With a calm soul: scammers who stole the money of the deceased received up to 14 years

The Butyrsky District Court of Moscow sentenced the participants of the OPS, who stole more than 50 million rubles from the accounts of deceased Russians, the FSB Public Relations Center reported on September 11. Among the defendants in the case are employees of banks and telecom operators. Fraudsters obtained information about the deceased through the purchase of databases of registry offices and other government agencies, reissued SIM cards, gained access to mobile banking applications and withdrew funds from the deceased through them. The members of the criminal group were sentenced to various terms of imprisonment — from 6 to 14 years.

The verdict for theft from the accounts of the deceased

The verdict of a group of fraudsters who stole funds from the accounts of deceased Russians was passed by the Butyrsky district Court of Moscow. This was announced on September 11 by the Center for Public Relations of the FSB of Russia.

"The defendants were sentenced to imprisonment for terms from 6 to 14 years and fines from 250,000 to 400,000 rubles," the statement said.

Among the participants of the organized criminal community were employees of mobile operators and banks, as well as others. The group worked in Moscow, the Moscow and Saratov regions, the Crimea and the Krasnodar Territory.

OPS members had access to the databases of telecom operators, banks, and government agencies. Due to this, the attackers received information about the death of subscribers and reissued their SIM cards.

"The scheme allowed criminals to gain access to the mobile applications of former clients and withdraw more than 50 million rubles to controlled accounts," the FSB Central Control Center said in a statement.

The criminal case was initiated under four articles — on theft on an especially large scale, on unlawful access to computer information, on the illegal receipt and disclosure of information constituting a commercial, tax or banking secret, as well as on the organization of a criminal community.

The detention of nine participants of the OPS in the Moscow region, Krasnodar Territory and Crimea became known back in November 2022. During the searches, they seized a database with the details of the bank accounts of deceased citizens, SIM cards, more than ten bank cards and 20 mobile phones, the Russian Interior Ministry reported.

How the criminal scheme worked

One of the victims, Andrey, told Izvestia that criminals stole funds from his deceased aunt's accounts in 2021.

— I was her only heir, so I entered into the inheritance as it should be. And six months later, when I received a certificate of inheritance from a notary and came to the bank with it, I was told that all the money from my aunt's accounts was transferred literally two or three days after her death," he said.

It later became clear that the funds had been withdrawn through the woman's personal account in the bank's online application. But she had never used the Internet and was not registered in a banking service, the victim stressed.

— I didn't write any statement myself at first, the law enforcement officers from the Ministry of Internal Affairs and the FSB contacted me themselves. They informed me that the money had been stolen. For some time I went for interrogations, and later I was summoned to the Butyrsky court to testify," he said.

According to him, information was announced in court that an employee of one of the mobile operators had forged a SIM card of a deceased woman.

— Allegedly, she personally came and reissued the SIM card, even though she was already dead at that time. As a result, they used this SIM card to register in the bank's online application and transferred all the money to themselves," he explained.

Andrey filed a civil lawsuit, and the judge ruled that the telecom operator should compensate the stolen amount in full.

How scammers gain access to personal accounts

Criminal groups that specialize in stealing the funds of deceased people often use "windows" between the death record at the registry office and the actual updating of data in all systems, lawyer Alexey Gavrishev, managing partner of AVG Legal, told Izvestia.

"They take data leaks about the deceased from registry offices, funeral services, medical institutions, seize a mobile number, gain access to an online bank, transfer money to "drops" and then cash them out, for example, using cryptocurrencies," the expert explained.

There is also a scheme in which the withdrawal of pensions and one—time payments continues after death - this is already fraud in receiving payments, he noted. And when relatives keep the card and PIN, the scheme is simplified to a banal cash withdrawal, the lawyer emphasized.

— Theft from a bank account on a particularly large scale can result in up to ten years in prison, and a similar penalty for fraud in the field of computer information. If there was access to information systems, they add an article about illegal access — they give up to seven years for it, and when "drawing" documents, forgery and the use of forged ones," the expert noted.

According to him, the organized, hierarchical structure and stability of contacts in a group of scammers can lead to the creation of a criminal community. In this case, the penalty may increase to 20 years, but the fact of actions within the framework of the OPS requires a separate standard of proof.

— Such groups are being uncovered because operators and banks have long had anti-fraud filters for abnormal transfers, surges of transactions after a long "silence" of the account, changing the SIM card before entering the application, massive activations from a single login in the communication salon. In addition, there is an interdepartmental exchange of registry office acts — as soon as information that a person has died reaches the bank, transactions on his accounts are checked, and a retrospective of transfers is raised," the expert emphasized.

The scheme used by criminals is extremely dangerous because it bypasses traditional methods of protection based on two-factor authentication, where confirmation of the transaction comes to the linked phone number, said Vladimir Kuznetsov, vice president of the Association of Lawyers for Registration, Liquidation, Bankruptcy and Judicial Representation.

— After receiving information about the death of the account holder, the attackers initiate a procedure to restore or reissue his SIM card. Having gained control of the phone number, they automatically gained access to the mobile applications of banks linked to this number," he said. — This allows them to freely withdraw funds to controlled accounts.

Such OPS, specializing in cybercrimes, have a number of characteristic features, the expert emphasized. Among them, for example, the hierarchical structure and the distribution of roles. There are organizers who develop a scheme and coordinate actions, as well as performers responsible for specific stages — collecting information, reissuing SIM cards, and withdrawing funds.

In addition, the groups use insider information. They usually operate on the territory of several regions, which complicates the investigation and requires coordination of the efforts of law enforcement agencies of various entities.

— In case of death of a loved one, it is necessary to notify the bank and the telecom operator about the incident as soon as possible in order to block access to accounts and numbers, — advised Vladimir Kuznetsov.

Banks and telecom operators, in turn, need to strengthen internal controls, conduct regular employee checks and implement more reliable protection systems against unauthorized access to data and services, he stressed.

Obtaining a deceased person's SIM card and accessing a mobile bank is one of the most effective ways to steal money today, said Alexander Redkin, senior partner at Criminal Defense Firm.

"The easiest and fastest way is to get a SIM card through an accomplice working in a mobile phone store, who issues a SIM card for a bribe, falsifying a statement about loss or breakdown," the expert noted.

In addition, there are more complex options when fraudsters forge a deceased person's passport or use a real one, if they have one, for example, bought from relatives or found, he stressed. Then the criminals forge a power of attorney for the right to represent the interests of the mobile operator, come and reissue the SIM card to a fake person.