In Russia, a new way of telephone fraud is gaining momentum. Attackers disguised as a bank employee calls to Bank’s client to suspend a financial transaction but do not require to tell confidential data of Bank cards. They claim that the credit institution identified an attempt to the unauthorized withdrawal of funds from an account in another region.
As a result, the scammers report that they blocked the attempt to withdraw money, and offer to verify the devices that have access to the personal account of the client. Then attackers will find out if the client uses the Android or IOS operating system. Subsequently, the attackers offer to help disable the system, which is not used by the client, using the TeamViewer access delegation program.
The TeamViewer access delegation program allows an outsider to connect and perform any operation on your behalf. Fraudsters need to find out from the Bank’s client their user id so that attackers can easily connect and take possession of confidential smartphone information. In this case, it will be extremely difficult, if not impossible to prove an attempt at unauthorized hacking. After all, the Bank’s client voluntarily provided access.
It is worth noting that previously a number of large credit organizations recorded a sharp increase in fraudulent calls to customers from banks using the technology of number substitution. In some banks, the activity of fraudsters has increased tenfold.
The banks indicate that telecom operators are not effectively detecting and blocking such schemes. The solution to the problem came to the level of the Central Bank.
It is interesting to note that on August 10, the Central Bank of Russia recommended banks to inform payment systems of the number of the Bank card, account or mobile phone of the recipient. This should help identify fraudsters and block transactions. The requirements relate to P2P transfers and transfers, where a third Bank is involved, as well as payment systems.
If banks and payment systems follow the Central Bank’s recommendations, data on the recipient of funds will be sent to the FinCERT (center for monitoring and responding to computer attacks in the financial sphere of the General Directorate of protection and information security at the Bank of Russia).
According to the leading anti-virus expert of Kaspersky Lab Sergey Golovanov, indicating the phone number will track cases when one person has issued many accounts for his number and uses them to transfer funds using social engineering.