The expert warned Russians about the risks of data theft when using a VPN

Attackers can use VPN services as a tool to intercept user data and gain access to bank accounts. Igor Bederov, head of the T.Hunter Investigations Department, told about this on March 24.

According to the expert, users should not treat the software as a "magic button", as the services act more as intermediaries. The attackers configure the servers so that all the victim's traffic, including attempts to log into an online bank, passes through their infrastructure.

"A VPN is just a pipe. Your traffic stops going directly to the provider, but goes to the server at another point. Everything you do is no longer seen by your mobile operator or the router in the cafe, but by the owner of the VPN server itself," Bederov explained in an interview with TASS.

The expert described a common theft scheme in which fraudsters intercept a user's session.

"At the moment when the victim entered the username and password, and an SMS with the code arrived on the phone, the scammers used the session (cookies) that were generated on their server and went to the bank first, simultaneously blocking SMS on the victim's phone through the settings of the same VPN," the agency's interlocutor noted.

For security reasons, Bederov recommended immediately deleting applications that request excessive permissions, such as access to contacts, camera, SMS or geolocation in the "always" mode.

March codes: how scammers speculate on the topic of spring holidays

Intruders are attracted by the start time of active travel planning

On March 24, law enforcement agencies reported that telephone fraudsters had begun using a new deception scheme, using the pretext of allegedly delivering letters by courier from the Ministry of Labor of the Russian Federation in order to gain access to citizens' accounts.

All important news is on the Izvestia channel in the MAX messenger.