Call from the Bank may be not from the Bank
Photo: Fotolia/hppd
Not so long ago we talked about the ways in which criminals lure in unsuspecting user verification codes. As a result, the fraudsters can transfer money from mobile phone account. But progress does not stand still: subscribers are constantly faced with new ways phone divorces.
The old Scam in new packaging
Our attention was drawn to a new method of fraud, wrapped in a new wrapper. To the seller of the online trading platform addresses the buyer with an offer to buy the lot via money transfer to a Bank card. In the course of negotiations the parties negotiate the details such as Bank name, Bank which will be transfer.
As proof of their intentions, the buyer sends his photo, a photo of the passport and photo credit card, asking about service: the seller needs to do the same. After some time, the buyer reported that he had sent the money. And then the fun begins: the seller contacts the Bank’s security service, so as to receive the funds in your account you must answer some simple questions.
In the first approximation, the call looks for certain, that the phone number really belongs to the Bank, the caller communicates in accordance with corporate standards and pretty well fending off awkward questions, and his questions special suspicions does not cause: “how long have you been with our Bank, where was the last time you have used your card?”, etc.
What’s the catch
Of course, the caller is not an employee of the Bank. And the buyer doesn’t want to buy anything. All that was needed to lure the user with the necessary information. And no, they are not so harmless as it seems: after a conversation with the victim, the scammer calls to the Bank and, posing as the victim (he already knows the passport details and credit card number), notify about change of phone number.
To make changes to the database, the call center operator needs to identify the caller. To this end, he asks several questions to answer on that (under normal circumstances) only the owner of the Bank card. For example: when it was signed the contract with the Bank which address was delivered to the map where it was last used, etc. the Answers to these questions, the scammer has already received from unsuspecting victims.
After successful completion of identification, the fraudster has full access to the Bank account of the victim and because the deceived user will no longer receive your phone messages on the movement of funds in a Bank account can clean it, what is called zero.
Helpline
In this story there is a detail which significantly increases the degree of confidence of victims to the caller: telephone number. On the phone screen it is defined as the Bank number. If desired, it can even be found on the website of the credit organization. No, the scammer is not in the Bank. He just used the number substitution.
Deputy Director of audit Department, Digital Security protection Gleb Chernov explains that for this procedure, the fraudster does not need to have special knowledge or use of special technical means: “a Room to replace easily. To AppStore you can download a special application, to pay around 400 rubles and to carry out this simple operation. Scammers can easily spoof your number to the number of the Bank.”
Scammers can easily spoof your number to the Bank number.
Gleb Chernov
Indeed, using simple search online you can find a lot of offers for telecommunications services, which includes not only the opportunity. In some cases, the customer surcharge there is even a function to change the pitch of the voice. Thus, pseudophegopteris and fake employee of the Bank may be one and the same person.
If you try to explain the principle in simple language, it works as follows: fraud using VoIP calls the analog PBX that is configured in such a way that the caller before the call can use the web interface or some other way to specify which number should be displayed at the side receiving the call.
You can not deny leave
Number substitution — the problem is not new. Talk about how to oblige operators to transmit the number of the initiator of the call unchanged, going for a long time. However, according to experts, ill-conceived legislative restriction can lead to rather unpleasant consequences: many services, such as Skype, use essentially the same mechanism for calls to external numbers. In addition, work on the same principle PBX, when, for example, a call from any office phone will be determined as a single number.
The first attempt to carry out amendments to the law were made in 2014. Then the bill, named with someone’s light hand, “the ban on Skype, not passed the first reading, although the authors of amendments are assured that their adoption will have no impact on market players using legal scheme of passing traffic. Next time to deal with the substitution of numbers, the deputies plan to the end of 2016. This will make the new composition of the state Duma.
What to do
“It is worth remembering that attackers often use sophisticated schemes to obtain personal data. On the phone fake Bank employee can find out your address or history of recent operations somewhere in the forums or social networks to discover your date and place of birth, even the passport number and so on. That is, through a variety of channels will be obtained the necessary data,” says Gleb Chernov.
So the simple answer to the sacramental question “what to do” no. But there is, as usual, a few rules that should be followed: do not lay out in open access and do not betray anyone with your passport details and Bank card numbers. Remember that the employee of security service of Bank will call and ask strange questions due to the receipt of the account funds. But if you still have doubts, just hang up and will call back to the Bank.
Paul SHOSHIN, Banki.ru
Source: Banki.ru