Sberbank warns that hackers can steal money using Siri and SMS messages. Sberbank's new SMS fraud scheme Ask how this can be
MegaFon and Sberbank of Russia warn about fraud when using the Sberbank Online Internet payment system.
When a computer is infected with a virus, the website of the Sberbank Online service is replaced with a fake one. The authorization data entered on it fall into the hands of attackers. In order to obtain the secret transaction confirmation code that is necessary for the successful completion of the operation, sent to the user's mobile phone, the scammers call and, posing as Sberbank employees and misleadingly, convince them to tell them the code.
The virus spreads through social networks, dating sites, "free" software and spam emails. If the virus software detects that the computer is working in the Sberbank Online system, it connects to the scammers' control server, from which screen forms that emulate the bank's website are loaded.
Sberbank recommends that when using the Sberbank Online system, observe the information security measures that are posted on the bank's official website:
· Under no circumstances disclose your password to anyone, including employees of Sberbank of Russia;
· Check that a secure ssl connection is established and that it is with the official website of the service (https://esk.sbrf.ru). The personal account access page contains only login and password input fields;
· When you receive an SMS with a one-time password, carefully read the contents of the message. It should be entered into the form on the site only if the operation was initiated by you and the details of the recipient of funds correspond to the details of the operation in the received SMS. To cancel transactions, messages with passwords are never sent by the bank, since the cancellation of transactions in the Sberbank Online system is not provided;
· Do not use the Sberbank Online service directly from a mobile phone, smartphone, PDA, tablet, which receives SMS with a confirmation one-time password;
· If you lose your mobile device, to which the Bank sends an SMS with a confirmation one-time password, you should promptly contact your mobile operator and block the lost SIM card.
Sberbank recommends that in case of any suspicions of password compromise (permanent or one-time) by unauthorized persons (including those who introduced themselves as employees of the Bank) or requests to perform transactions not initiated by you, immediately contact the Bank's help desk by calling (495) -500-0005, (495) - 788-9272 or 8-800-200-3747.
You can report the fact and suspicion of fraud to us by calling the Subscriber Service 0500, or by leaving a message on our
Initially, an SMS is received from number 900 (Sberbank service number), in which an unknown person asks to transfer him a certain amount of money, which will be debited from the victim's account if the sent digital code is sent in the response message. Or the operation will be confirmed automatically after 600 seconds.
A person is naturally dumbfounded by such a hopeless situation. And here the most interesting begins.
Suddenly, a phone call is heard from the official number of Sberbank (8-800-555-5550). On the other end of the line, there is a man who addresses the victim by name and reports that scammers are trying to deceive him. And he, as a bank security specialist, should understand and help in this problem.
Next, the Sberbank employee says that you need to stay on the line, write a response to the message - the code that is indicated there, then insert a space and the word - “transfer cancellation”. After that, the money, together with a bank security specialist, disappears without a trace.
What to do?
- Do not panic. If you do not make transactions, the money is not automatically debited.
- Do nothing of what he says, but tell him that you will call him back and hang up.
IGNORE that he will insist that you don't have much time. Putting the victim in time trouble is the first thing scammers do. With a lack of time, a person does not have time to comprehend the situation and follows the lead of a more confident person, i.e. about the scammer. - Start asking about the name of the employee, from which department he is calling, who is his manager. Start cutting the ground out from under his feet.
Ask how can this be?
Pay attention to the service number from which the SMS comes. For a real Sberbank, this is usually 90-0. Fraudsters can have both 900 and 900 (with two letters O) and other options.
A reverse phone number is easily imitated by anyone if you call through some Internet telephony computer programs. Therefore, there is nothing surprising in this.
The scheme of deceiving subscribers through mobile phishing is by no means new. So in 2016, a user of the popular social network published a post on his profile urging him not to open a message allegedly received from the FSSP, as this leads to the loss of funds from accounts linked to online banking. Such cases were covered in the media in 2015 as well. Learn more about what fraud is banking and what are the types of this crime, read.
