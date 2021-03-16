Throughout 2020, both e-commerce and home banking showed unique growth figures. The increase was a consequence of the increased time people spent at home.

This data is not alien to many criminals who, taking advantage of the inexperience of many initiates, they took their social engineering techniques to the extreme. What are the most common tricks they use today.

In 2020, one in two fraudulent transactions in the financial sector It was due to the theft of checking accounts, according to a report by Kaspersky’s fraud prevention team.

According to the anonymous statistics of the events detected by anti-fraud technologies, between January and December 2020, the proportion of these incidents increased from 34% in 2019 to 54% in 2020.

In addition to the increase in cases of account theft, 12% of fraudulent incidents misused legitimate remote management tools (RAT), such as Teamviewer, to try to access user accounts.

The attackers call to report that there was a suspicious charge on the credit card.

Among the typical maneuvers used, two approaches used by attackers are distinguished to gain access to accounts.

One strategy is that scammers take on an “employee” role, pretending to be bank security experts and representing scenarios to “help” users. They call bank customers and report suspicious charges or payments and offer their help.

The “employee” can ask customers to verify your identity using a code sent in a text message or a push notification, stop a suspicious transaction, or transfer money to a “secure account.”

They also ask the victim to install an application for remote management pretending it is necessary for problem solving.

Scammers often present themselves as employees of the largest bank in the potential victim’s region and use a spoofed caller ID for calls entrees to impersonate a real bank.

In the second case, lCybercriminals act as “the investor” and they pose as employees of a foreign company or investment advisers to a bank.

They call customers offering them a quick way to earn money investing in cryptocurrencies or stocks directly from the client’s account, without having to go to a bank branch.

As a prerequisite for providing the “investment service”, the false investor asks the victim for the code received in a text message or in a push notification.

“Bank customers always highly value the ease of access to their accounts and the functionality of normal financial transactions. That is why it is important that solutions for the financial sector offer a high level of security measures – including protection against risk. fraud – fully integrated into the user experience, “explains Claire Hatcher, Business Development Manager at Kaspersky Fraud Prevention.

recommendations