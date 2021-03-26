Fraudsters are using ever more sophisticated methods to steal personal information. One of the newest schemes: the use of a fake video on a significant topic, for example, about additional social benefits. About what tricks cybercriminals are using and how to protect themselves from them – in the material of Izvestia.

Don’t be fooled by “benefits”

Standard schemes with calls from the “security service of your bank” or messages with a request to place an item on a website that you have not visited, gradually stop working. Most cardholders already know that data cannot be transferred to third parties. Now scammers have begun to master new technologies of deception.

– One of the new schemes of fraud looks like this: the attention of a potential victim is attracted with the help of a fake video, edited from frames of meetings or press conferences, and necessarily on a significant topic, for example, additional social payments, – the head of the software development department told Izvestia Cross Technologies Alexander Tyurnikov. – For reliability, the necessary voice and sound sequence is superimposed, the video is distributed in social networks, where the description contains a link to a phishing site, where you can quickly issue a “payment”. Further, the standard scheme: the victim enters his data, and they go to the scammers.

Yaroslav Babin, Head of Web Applications Security Analysis Department, Yaroslav Babin added that recently there have been a lot of studies on the security of contactless payment terminals.

– At the moment, their security leaves much to be desired, since from year to year more and more critical vulnerabilities are found in them, – Yaroslav Babin. – The popularity of such attacks is low, as it requires confident knowledge of vulnerability search technologies, but we do not exclude that over time they may become widespread.

Traveling in public transport is also dangerous. Criminals drive around with a reader, trying to get used to a bag or back pocket in order to write off a small amount. Therefore, Nina Kultysheva, a consultant-methodologist of the project on improving financial literacy at the Ministry of Finance (with the participation of the World Bank) of Vashifinance.rf, explained that you need to make sure that incomprehensible devices do not come close to your card. You can protect yourself by installing SMS confirmation. Special protective RFID cases for cards also help to prevent theft.

How to protect a bank card from fraud?

Veniamin Kaganov, director of the Association for the Development of Financial Literacy (ARFG) under the Central Bank of the Russian Federation, urges cardholders to pay attention to both its physical safety and data security. The problem of theft and loss of a card can be solved by modern payment services from mobile phones (NFC system).

– To prevent fraudsters from having access to card data, you need to observe digital hygiene, be attentive to personal data, do not tell anyone the codes from SMS and do not send photos of the back of the card, says Kaganov. – Each person must comply with the basic principles of financial security – do not leave their card in the wrong hands, do not give their phone to strangers, protect devices with strong passwords.

Kaganov recommends that you always carefully inspect ATMs before withdrawing cash, since the already quite old scheme with the installation of skimmers (devices that read card data when entering them into an ATM) is still used by criminals.

“In general, all fraudulent schemes, regardless of the“ legend ”, boil down to two things: they try to either find out the card number and / or the code from the SMS from a potential victim, or provoke her to transfer money to an account herself,” Izvestia was told in the press -service of the Bank of Russia. – In order not to become a victim of a fraudster, you must remember that you should never and in no case inform strangers, whoever they represent, bank card details, codes from SMS, secret words. Also, you can not transfer money anywhere at the direction of strangers, even if they introduce themselves as employees of the bank or law enforcement agencies.

The main rule of protecting your cards is to leave information about them as little as possible. Do not send photos of cards on social networks and messengers, do not pay for anything on dubious sites. Ideally, get a separate card for online purchases and not store money on it – just transfer a specific amount for each purchase.

“In order to obtain card data, attackers often use social engineering methods,” says Sergey Zabula, head of the group of systems engineers working with partners at Check Point Software Technologies in Russia. – For example, they can send phishing emails by mail or messengers with links to fake websites of shops or well-known organizations. If you enter any information there, it will go to cybercriminals. Analyze the page where you are asked to leave your data, and never follow the links from suspicious emails. Phishing sites can completely copy the original ones – they are often almost impossible for ordinary users to distinguish, especially if they are viewed in a hurry and from a smartphone.

In order not to become a victim of fraudsters, it is important to install modern protection against threats, including those with anti-phishing functionality, on PCs, smartphones, and tablets to check the reputation of suspicious web resources.

One of the simplest ways to secure your card is to use a virtual card for online payments, and for offline purchases (using POS terminals) – a regular plastic card, or linking a virtual card to a contactless payment system (Apple Pay or Google Pay).

In addition, some banks allow you to disable online payments for certain cards. Do this for the card with which you plan to pay only offline. Set limits on withdrawal of money: limit the amount of cash withdrawal and the amount of all withdrawals per month, or replenish the card at the time of purchase. All this will allow you to avoid losing funds if you lose your card or its data becomes publicly available.

Short course: Do not share your Internet Banking passwords with third parties. If you lose your card, promptly contact the bank. The card will be blocked so that no one can use it. Write down your bank’s hotline number so that you can contact them if necessary. You can always find this phone on the back of the card. Do not give your card to third parties, for example, when paying in shops or cafes. If you receive SMS messages or calls from a supposedly representative of a bank or payment system with a request to provide card details, be vigilant and end such a conversation as soon as possible. Don’t open links from unknown sources. For all questions, please contact your bank directly.

– Important accents. Do not send anything other than the card number to outsiders, including on online marketplaces. No name, no validity period, no SMS, – says Timur Aimaletdinov, deputy general director of the NAFI analytical center. – Fraudulent techniques have been widespread for a long time, in which malware or remote control software is installed on a victim’s device – therefore, a request from an unfamiliar “technical support employee” to install a program or connect to your computer should be refused. Do not use ATMs located outside bank offices and large shopping centers. Pay attention to the absence of foreign devices (cameras, readers) at ATMs. When paying with a card in retail outlets, dial the pin code, covering the terminal with your palm. Do not keep all the money on the main card account (only the amount for daily and planned expenses). If the card has an overdraft, set a spending limit.

Weather for scammers

Recently, due to the increase in the share of non-cash money turnover, cases of fraudulent actions in relation to funds of individuals in bank accounts have become more frequent, explains Maria Marakueva, an economist at the European University in St. Petersburg. The flurry of calls from scammers is mainly associated with an attempt to make fraudulent non-cash payments initiated by the client himself. The caller’s scripts are tuned to strong psychological pressure from a potential victim, intimidation and the requirement to make a decision as quickly as possible. “Surprisingly, these methods are very successful, although they would have been impossible if the population knew the basic rules of the banking system,” emphasizes Marakueva.

The Central Bank of the Russian Federation does not carry out any transactions with individuals-clients of banks and does not make calls to them. By the way, the prosecutor’s office is also not engaged in calling. No bank will ever require or recommend any transfer to a third party. “Saving money” in this way cannot be done. If the bank’s security service discovered the possibility of a leak from the account or from the card of funds, this account or card will simply be blocked until the situation is clarified.

And no legal bank will require you to provide personal data and transaction history when you call a client. Full identification is realized only when the client calls the bank and wants to carry out an operation that requires such identification.

Such type of fraud as “skimming” – collection of parameters of customers’ plastic cards has also remained relevant. You can get caught either by inserting a card into an ATM or by “swiping” it in a fraudulent POS terminal. Sometimes cards and a set of PIN-codes are filmed with a camera located at ATMs and payment points. Therefore, it is useful to cover the keyboard with something when dialing the PIN-code, hide the card from prying eyes, block it yourself by calling the bank in case of its temporary loss or the possibility of photographing it. Of course, you don’t need to store photos of your cards on your phone or in social networks, in messenger chats.