Hundreds of thousands were stolen: scammers came up with a new scheme using work chats

Scammers began to use a new scheme to deceive Russians using work chats. They hack into a person's account and start writing to his colleagues, allegedly from the security service, accusing them of transferring money to Ukraine. Izvestia found out how the trick works and how to distinguish criminals.

New scheme with work chats

The scammers began hacking into the accounts of Russians in messengers, infiltrating work correspondence and deceiving their colleagues. The criminals pose as the company's security service, accuse the person of financially supporting Ukraine, and then extort money, the Gazinformservice company said.

Izvestia managed to talk to a former employee of the tax service, who almost suffered from the new scheme. Galina F. She explained that she had received a message from the deputy head of the inspection (as it turned out later, she was hacked by hackers) — at first the women were just chatting, and then a former colleague said that Galina's data had been "sold to Ukraine, and the security service was interested in this."

Photo: IZVESTIA/Dmitry Korotaev

After that, an alleged FSB officer called the woman, introduced himself and stated that a large sum had been sent from her account to Ukraine. To be convincing, he sent a letter to the messenger "from Rosfinmonitoring" with a warning about criminal liability.

— It said that I allegedly transferred 540 thousand rubles, there was a corner stamp, seal and signatures. The security officer switched me to an investigator — I was very scared. The investigator began to ask what savings were kept at home and threatened with searches," the woman said.

Photo: IZVESTIA/Dmitry Korotaev

Galina's conversation with the scammers was interrupted by real police officers who came to her house. As it turned out, a few days before, the criminals had deceived her other colleague, D., from a messenger chat — they had lured 700 thousand rubles out of the pensioner for exactly the same reason. When the former employee of the tax service realized that she had become a victim, she contacted the police.

— The scammers kept calling when she was already sitting in the department, called my name and asked if we were working together. The police heard it, understood everything and came to us," said Galina F.

According to her, the criminals continue to write to former colleagues from the chat, although everyone has already been warned about the incident. The police opened a criminal case on fraud.

The Carousel of Trust

Cybersecurity experts called the revealed scheme a "phishing carousel of trust." As Irina Dmitrieva, an analytical engineer at the Gazinformservice Cybersecurity Research Laboratory, explains, fraudsters build chains of victims, taking advantage of their official position and trust in each other.

— Criminals select a victim in the course of intelligence and data collection on the Network. Having formed a common dossier on her and prepared tricks for compromise, they hack into the messenger account. Most likely, they did it through phishing software, interception of an active session, or brute force (selection) the password,— says Dmitrieva.

Photo: IZVESTIA/Sergey Lantyukhov

Having gained access to the profile, hackers open a list of all contacts, correspondence and chats — they are most interested in the worker. They are looking for the next victims, "attaching" the legend of the threat of criminal prosecution to the scheme. Then, according to the classic scenario, they force one of their colleagues to transfer money to a "secure account" — and they would have done the same to the other if the real police hadn't intervened.

Leave conversations: online correspondence data will be required to be stored for three years

How will this affect the users of the services and will it help in the fight against fraudsters?

According to the expert, such a scheme is considered advanced, it causes significant harm by cascading victims, spreading to a larger number through messengers. Criminals actively manipulate all the seized data (correspondence, photographs, work data, scans of documents) and put pressure on the victims, rush them, preventing them from assessing the situation and asking for advice.

— In addition to having social engineering skills, they require patience and technical savvy. For multi—stage communication with several victims, fraudsters need to work out quick interaction scenarios in detail, carefully study the digital profile of victims and accurately voice the data, says Dmitrieva.

Photo: IZVESTIA/Sergey Lantyukhov

At the same time, in this scenario, the attackers did not work out the speed of communication with the victims. They didn't have enough time to force the second victim to hand over the money. The first one managed to lose her savings, but turned to law enforcement agencies.

Methods of protection

According to Alexey Korobchenko, head of the Information security department at the Security Code company, today the largest number of fraudulent attacks are carried out through messengers. To ingratiate themselves, scammers use a wide variety of legends: from mimicry of mailing lists on behalf of popular brands to the widespread FakeBoss scheme.

— Two-step schemes — first account hacking, then calls to the victim on behalf of the "police", "Public Services", "Telegram administration" and so on — have also gained popularity recently. The user, especially if he is not familiar with the variety of fraudulent schemes, does not expect to be subjected to a double attack," says Korobchenko.

Photo: IZVESTIA/Alexander Kazakov

Therefore, to protect yourself from fraudsters, it is important to be able to secure your messenger and your device as a whole, think critically, and do not trust questionable calls and messages.

The expert divides account protection methods into active and passive.

Rushing to social networks: scammers have moved from the Internet to messengers

What is the reason and how to protect yourself from money and identity theft

The first one includes:

• You can prohibit the tightening of privacy settings, for example, in Telegram, so that users do not write to the user from the contact book.;
• Two—factor authentication is an additional password that must be entered when logging into an account from a new device.;
• install protection tools, such as an antivirus that will block attempts to access malicious resources.

The second category includes:

• following the "do not follow links from untrusted sources" rule;
• do not share any confidential information with anyone, especially passwords and codes.;
• stop any conversation or correspondence as soon as the topic concerns personal data and finances. This is a clear marker of fraudsters.

— It's not difficult to distinguish scammers: they give themselves away at the moment when they begin to exert pressure, ask to name data or commit monetary manipulation, demand to keep the conversation secret, convince of the urgency of completing the "task," concludes Irina Dmitrieva. — Real law enforcement agencies do not threaten to search without official notification and cannot demand money transfer over the phone, therefore it is better to hang up and call back at the official number.