In Russia is actively developing new type of fraud — stealing Bank card data of customers using so-called external interactive voice response (IVR). Under this scheme citizens not calling themselves cheaters, and programmed their robots, which are submitted by banks and fish out the necessary information. The scheme works because automated programs generate the trust of the population. For the year from April 2015 to April 2016 using IVR fraudsters stole the Bank cards of Russians 6 million. About this “news” told in the company Zecurion, specializing on the security issues of remote banking services.
Usually an IVR is programmed for incoming calls — greeting customers (“Thank you for calling our company. If You know the extension number of the employee, dial the number right now”). Now the attackers began to use IVR for outbound calls in order to steal data Bank cards. Programmed robots by fraudsters, posing as Bank employees, asked people to call those cards, logins-passwords to login to Internet Bank, CVV codes, PIN codes (the reasons are called different, mostly “for further information” or “system failure”). Zecurion according to forecasts, in 2016 the volume of theft of funds from the cards of Russians with robots will increase by 40-50%.
Read more:
[Folks want to prohibit yourself to go to the doctors]
The elderly want to prohibit yourself to go to the doctors
The government is considering a proposal that older patients could get an appointment to the doctor in the clinic only with the permission of the nurse or paramedic
Typically, scammers start robotic program at cloud data centers — in order to conceal it (by IP addresses of intruders easier to calculate). So the interlocutors do not have any suspicions, send them to the system and live “employees.” Conceptually, this is social engineering aimed at obtaining information about payment instruments.
New fraudulent scheme rather peculiar, but effective, — says the head of the Zecurion analytical center Vladimir Ulyanov. Victims know little about what the robots can call. Faced with a precarious situation, Bank customers are lost — this is the first thing hackers, further processing much easier. Secondly, the answering machine inspires confidence: in the view of people such systems use a large company; also
the robot does not have the intellect to fool. But the citizens who become the target of a Scam, you forget that tune up the system real people.
According to the head of digital business unit of the Bank Dmitry Kashtanov, the fraudsters start to use the scheme with the robots already have logins passwords banking customers to log in to the Internet Bank.
— With the attackers, as a rule, out one-time passwords to confirm transactions via the Internet Bank, they come to clients in SMS — indicates the source. — And if earlier the scammers are calling citizens to obtain them, now began to use robots. One option, when robot tells the client what happened the erroneous transaction resulting from a failure of the system and for its abolition need a one-time password that came to SMS.
According to the head of the anti-fraud centre for information security “jet Infosystems” Alexey Sizov, automation deprives new scheme cyberattacks flexibility.
— If the potential victim calls the common man, he can adapt to the victim’s behavior, the robot is unable to do, which means that the “quality attacks” decreased, — says Alexei Sizov. — It is not excluded that Avtoprovod the output will give attackers more if the quality will go down three times, and the number of calls will increase five-fold. Much will depend on the ingenuity of attackers to configure autosevocom.
According to Vladimir Ulyanov, the scheme is not guaranteed to work without preliminary preparation of the victim — not every card holder stores their data in a breast pocket, so that on any call to get in and dictate all the details.
— And if you make a few calls, a person can think of, to correlate facts and to smell a rat, — the interlocutor specifies. — The most effective and working tools of social engineering to get information here, while the victim was gathering my thoughts.
Vladimir Ulyanov warns clients against hasty action.
— Take the time to provide all the information that is required of you, — says the expert. Another good practice is to decline a call, call the contact number listed on the website of the Bank, and inquire whether you call and for what purpose.
He also advises not to talk to unknown on the phone, explaining that when you take the call, sure that’s really calling from the Bank. In the end, even if you are really worried about a credit institution, it may not oblige you to anything. Therefore it is better to contact the Bank through official channels and to clarify information.
