Risk windows: how not to lose money through a screen demonstration

Fraudsters are increasingly stealing Russians' money, disguising themselves as bank employees or MFC employees. They demand to turn on a screen demonstration for a "security check," and then intercept SMS codes and gain access to bank accounts or "Public Services." Last year, more than 1 billion rubles were stolen through this scheme. Each deceived person lost about 100 thousand on average. Today, data is being stolen not only from individuals, but also from companies using the Zoom and Teams apps. The largest number of victims is in Moscow, St. Petersburg and the Krasnodar Territory. How showing a screen can lead to a loss of money and how to protect yourself — in the Izvestia article.

What should I do if they ask me to turn on the demo screen?

According to VTB, about 30-40% of all cyber attacks occur using remote access programs. The Ministry of Internal Affairs of Russia clarifies that fraudsters have become more active in using the scheme with a demonstration of the screen on a smartphone to hack accounts on "Public Services". The Central Bank points out that the share of such schemes occupies about 15-20% of the market, that is, every fifth Russian has faced an attempt to steal data.

Photo: IZVESTIA/Dmitry Korotaev

A typical example was recently recorded in Khakassia: in Abakan, a pensioner sold a summer cottage and lost more than 750 thousand rubles. The fraudster, disguised as a buyer, convinced the man to turn on a screen demonstration to check the receipt of money, took over the login and password from the mobile bank and stole money from the account.

The attack scenario is structured as follows:

— the fraudster pretends to be a technical support employee from banks, online schools or delivery services, and also pretends to be a potential employer;

— under the pretext of "program settings" or "data verification", the attacker asks to turn on the screen demonstration function;

— a text message is sent to the victim with confidential data, which the scammers intercept and steal accounts.

Playing for money: scammers began to use schemes with bank shares

The attackers use the branding of large financial organizations

As Vladimir Abramov, the owner of PRO32 Connect antivirus, explains, the screen demonstration is a very convenient and seemingly safe function that is used to provide assistance, presentations and training.

Photo: IZVESTIA/Dmitry Korotaev

— However, in the hands of intruders, it turns into a dangerous tool for identity theft, since it allows you to literally "peek" into a person's digital life. Even an accidental demonstration of work correspondence, bank notifications or browser tabs can lead to serious consequences, from loss of access to accounts to obtaining loans and signing statements on behalf of the victim," the expert explains.

A divorce scheme with a screen demonstration in messengers

The press service of the Doctor Web company strongly recommends that when making a call from a stranger or even from a familiar person, do not click or show anything. If you can't do without showing the screen, you first need to disable pop-up notifications in your phone settings and close all programs that can show them. This applies to SMS messages, messengers (especially corporate ones), and mail. A good solution, if you need to show something on the screen, is to share screenshots.

Roskomnadzor recalls another popular scheme where fraudsters contact the victim under the guise of the head of the organization. If in doubt, it is necessary to interrupt the conversation and call the supervisor back yourself, through another application. At the initiative of Roskomnadzor, a Center for Legal Assistance to Citizens in the Digital environment has been established and is operating. Anyone affected by the illegal use of personal data can apply there.

Photo: IZVESTIA/Pavel Bednyakov

In combined telephone fraud schemes, attackers can use different scenarios to force the victim to show the screen, confirms Dmitry Ermakov, head of the Financial Fraud Protection department at F6. In such cases, fraudsters use accounts that look like official representative offices of banks, the tax service, and so on to disguise themselves.

The main risk when turning on the screen demonstration is that all sensitive information that appears on the device screen immediately becomes known to the interlocutor, the expert notes.

— Criminals are usually interested in two-factor authentication codes for stealing the personal account of Gosuslug and Gosklyuch, — explains Dmitry Ermakov. — In this case, they get not only the opportunity to perform some actions on behalf of the user, but also access to his data, which can be used in further attacks.

Panic button: bank applications will be equipped with new protection from fraudsters

Financial organizations are trying to protect clients from crime

Sometimes attackers even manage to see the data on the victim's account balances. In this case, they create a phishing clone of the bank page, indicate the distorted amount of the user's balances and personal data, and continue to develop the attack.

Photo: RIA Novosti/Vladimir Trefilov

Displaying the screen during online lessons is dangerous because all course participants will see the notifications. At the same time, there may well be people with unscrupulous intentions among the viewers who can record the screen or use the information they receive to hack accounts, says Anastasia Agafonova, head of the cybersecurity department at Fortis.

How to protect yourself from phone scams

To minimize risks, Fortis recommends that users disable notifications in advance and use specialized software to demonstrate the screen, and companies should train employees in the basics of digital security.

PRO32 reminds us of the first and main rule: never agree to a screen demonstration, even if a stranger introduces himself as a high-ranking official of government agencies, since in reality, representatives of structures do not have the right to require the inclusion of this function. If the interlocutor insists, you should immediately stop the conversation and, if necessary, contact law enforcement agencies.

Take samples: answering machine recordings began to be used to create deepfakes

Voice data can become a dangerous weapon in the hands of fraudsters.

The F6 company urges not to communicate with strangers in messengers at all, unless it is not known in advance why this is necessary.

Photo: IZVESTIA/Pavel Bednyakov

The company notes that the solution to the problem of protecting user data from fraud could be a single open cross-industry platform for accounting for phone numbers and banking details. Such a platform should be automatically updated with negative data at the first signs of fraudulent activity and be resistant to possible risks of compromise.