How scammers deceive Russians. What you need to know

For a long time, the fight against cyberfraud has been handled mainly by law enforcement officers. This year, banks were also involved in this work, but so far the number of victims of fraud is only growing. What fraud schemes are widespread now and what makes victims of fraud keep silent - in the material of "Izvestia".

Gifts disguise data theft

- In November, the police reported a new method of fraud. Users of the messenger Telegram receives a message that they allegedly received a premium subscription as a gift. By clicking on the link, entering the phone number and password, the person gives the attacker access to the account and personal information, which the attacker can use both for blackmail and phone hacking.

- Such "gifts" are one of the variants of "phishing", when the user is redirected to a fake site that imitates an official resource. The personal data entered on this page allows attackers to steal passwords, gain access to bank accounts and credit cards.

Click on the photo: scammers have invented a new scheme with photos in Telegram

A single click on the file is all it takes to debit the money

- This scheme is common not only in cyberspace. Real flowers or gifts can be delivered by courier, and the recipient will only be required to give him the delivery code. The attacker has enough of this information to hack into the account on "Gosuslugi", steal money from accounts and issue loans to the victim.

- Specialists warn that the risk of losing your data exists not only when clicking on links, but also when opening images and files: fraudsters can send a document with an EXE or ARC extension, under which a malicious program is hidden. In 2023, hackers managed to embed malicious code even in files with PNG resolution, which is used for images and was previously not suspected by computer security experts.

- Before accepting a gift, it is advisable to find out who the sender is and call them, as it may turn out that their account has been hacked. If the giver chose to remain anonymous, there is a good chance that the message came from scammers.

Who are the droppers

- To prevent law enforcement from tracing the stolen funds and figuring out the attacker, scammers use bank transfers from account to account, confusing the trail. To make the process look less suspicious, cards or accounts of real bank customers are used. These people are called drops (or droppers), from the English word "drop".

- It is possible to become a dropper both intentionally and accidentally. For example, job ads without specifying specific conditions can be a signal that fraudsters are hiding behind it. Most often in such ads sound wording: "remote work", "without experience", "for students", "from 18 years old", "free schedule", "banking services". If in the end, the author of the vacancy requires the applicant to issue or sell him bank cards in his own name, transfer money through their accounts to other cards or provide for a fee their own accounts in social networks or messengers, most likely, the employee is intended to play the role of a dropper.

- It is also possible that cards are issued to a person without their knowledge if fraudsters have managed to get hold of their personal data. Sometimes the user is told that money was sent to his card "accidentally" and is asked to transfer it to another account. In this case, the person is unwittingly made a participant of the fraudulent scheme, because, leaving money on the account, he legally becomes a kidnapper. Situations are different, but there is only one way out of them - contact the bank's employees at the number specified on the official website, contact law enforcement officers, explain the situation and help to identify the real attackers.

- In order not to get to work for fraudsters, experts recommend to find out in advance all possible information about the organization in which you are being employed. You can check with the tax or social service, whether the latter had any complaints about the work of this company and how long it has existed.

Collection couriers: who they are and how they operate

- Due to the fact that banks have started blocking transfers, fraudsters have started using couriers to take cash from victims. A person is told that their accounts are allegedly under attack, but they can take advantage of a free collection service that will transport the money to another bank to store it in a "cyberthreat-proof" account.

- Previously, the same scheme was used in a widespread telephone fraud, when a person was told that his "relative" had been in an accident and urgently needed money to avoid responsibility or for a necessary operation if, according to the legend, the "relative" was injured. Here experts recommend not to panic and not to give money to strangers under any pretext.

- Fraudsters often rush the victim in order to prevent her from critically thinking about what is happening. The best tactic is to inform them that you cannot talk now and will call back later. Typically, it is only a few minutes after the call is terminated that the person realizes they have been called by scammers.

Customer deceptions in the banking industry

- In November, the Central Bank announced that constant monitoring of the banking sector has reduced the number of abuses. Complaints about the imposition of paid services in bank branches decreased by 40.6% over the year, and the number of cases of mis-selling, when the client receives one contract under the guise of another, decreased by 2.7 times. All these are unfair practices that are not uncommon in credit organizations.

Voice in a bundle: in Russia it was proposed to create a biometrics database of phone scammers

The project is being discussed as part of a large package of anti-fraud measures

- In the recent past one could encounter such sales in insurance and brokerage firms, but more often in banks, where insurance policies, investments in securities or non-state pension provision agreements could be issued to the client under the guise of a deposit with a high yield. Unlike deposits, these are more risky products that are not protected by the state.

- Despite the fact that in fact one service is substituted for another, sometimes not even a bank service, such a situation is not considered fraud, because the client signs a contract that specifies all the terms and conditions of the product. Bank employees counted on the fact that people often sign documents without reading. In this case they cannot prove later that they were cheated. This unfair practice was stopped.

How to protect your data

- Personal data is valuable information for an attacker. It can be used not only to gain access to user accounts and accounts, but also to obtain loans and companies through which fraudsters launder money. To secure personal information, experts recommend following the rules of "Internet hygiene".

• Enable two-factor identification wherever possible: to enter an application, in addition to a password, you will need to enter a code from SMS, which will complicate the life of fraudsters.
• Enable 3-D Secure in banking applications: the system will require an SMS code to confirm transactions.
• Protect your phone and computer with passwords and access codes.
• Avoid using public vaults and password-protected Wi-Fi.
• Close your social network profiles to outsiders.
• Don't post your phone number, email address, or photos of documents.
• Do not click on suspicious links and download applications only from official resources.

Myths about scammers

- Fraudsters are characterized by a propensity for risk along with a thirst for profit, advanced communication skills and emotional coldness: they can show sympathy for the victim, but remain indifferent to his suffering. The myth that cyber fraudsters cannot be caught has been dispelled: police often succeed in uncovering a fraudulent scheme and apprehending the perpetrator.

- Experts say the biggest problem is the behavior of fraud victims. Elderly people do not immediately file a police report because they believe law enforcement will not be able to help them recover their lost funds. Young people do not report having been victimized by fraudsters because it is considered shameful to be cheated.

- Nowadays, cyber scammers have developed skills to the point where anyone can fall victim to them. They exploit human emotions and find an approach to everyone: they play on greed, self-confidence, respect for authority or compassion and care for loved ones. Therefore, not only elderly people and children, but also policemen, officials, scientists and psychologists can be deceived. This is an international problem, and now there is a worldwide consensus that victims of cyberfraud should not be accused of being shortsighted. We need to fight the fraudsters, not the victims.

- Fraudsters are actively using modern technology and social engineering against their victims. Experts doubt that in the near future there will be any universal program that can prevent cybercrime. But the sooner people who have suffered from the actions of fraudsters turn to law enforcement, the more likely it will be possible to apprehend the attacker, return the stolen goods and warn others about new extortion schemes.

When preparing the material, Izvestia talked to and took into account the opinions of:

• security expert Alexander Vlasov;
• cybersecurity expert Alexei Kurochkin;
• Alexander Vurasko, development director of the SolarAURA digital threat monitoring center of Solar Group;
• Dmitry Galov, Head of Kaspersky GReAT in Russia.