Signs of inattention: fraud scheme with CTP policies revealed
Fraudsters began to implement a scheme with the sale of CTP policies. They have learned how to bypass two-factor authentication and steal Russians' personal data and money. They can use the stolen information in other criminal schemes, experts say. Izvestia learned how to protect itself from intruders.
A dangerous trick
Fraudsters have found a way to bypass two-factor authentication and steal personal data and money from Russians. They lure out information under the guise of selling CTP policies. About this, referring to the materials of the Ministry of Internal Affairs of Russia, writes TASS.
The agency revealed the algorithm of the attackers' actions. To steal information and funds, fraudsters register fake domains that resemble the domain names of popular insurance companies. The name may also contain the word osago. Scammers host a phishing website on this domain, which almost completely copies the design of the original web resource.
The potential victim is asked to fill out a special questionnaire to calculate the cost of insurance. It asks you to provide your name, date of birth, driver's license number, car information, phone number, and email address for communication. All this information thus falls into the hands of criminals.
After entering the data, the buyer is offered to pay for the electronic CTP policy with a bank card, which allows fraudsters to lure out the card number, expiration date and CVC / CVV code.
"Scammers redirect the user to a fake payment confirmation page, where they ask him to enter the payment confirmation code received from the bank. If successful, the attackers bypass two—factor authentication and receive money," the ministry's materials specify.
The Izvestia editorial board sent a request to the Russian Interior Ministry. No response has been received at the time of publication.
Counting on inattention
Fraudsters have been creating twin sites of well-known insurance companies for a long time, says Nikolay Galushin, Director General of the National Insurance Information System (NSIS).
— A potential victim buys into a resonant advertisement offering CTP for two times cheaper, goes to the pseudo-insurer's website. There she provides all the necessary information, providing information to fraudsters, and even pays for fake policies. In this case, of course, she does not receive a real CTP policy," the Izvestia interlocutor explains the algorithm.
The Russian Union of Motor Insurers (RSA), the Bank of Russia and insurance companies themselves monitor phishing sites and try to block them in a timely manner, so such resources do not work for a long time, says Sergey Yefremov, vice President of the All-Russian Union of Insurers. However, some citizens manage to fall for the trick of intruders.
The main danger of the scheme described by the Ministry of Internal Affairs is that criminals have learned to bypass two-factor authentication, which was previously considered a reliable way of protection, emphasizes PhD in Law, director of the Analytica Research Center. Business. Pravo" by Venera Shaidullina.
Attackers use citizens' trust in online services and services by copying popular websites to deceive people, says Petr Shcherbachenko, associate professor at the Financial University under the Government of the Russian Federation.
— This can lead not only to financial losses, but also to the leakage of personal information, which can be used for further fraudulent actions, — explains the interlocutor of Izvestia.
Victims provide scammers with a full set of personal data (full name, date of birth, driver's license number, car information, phone and e-mail) that can be used to apply for loans or gain access to other services, adds Shaidullina.
First of all, the use of phishing links under the guise of selling online CTP policies is designed to inattent car owners, according to the expert of the Popular Front. Analytics" and the NF project "For the Rights of Borrowers" by Alexandra Pozharskaya.
According to her, the danger of switching to such resources also lies in the fact that with its help, attackers not only steal the personal and payment data of their victims, but can also infect the device with malicious software.
Methods of protection
In order not to fall for the bait of scammers, it is necessary to follow the rules of cybersecurity, Alexandra Pozharskaya is convinced. First of all, it is necessary to check any information, no matter what is written in the message.
— To verify the information, you should contact your insurance company, whose phone number can be found on the official website, in the service agreement or on the policy itself. The support manager will tell you if you need to download any applications or follow any links," the Izvestia interlocutor recommends.
You only need to buy policies on the official websites of insurance companies or through their mobile applications, emphasizes Venera Shaidullina. To switch to official resources, you can use the website of the Russian Union of Motor Insurers.
— The real website of the insurance company is marked with a special label confirming the company's rights. If the consumer is in doubt, then there is a more reliable way to visit the insurance company's website through the official website of the Bank of Russia or the RSA," advises Sergey Yefremov.
Before applying for a policy, you need to make sure that the site is original, he points out. Only after that, you can proceed to the registration of the policy and make the payment. It is important to check the website URL, says Peter Shcherbachenko. It must start with https:// and contain the official name of the insurance company. The lock icon should be displayed in the address bar, adds Shaidullina.
In no case should you follow links from suspicious messages and emails, Shcherbachenko notes. It is important to be careful with offers of discounts or urgent promotions.
You should also pay more attention to requests for confirmation codes, Shaidullina clarifies. Legitimate services, she says, never ask you to enter an SMS code to confirm payment on the website page.
At the same time, it is important to fill in the information correctly at the purchase stage, including specifying the correct phone number and email address, Nikolai Galushin emphasizes.
— After the conclusion of the CTP contract, the NSIS will almost immediately receive an e-mail message about the conclusion of the insurance contract — this means that the contract is real, it is entered into the AIS insurance system, — explains the interlocutor of Izvestia.
In addition, it is necessary to update antivirus solutions in a timely manner that recognize and block phishing resources and virus software, Pozharskaya is sure. This will not be an absolute guarantee of security, but it will significantly reduce the risks.
Virtual cards with a limited balance will also help you protect yourself from fraudsters. Such cards should be used for online payments, Shaidullina believes.
Civil position
If the scammers have bypassed two-factor authentication and stolen the money, you should immediately contact law enforcement agencies, the bank and the insurance company, recommends Alexandra Pozharskaya. All this increases the chance to return the funds in accordance with the law "On the National Payment System".
— Amendments have been in effect for a year now, which, upon timely contacting the bank of customers affected by fraud, make it possible to fully or partially compensate for losses. But to do this, you need to contact the bank and the police as soon as possible," the expert clarifies.
The chance of recovering the stolen funds depends on how quickly the person reacted, confirms Venera Shaidullina. According to the law, a client can challenge an unauthorized transaction within 24 hours of receiving notification of it.
"However, if the victim entered the confirmation code from the SMS on the phishing site, the bank may refuse to refund the funds, since the client formally confirmed the operation himself,— warns the Izvestia interlocutor.
It is important to contact not only the bank, but also the police, because serious criminal liability is provided for fraud in Russia. Depending on the severity of the crime, fraudsters can be punished with a fine or imprisonment, recalls Peter Shcherbachenko. Also, the punishment for fraud may be forced labor and the obligation to compensate for losses, Pozharskaya clarifies.
Moreover, the responsibility for fraud with CTP policies threatens attackers under several articles at once, says Shaidullina. Among them, she highlights:
— Article 159 of the Criminal Code of the Russian Federation "Fraud", which provides for penalties ranging from a fine to imprisonment for up to ten years, depending on the severity of the crime and the amount of damage;
— Article 159.6 of the Criminal Code of the Russian Federation "Fraud in the field of computer information" — up to ten years in prison;
— Article 272 of the Criminal Code of the Russian Federation "Unlawful access to computer information" — up to seven years in prison.
In some cases, when banking information has become available, Article 183 of the Criminal Code of the Russian Federation "Illegal receipt of information constituting a commercial, tax or banking secret" will also apply, which also provides for a penalty of up to seven years in prison.
If the crime was committed by prior agreement as part of a group of individuals and the losses of the victims are large-scale, then the punishment will be many times more serious, adds Pozharskaya.
"But this can only be achieved by those who take an active civic position and promptly report the crime to law enforcement agencies," she summarizes.
Переведено сервисом «Яндекс Переводчик»