The widely publicized problem of mobile fraud with bailiffs received in January 2017, where someone, probably falling for the bait of intruders, posted a warning notice on the door of one of the Yekaterinburg branches of Sberbank under the screaming headline "Sberbank warns us."
Representatives of the bank, in turn, denied involvement in the dissemination of this information and generally did not comment on the situation, urging customers to be vigilant. They also gave recommendations on timely updating of anti-virus software and warned against clicking on links received from suspicious numbers.
In 2018, digital bailiff scams are less common but still exist. So in January, residents of the Smolensk region were subjected to a massive phishing attack.
While representatives of Sberbank prefer to refrain from evaluating what is happening, FSSP employees report that they do not practice notifying citizens about debts via SMS, and such alerts are clearly the work of intruders.
Scheme specifics
Such shadow manipulations are not technically complex, but are aimed primarily at getting into the trust of the device owner. Assessing the marginality of the scam, scammers complicate the scheme of interaction with the victim, trying to make it more perfect and inconspicuous. In many ways, therefore, it is important to understand the principle of its operation, which is as follows:
According to an alternative scheme, the phone does not reboot, and the user is directed to a copy of the official website of the FSSP - at this time the virus is doing its job. In some cases, the subscriber is asked to log in to the system in order to receive information about the debt.
It is noteworthy that Malicious notification always comes in private messages and does not spread in online messengers. In a similar way, attackers steal personal data from the victim's personal computer or laptop after opening a link received by email.
Can money be debited from the card automatically when opening a message, or is it necessary to click on the link?
Given the numerous appeals from victims not to open SMS messages sent by scammers, it may seem that this will be enough to infect the device with malware.
However, from a technical point of view, this is rarely possible, since the virus cannot infiltrate the operating system without first downloading. In addition, according to the subscribers who became victims of digital fraud, the account was reset to zero after clicking on the link, and not at the moment the message was opened.
It is noteworthy that users who own devices on the Android operating system suffer more from the hands of malefactors. At that time, IOS, which powers Apple smartphones, is less prone to infection, since the system is protected from unauthorized interference by default.
However, in both cases, nothing can guarantee security better than a skeptical user regarding links with unknown content.
You can find out in detail about what fraudulent schemes with bank cards exist and what to do if the money was nevertheless stolen.
Where to turn if it was not possible to avoid deception?
To achieve justice, you should adhere to the following plan of action:
- Freeze the account by contacting the local branch of the bank, using the services of online banking or by contacting employees by phone.
- Contact the bank and write an application, informing about the uncoordinated withdrawal of funds from the account (drawn up in 2 copies, where one of them remains with the applicant with a mark of acceptance).
- With a copy of the application, contact the local police station, fixing the act of embezzlement.
You should act immediately and contact the indicated institutions no later than 3 days from the date of the theft.
Due to the fact that the methods of fraudsters may vary, it is not always possible to find out exactly how the money was debited. In cases where we are talking about the infection of the system with a virus, the bank has the right to refer to the fact that the device was not equipped with necessary means protection and refuse to return . If the client entered his data on a fake site, then this may be regarded as a violation of the terms of use.
This is where the difficulties lie, but, objectively, the probability of a return of funds still exists. The police, on the other hand, are not always able to identify the criminals, as the latter use various methods of address encryption in an effort to maintain anonymity.
Details on how to return money if it was stolen from bank card, we told.
The best guarantor of the safety of personal savings is the vigilance of their owner.. Do not trust information from suspicious sources, but it is better to quickly check. You can verify or refute the existence of debt on the official website of the FSSP.
In no case should you follow unknown links, and the device should be protected with a licensed antivirus. Only in this case, you can be sure that personal savings will not fall into the hands of scammers.
If you find an error, please highlight a piece of text and click Ctrl+Enter.
- The main characteristics of Venezuela: territory, population, natural resources, industrial potential
- Personal account Konga - online loan service Kongo zaim personal account
- British pound sterling - history of currency, banknotes and coins
- What currency do you need in Italy: important information for tourists