The average amount of theft from citizens’ bank accounts, according to the Bank of Russia, increased by 30% in 2022; last year, more than 13 billion rubles were stolen from clients of credit institutions, said Alexander Stekolnikov, member of the Opora Rossii digital economy committee. The expert told Izvestia what methods of stealing money from cards exist and how to recognize scammers.
“In matters of carding (a type of fraud in which a transaction is made using a payment card), the basis is still occupied by social engineering, that is, working with the psychology of the victim,” Stekolnikov explained.
According to him, attackers enter into trust, appearing to be someone reliable: the bank’s security service, law enforcement agencies, social services.
“Most often they make phone calls and start working on the main feelings of the victim, for example, fear of robbery or fear for their health or a loved one. The key task is to lure card data, code words and other personal data through dialogue, ”the expert said.
In addition, according to him, scammers use instant messengers and correspondence on social networks, where, for example, they can make an acquaintance and then ask for money to move to their “beloved” or “beloved”.
Another popular method among scammers, he called a job offer. Victims, agreeing to minor activities on the Web, send bank card details to attackers to receive a reward.
“With the expansion of modern technology, phishing technology has emerged. Fraudsters create copies of existing sites with fake payment details or payment forms for services. <…> Scammers have made a similar technology for QR codes, by scanning such a code with a smartphone, you get to a phishing page,” Stekolnikov added.
Copies of well-known Telegram channels are also being created, where messages about raising funds for charitable purposes are published.
However, the most technologically difficult, according to the expert, is the method using a card reader – a device for scanning a card.
“The scammer carries it in his pocket, the task is to lean against your card, which is in your pocket or wallet, closer, for example, in public transport. The device reads the card data and automatically posts it as a payment without a PIN. Or, more difficult, just copies your card. Swindlers use this data and magnetize “blanks” for cards and make a copy of yours,” Stekolnikov explained.
He also named another method of carding – Trojans and viruses that get to the user’s computer or smartphone. As the expert clarified, the virus can stay on the device for several months and collect logins, passwords and other personal data that are used to enter the bank. After that, the user’s bank page may change when transferring funds, or the recipient’s details may change.
“Banks are fighting scammers by constantly improving the software of their websites, ATMs, and cards. They create bots that are installed on phones and block calls from numbers from the black database. Stop suspicious transactions from unfamiliar places, cities or countries. A database of suspicious bank cards is maintained, in the case of transferring money to them, the real user receives a call from the bank confirming the information,” Stekolnikov said.
The expert added that credit organizations also set up two-factor or three-factor protection when entering a site or making a transaction.
“Together with the development of carding, banks will constantly evolve in this cyberwar. However, the cardholder’s vigilance and suspicion remain the main method of protection,” Stekolnikov concluded.
Earlier, on March 5, it was reported that phone scammers came up with a new trick to deceive Russians in instant messengers. Thus, attackers began to use foreign telephone numbers that are visually similar to Russian ones. On the avatars in the accounts, scammers put either the coat of arms of Russia or the emblems of Russian law enforcement agencies.
