In April, the Ministry of Internal Affairs of the Russian Federation announced the arrest of a group of people who sent messages to citizens with information about blocking a card and a number to call to unblock it. The attackers learned from the victims their personal data and card details, after which they got access to the funds.
Fraudulent schemes are constantly changing. According to the FinCERT survey, the volume of unauthorized transactions made using payment cards issued in the Russian Federation in 2018 amounted to 1.4 billion rubles, which is 44% more than last year. According to the Prosecutor General's Office, the number of cybercrimes detected in Russia has grown almost 16 times over six years, to 174,000 (this also includes illegal transactions with cards).
It is important for owners to remain vigilant and not fall for the tricks of scammers. Let's figure out what types of carding you can face and how to protect your funds.
Alexey Sizov, head of the anti-fraud department of the Center for Applied Security Systems Jet Infosystems, identifies three basic directions of fraudulent activities:
Often, cybercriminals lure you to phishing sites by sending fake emails composed by bank technical support, for example, about blocking a card. Under the pretext of checking information about the holder, they ask to enter all the details, having learned which, they freely gain access to the money. They steal data and hide behind the sale of goods.
https://psm7.com/how-to/ostorozhno-skimming-kak-ne-stat-zhertvoj-bankomatnyx-moshennikov.html
Fraudsters, instead of very bulky and visually noticeable overlays on the card reader, use a thin, flexible, almost invisible device that is located inside the card reader. It reads the card data later used by attackers.
You can fall for the bait of intruders not only by using an ATM, but also by paying with a card, say, in restaurants or shops. The algorithm is similar: a waiter, salesperson, or cashier can use a skimmer or a portable device attached to the terminal.
A malicious program can get on a phone or laptop by accident, disguised as another program that was inadvertently downloaded from an email or from an unverified website.
Alexey Sizov
Jet Infosystems
“Fraud is fought by specialized anti-fraud monitoring systems that monitor the behavior of cards (a set of characteristics in terms of the number of transactions, amounts, location and type of transactions). Such systems have become mandatory since 2003-2004, when monitoring requirements appeared on the part of the international payment systems Visa and Mastercard.
In addition to automated systems, the technology of "chip" cards made a great contribution to security, which almost completely ruled out the possibility of effective cloning. In addition, banks are constantly involved in the control of key processes for the issuance of cards, their remote delivery and others, which is actually related to the tasks of identification and authentication of the holder in person or remotely".
However, not only banks, but also the cardholders themselves must take precautions. Alena Tsyganova, senior legal counsel at the Alta Via consulting company, advises everyone who cares about the safety of their funds to follow a few simple rules:
If it was still not possible to save the money, Alena Tsyganova recommends that you immediately contact the bank with a statement of disagreement with the operations performed (clause 11 of article 9 of the Federal Law No. 161-ФЗ), as well as the police.
Fraudulent schemes are constantly changing. According to the FinCERT survey, the volume of unauthorized transactions made using payment cards issued in the Russian Federation in 2018 amounted to 1.4 billion rubles, which is 44% more than last year. According to the Prosecutor General's Office, the number of cybercrimes detected in Russia has grown almost 16 times over six years, to 174,000 (this also includes illegal transactions with cards).
It is important for owners to remain vigilant and not fall for the tricks of scammers. Let's figure out what types of carding you can face and how to protect your funds.
Carding
The term carding refers to fraudulent transactions with payment cards (card details) that are not approved by the cardholder. Carding involves a variety of ways to defraud the rightful owner of material assets.Alexey Sizov, head of the anti-fraud department of the Center for Applied Security Systems Jet Infosystems, identifies three basic directions of fraudulent activities:
- Theft or illegal receipt of a card is either a physical impact on the owner, or a search for vulnerabilities in the process of issuing, delivering or registering a banking product and using the card by an attacker.
- Compromise of card data for the subsequent manufacture of a forgery. First of all, we are talking about copying the data of the magnetic stripe of the card and stealing the PIN code. This type of fraud was most widespread before the massive transfer of cards to chip technology. Today, such a scheme is rare, since in Russia about three years ago, a ban on the issuance of non-chip cards was introduced, and Chip Liability Shift operates almost all over the world - the acquiring bank's obligation to service a card with a chip is based on the chip.
- Compromise of card details for CNP transactions (without the presence of the card). A striking example is paying for purchases or services on the Internet.
Phishing
Phishing (phishing from English fishing - fishing, throwing a fishing rod) - literally fishing for card details from its holder. It is noteworthy that the owner himself transfers the necessary data. Typically, they resort to several types of phishing.
SMS phishing
A message is sent to the phone:- about blocking the card, allegedly on behalf of the bank and the phone number, by calling, you can solve the problem;
- about the winnings, which can be collected by paying for delivery.
If you receive information about the blocking, you should call the bank at the official number, and clarify the authenticity of the message about the win by contacting the store or service holding the promotion.
