to pay a "transaction fee" in the amount of 672 rubles, and then more and more payment requirements.

“Thus, within one hour, the victim lost about 9,000 rubles for various services,” the Yakutia Ministry of Internal Affairs reported.

Account for millions

This case is one of the few that came to the attention of law enforcement agencies.

The problem is massive, according to experts interviewed by RT.

So, only on the video hosting YouTube, APPSIM specialists found more than 30 accounts through which fraudulent sites are advertised.

“Such videos were watched by more than 20 million people,” the association said in its appeal to the FAS.

- How many people suffered is unknown.

According to our estimates, we are talking about hundreds of thousands. "

Theft in the legal field

At the request of RT, analysts at Group-IB, a cyber-attack prevention company, examined the links published in the description of the dubious videos.

“We know from experience that such resources are fraudulent.

Most often, the scheme is aimed at stealing money under the guise of writing off a commission, or redirecting to a fake page that requires entering bank card details.

Funds may subsequently be debited from it, ”Yaroslav Kargalev, deputy head of CERT-GIB, told RT.

Back in 2019, Group-IB estimated the damage from phishing using bank card data in Russia at 87 million rubles.

Over the past year, there is no exact financial data, but it is obvious that this amount could have increased significantly, since in connection with the coronavirus pandemic and the transition to remote work, the number of attacks has also increased.

"According to the results of 2020, 69% of all attacks on [accounts and accounts] of individuals were carried out using social engineering methods," Olga Zinenko, senior information security analyst at Positive Technologies, told RT.

Also on russian.rt.com "Children take it all hard": Ekaterina Mizulina - about bullying on the Internet and fines for social networks

Over the entire last year, only CERT-GIB specialists blocked 23 thousand unique phishing resources that tried to steal payment details of bank cards or accesses from personal accounts of online banking.

62 phishing resources were blocked daily.

During the pandemic, Internet scammers have become noticeably more active, says Urvan Parfentiev, an expert at the Regional Public Center for Internet Technologies.

“The worsening financial situation of the population in 2020 has led to an increase in digital fraudsters.

People were forced to look for additional funds for their existence, '' the analyst explained to RT.

“As a result, fraudulent schemes of“ job offers ”,“ training for a new profession ”,“ online casinos ”, as well as fake fines for alleged violations of various“ coronavirus restrictions ”have become popular.

The Federal Tax Service was even forced to issue a special warning for citizens.

“Against the background of the state's support to business and citizens, fraudsters have become more active, offering citizens to return VAT for purchased goods,” says, in particular, the official portal of the department.

"The information is disseminated in videos on YouTube and via e-mail and instant messengers."

All-powerful advertising

It is ineffective to complain about each detected fraudulent video to the administrators of social networks, says Vladimir Zykov, director of APPSIM.

“The social network is slowly blocking such videos.

It can take up to two weeks before a specific complaint is considered, '' the expert noted in a conversation with RT.

- Some don't block at all.

Last year, we complained to the site administration about 16 videos.

One of them is still available for viewing. "

Since YouTube videos are moderated by Google and appear on the main page of the video hosting with a special “Advertising” box, a year ago APPSIM sent a complaint to the FAS with a request to check the social network for violations of the law “On Advertising”.

Also on russian.rt.com FAS opened a case against Google

However, the anti-monopoly authorities were powerless, since these videos, despite the corresponding plate, are not advertising from the point of view of the current version of the law.

“The videos do not contain any information about the advertised object,” says the letter of the Deputy Head of the Federal Antimonopoly Service Andrei Tsyganov.

“Accordingly, the posting of such videos on youtube.com with the mark“ advertising ”cannot be regarded as advertising.”

In a new appeal to the FAS sent in mid-April this year, public figures propose to amend the law "On Advertising" so that the videos fall under the definition of advertising.

In addition, the experts of the association suggested "at the level of bylaws to fix that information and links in the description under the advertised video should be considered as an integral part of the advertising publication."

Changes in the law would allow YouTube, Facebook and Instagram to be fined for distributing inaccurate ads, similar to fines for refusing to remove illegal content.

For delusion in the answer

After examining screenshots of dubious videos at the request of RT, cybersecurity experts and lawyers agreed: it is "inaccurate advertising" that spreads on YouTube.

“These videos mislead the user at least by offering him to transfer government payments by bank card number,” says Konstantin Trapaidze, founder of the Vash Legal Attorney Bar Association.

Gettyimages.ru

There is no such service as VAT refund to individuals, adds Stanislav Smolentsev, a lawyer for economic affairs.

"Only legal entities and foreign citizens are entitled to VAT compensation when exporting goods purchased in the Russian Federation," a lawyer with experience in the tax service told RT.

By law, social payments go through the Social Insurance Fund, which is subordinate to the Ministry of Labor and Social Protection.

You don't need to pay anything to get them.

"State bodies always provide social support measures free of charge," told RT in the press service of the Ministry of Labor.

"If a citizen was demanded to pay for the provision of social support measures, or if they asked for any information that can be used to withdraw funds from an account (pin code, CVC code), you must immediately contact the law enforcement agencies."

You can check what payments are really due to a citizen on the official portal of public services, added the press service of the Ministry of Labor.

Race to the lead

But will APPSIM's anti-phishing methods really be effective in practice?

Many experts doubt that the amendments to the law "On Advertising" will correct the situation.

“The situation is similar with financial pyramids: in the Russian Federation they are prohibited, but no one bothers them to advertise on the Internet.

Because there is no exact method by which one could quickly understand that this is really a pyramid, says Yaroslav Kargalev from CERT-GIB.

- You need to fight not with resources and advertising, but with the organizers of these schemes.

Someone has to decide whether this scheme is fraudulent or not.

This requires a competent authority. "

According to other experts, combating advertising fraudulent resources is an important part of the fight against phishing in general.

“Criminals are interested in the massiveness of such attacks, because if at least one of hundreds of potential victims responds to phishing, hackers will benefit,” Olga Zinenko from Positive Technologies told RT.

But when the cyber fraud has already been committed, the user's chances of getting the money back are minimal.

Such cases are being investigated slowly, says lawyer Smolentsev.

According to him, this is due to the lack of specialized specialists in the investigation agencies, long-term expertise and technical preparedness of the criminals themselves.

“All this forces the investigators to refuse to initiate criminal cases in such categories whenever possible,” the lawyer explained.

“And victims with small amounts of damage rarely turn to law enforcement agencies”.

That is why it is important to anticipate the commission of a crime, says Zykov, director of APPSIM: to block dangerous videos and apply administrative measures to the site that posted them before people lose money.