VTB: scammers have come up with a scheme to call Russians through advertising applications
VTB analysts have uncovered a new scheme to deceive Russians – scammers began calling them through advertisement applications. Thinking that this is a potential buyer, gullible citizens agree to share their account and payment card information.
By chatting up the victim, the attackers agree to transfer an advance payment or transfer the entire amount for the goods. To do this, they find out the card number and the bank that issued it and try to enter the user’s personal account. After this, the scammers use the password recovery service and ask the seller to give the code from the received SMS, supposedly to confirm the payment. This data becomes enough to gain access to the user’s funds and estimate how much money he has.
After a third party is authorized in the online account, the scammer’s accomplice gets in touch with the victim. He introduces himself as a police or bank security officer and warns that attackers are trying to steal money from his accounts. To gain the citizen’s trust, he asks whether there have been any suspicious calls or transfers from third parties recently and offers assistance. In order to save money, it is enough to send it to a “safe” account or use a “protector application”. If the victim trusts the attacker, he will lose all his money.
Why did scammers choose ad services?
Typically, anti-spam systems and filters that cellular operators have implemented to combat intruders help prevent telephone scammers. They block calls from numbers on blacklists or warn in advance about the likelihood of mass calls.
In the case of calls from ad services, existing protection systems do not work, VTB experts warned. To protect yourself from attackers who have taken advantage of marketplaces and ad services, you need to avoid making transactions on third-party resources. All payments must be made within the service, and also remain vigilant, double-check information received from strangers and not disclose confidential data to anyone, analysts added.
What helps attackers deceive Russians?
The main source of phone numbers for attackers are customer databases from various companies. In most cases, spammers conduct round-the-clock calls to contacts collected as a result of hacking and theft of archives with personal data. Fraudsters also receive contacts on legitimate sites and services where subscribers themselves left their data – for example, during registration.
Also among the “helpers” of Internet scammers are services that provide virtual mobile numbers (DEF numbers). Thanks to such services, fraudsters can freely create multiple accounts on the services. In this case, the rented number will not be tied to a specific person: today it can be used by one network user, and tomorrow by another.
How to understand that scammers are calling you
To gain confidence, attackers most often introduce themselves as police or Central Bank employees. According to Dmitry Kuznetsov, director of methodology and standardization at Positive Technologies, scammers often report a non-existent problem – a criminal case opened against the victim or her relatives or an attempt to steal her money from her accounts.
You can identify an attacker by catching him not knowing the specifics of the Russian banking sector or using concepts such as the mythical “individual account with the Central Bank” or “financial number.” They also cannot answer questions related to personal data (the last four digits of the card number, the amount of the last transaction, the current account balance). Instead, the scammer encourages the citizen to tell him the confirmation code, transfer money or withdraw it from an ATM.
#method #fraud #appeared #Russia #secret #multistep #scheme #services