Internet phishing
Fraudsters create phishing (fake) pages that imitate the official websites of banks, payment services or stores, changing a few letters or signs in the name. Alas, not everyone carefully checks the web address, boldly clicking on the link.Often, cybercriminals lure you to phishing sites by sending fake emails composed by bank technical support, for example, about blocking a card. Under the pretext of checking information about the holder, they ask to enter all the details, having learned which, they freely gain access to the money. They steal data and hide behind the sale of goods.
Before leaving the card details on the site, you need to carefully check the web address with the official name of the store, service or payment system, and also check the links on the page: if the resource is phishing, most likely they do not work. When you need to use the website of a credit institution, it is better to immediately refer to the official list posted on the website of the Central Bank.
Wishing
Vishing (English vishing - from voice phishing) is identical to phishing, with the only difference that cybercriminals call on the phone, posing as bank employees, buyers of goods, and so on, thus trying to deceive the holder of a PIN-code or force him to perform certain actions with account.The cardholder should remember that the bank employees do not require to provide the PIN-code, and in case of blocking the card, they will most likely offer to drive to the office in person. Buyers of goods, in principle, do not need to know confidential information about the merchant's card, so requests for such information should be alarming.
Skimming
Another method actively used by scammers is skimming. Skimming is the copying of payment card data using a special device (skimmer). The card data is read when the cardholder inserts it into the ATM. To obtain a PIN code, attackers install mini cameras or keyboards.https://psm7.com/how-to/ostorozhno-skimming-kak-ne-stat-zhertvoj-bankomatnyx-moshennikov.html
Shimming
Shimming is a modernized form of skimming. The scheme of deception is similar: all important data is read from the cards inserted into the ATM, the only difference is that there are no visual signs of the presence of a shima inside the device.Fraudsters, instead of very bulky and visually noticeable overlays on the card reader, use a thin, flexible, almost invisible device that is located inside the card reader. It reads the card data later used by attackers.
Fake ATMs
Sometimes fraudsters create fake ATMs and leave them in unguarded locations. Such devices outwardly completely copy the real ones, but the "filling" contains a built-in computer with a system installed on it, a skimmer and keyboard overlays. The victim inserts the card, tries to perform some action, but the ATM issues an error. The person takes the card, but all information has already been read from it.You can fall for the bait of intruders not only by using an ATM, but also by paying with a card, say, in restaurants or shops. The algorithm is similar: a waiter, salesperson, or cashier can use a skimmer or a portable device attached to the terminal.
You can protect yourself from skimming if you use ATM machines located in bank branches. The level of protection in credit institutions is several times higher, and it is much more difficult to install readers there.
Well, when there is no way to go to the branch, try to choose ATMs, standing under the cameras, in protected places. Visually check the device, say, the cover on the card capture reader: if it is wobbling, it means that something is wrong with it. When paying with a card, make sure that no one photographs its data on the phone.
Embedded viruses
In this case, intruders introduce a program into an electronic device (phone, computer) that can read card data. Such viruses can transmit to scammers information that the user has entered into an Internet browser: logins and passwords from social networks, Internet banks, electronic wallets, various sites, and so on.A malicious program can get on a phone or laptop by accident, disguised as another program that was inadvertently downloaded from an email or from an unverified website.
To avoid deception, it is important to update the antivirus on time and use only licensed software.
Protection methods
The list of the described types of fraud is not exhaustive. Alexey Sizov, head of the anti-fraud department of the Center for Applied Security Systems Jet Infosystems, notes that among the fraudulent schemes there are:- The use of card details to gain access to other products, for example, RBS or online lending, where information about the card, recent transactions, and even more so confirmation codes and passport data are sufficient information to change passwords in an online or mobile bank and perform other manipulations with accounts.
- Theft of funds from contactless cards. This scheme made a lot of noise some time ago, but no large losses were recorded, and one can hardly expect significant problems in this direction.
Alexey Sizov
Jet Infosystems
“Fraud is fought by specialized anti-fraud monitoring systems that monitor the behavior of cards (a set of characteristics in terms of the number of transactions, amounts, location and type of transactions). Such systems have become mandatory since 2003-2004, when monitoring requirements appeared on the part of the international payment systems Visa and Mastercard.
In addition to automated systems, the technology of "chip" cards made a great contribution to security, which almost completely ruled out the possibility of effective cloning. In addition, banks are constantly involved in the control of key processes for the issuance of cards, their remote delivery and others, which is actually related to the tasks of identification and authentication of the holder in person or remotely".
However, not only banks, but also the cardholders themselves must take precautions. Alena Tsyganova, senior legal counsel at the Alta Via consulting company, advises everyone who cares about the safety of their funds to follow a few simple rules:
- Store the PIN code, as well as the data for entering the Internet Bank (login, password, verification words or special codes) in a safe place, and best of all, in your memory.
- Do not disclose card details and one-time SMS passwords to third parties to confirm transactions.
- Be discreet when shopping online. Use only verified and official sites. Goods / services on unfamiliar sites at clearly understated prices should alert you. And also choose ATMs located in bank offices or large shopping centers with video surveillance.
If it was still not possible to save the money, Alena Tsyganova recommends that you immediately contact the bank with a statement of disagreement with the operations performed (clause 11 of article 9 of the Federal Law No. 161-ФЗ), as well as the police.
Last edited by a moderator: