Bank card fraud facts. Types of credit card fraud: how to escape from cybercriminals
Bank cards in recent years have become so firmly established that many companies are already forcibly transferring their employees to the card system.
What can I say, if I myself use decent time services for cashing Google Adsense checks, which provides its customers with the issue of debit plastic cards.
On the one hand, this is a very convenient way to store money, which allows you to pay for almost any service, make purchases and make acquisitions in both regular and
Now, in order to store a large amount on the account, you no longer need a suitcase or a bank cell: a small card will be enough for this, which can easily fit in any wallet.
But with all their advantages, bank cards can still not be called reliable: despite the fact that banks improve their customers' protection system every year, scammers manage to find ways to circumvent even the most complex security system.
Bank card fraud takes on disastrous proportions as criminals use new methods that give them access to almost any card.
So, Sberbank on its official website warns customers about the possible ways that scammers use.
Types of plastic card fraud
Below I will give some of the most popular ways to trick gullible citizens that are used by attackers:
"Reading" ATMs
This method at one time allowed fraudsters to appropriate only about $ 100,000 owned by VTB24 cardholders in Moscow.
Then the swindlers installed several fake ATMs with the bank logo, which did not issue cash, but read all the necessary information from the cards.
To this day, many bank customers are still victims of counterfeit ATMs. Cases of such fraud are regularly reported in Turkey, Thailand, Bulgaria, Singapore and other countries.
There is another way to take possession of someone else's money through an ATM: there are cases of installing a fake keyboard on an ATM.
The cardholder enters confidential data that is written by readers installed on the back of the pseudo keyboard.
Also, such devices are installed directly on the card reader. Therefore, before you insert the card into the ATM, you need to carefully examine it: the readers are not mounted tightly and can be easily removed.
Phishing
Recently a new type of fraud has appeared - “phishing” or Internet fishing.
Clients of Raiffeisen Bank and Gazprombank have already come under attack. The fraud scheme is quite simple: customers of the bank receive an e-mail from him asking them to verify passwords.
An unsuspecting victim “pecks” at the bait in the form of a bank’s website familiar to her, the link to which comes with a letter: she is not aware that scammers who have a good command of art have skillfully faked their website as a bank.
Along with the PIN code, scammers get access to the contents of the card.
No bank will request confidential information from its client through a message in the mail or a phone call.
To clarify these data, the client is usually personally invited to the bank branch.
Mobile Bank
The service "Mobile Bank" is used by the vast majority of cardholders. Such a service is very simple and easy to use.
It allows you to always be aware of the current balance and prevents the possibility of withdrawing money without the knowledge of the owner. Indeed, for any transaction, the cardholder will immediately know about it, having received an SMS notification.
Card holders sometimes change the operator, forgetting to disconnect the Mobile Bank service from the previous number, to which the card account was previously linked.
It must be taken into account that automatic shutdown is not carried out. After some time, the number is transferred to another owner, who, together with him, gets access to other people's material means.
The temptation is too great, especially if the phone regularly receives notifications of receipt of large sums of money on the card.
To protect yourself from a possible loss of money, it’s enough not to ignore the practice of canceling a service if it is no longer needed.
Phone cheating
Scammers use a variety of types of fraud, not stopping before a personal call or message to the client.
Often, they are introduced by the bank's employees and report on the receipt of a cash prize / large win by the client, after which they offer to transfer the money won to him on the card.
To do this, the client only needs to tell them her number and PIN code. Do I need to talk about what happens next?
Similar “good news” customers receive through SMS notifications.
There can be many options, but for scammers, the most important thing is to get as much information as possible about the card holder in order to quickly take possession of the money in his account.
"Good Samaritans"
Often people bring their own naivety. The scheme of this fraud is extremely simple: a bank client inserts a card into the terminal, but does not receive it back.
Puzzled by this turn of events, he is trying by all means to force the ATM to give him a card, but nothing comes of it.
Suddenly, a man appears on the horizon, inspiring confidence with his whole appearance, ready to help the poor man deal with this problem.
Under his strict guidance, the cardholder dutifully enters the password, not thinking that the kind soul is carefully following his actions, and the card in the machine was stuck due to a reader.
After several fruitless attempts, the “Samaritan” spreads its arms and hides as suddenly as it appeared.
An upset client leaves, planning to contact the bank by phone, and the “Samaritan” returns, picks up the card along with the “trap” and, entering the PIN code, cashes the card account.
Security Methods for Payment Card Holders
Of course, no one is immune from the dexterous hands of fraudsters, who - as if in response to the measures of many banks to protect their customers' cards - become only more cunning and sophisticated in ways to appropriate other people's money, developing mind-boggling methods of fraud.
However, knowledge of the schemes by which criminals act will help significantly reduce the risk of suffering from their actions.
1. Pay in cash
Try not to pay for services and purchases on the card again. It would be much safer to pre-cash it and pay "alive", but not.
Unscrupulous employees of shops and restaurants are not so rare. If you can only pay by card, you can’t allow the person accepting the payment to take it away, transfer it to strangers and carry out any other manipulations with it.
If you need to make an online purchase, use the services of online stores already verified by your friends.
You should be wary of those online stores, reviews of which look the same and too enthusiastic.
The same applies to acquiring dubious, “innovative” techniques over the Internet.
You should also be careful in choosing terminals for withdrawing funds: for this purpose, it is better not to use ATMs in shops, shopping malls and metro stations, since it is easiest to install a reader on them imperceptibly.
Theoretically, any ATM should be monitored around the clock, but in practice, it’s impossible to track everyone who approaches the terminal — and there are thousands of them in each city.
More reliable terminals located in the branches of the bank itself, because they are constantly monitored by security and bank employees.
2. Respect Confidentiality
No one should be given their card details, including the security code on the back and PIN.
No bank has the right to request this information through an SMS message, a call and an e-mail (,).
Be careful not to accidentally make such data public - especially if you are unexpectedly made a profitable offer to earn or receive money without doing anything for it.
The saying about free cheese appeared for a reason.
If you are urged to provide such data, be sure to call the bank and clarify the situation.
Telephone fraud is thriving because the bank's customers trust the people who appear to be its employees too much and are not always familiar with their own rights.
Many people, in order not to forget the password from the card, write it directly on it. It goes without saying that the loss of such a card will immediately deprive you of all the money available on it: a thief will withdraw it before you call the bank to block it.
Also, do not trust the sympathetic stranger who appears next to you at the very moment when the card mysteriously gets stuck in the card reader and can inadvertently spy on the password.
3. Disable “mobile bank”
If you change the phone number to which the card account was previously linked, do not be too lazy to come to the bank and refuse this service.
Often, customers completely forget that they used to use a “mobile bank” tied to another phone number, until money begins to disappear mysteriously from their cards. So, they took money from the Sberbank card, what should I do?
What to do if you have withdrawn money from a bank card
If trouble nevertheless knocked on your door, and money was withdrawn from the card that you certainly didn’t spend on anything, you need not to panic, but strictly follow a scheme that will help return “your money”.
- Contact your bank immediately
To do this, you can personally come to the office or contact the bank by phone. You can find out the phone number on the bank's website or on the bank card itself.
The operator will immediately block the card: this will help to avoid further leakage of funds.
In order to block the card, the client must name the code word and some other confidential data, and here it is no longer possible to secret.
- Write a statement
Be prepared to challenge transactions that you are not involved in. To do this, you will need to write a statement at the bank.
Please note that reviewing such a statement may take from several weeks to several months.
- Assert your rights
In many cases, the loss of funds from a bank card occurs not through the fault of the bank, but through the fault of relatives or friends who secretly use their PIN code.
If you are sure that no one could spend your money, and the bank insists on not being involved in the loss of money, defend your rights in court.
Often it is easier for a bank to compensate for funds lost from a client’s account than legal costs. The same applies to VIP-clients, whose loyalty is highly appreciated by any bank and therefore, as a rule, meets them.
The best way to be calm about your money is to always be in the know where the card is and, if necessary, not to hesitate to contact the bank.
Mobile Banking is a popular service that allows you to manage cash assets and pay bills without significant time costs. Using the capabilities of the information network to move financial flows saved citizens from having to visit bank branches and queuing. The flip side of the service is new types of financial fraud, including fraud with bank cards through a mobile bank.
What methods criminals use to steal finances, and how not to become a victim of hackers, read this material.
Banks protect personal customer accounts by any means available, but the number of thefts is steadily growing. Cybercriminals find vulnerabilities in defense, and often frivolous behavior of users of mobile banks helps in this.
A distinctive feature of the offered services is binding to the user's phone number. But, a convenient registration method easily turns into a “master key” for hacking, when, having connected to an online bank and then switching to a new number or another operator, users forget to notify financial institutions.
As a result of re-registration, the number becomes the property of an unauthorized person with whom the bank continues to correspond, send messages about the status of the account and password change. When falling into the hands of criminals, such information becomes crucial when choosing a victim and the method of hacking an online account.
Phone: safe use rules
Fraud through a mobile bank is less likely when certain telephone rules are followed.
Having lost a phone with a connected service package or an installed application:
- Contact your mobile operator to block the SIM card.
- Report the incident to the Bank’s Security Service to disable the service later.
Having changed the number with the Mobile Bank function activated, notify the branch of the servicing bank about what happened and ask to deactivate the service.
Rules for safe use of the gadget:
- do not leave the phone in the wrong hands;
- set the original password;
- do not connect phones of strangers to the Internet service;
- when installing extensions and applications, do not disregard the capabilities of the installed programs;
- be careful when you require the installed program to agree to automatically send SMS or access to the network.
In case of unplanned disabling of the SIM card, contact the operator to find out the reasons. Do not use links, updates and applications that come to the email address, including on behalf of the bank.
Important! Financial institutions do not send letters and do not call to report / update data on the status of accounts. To obtain confidential information, a personal presence of the client in the bank branch is practiced.
Types of Cyber \u200b\u200bFraud
The advent of the Internet and the transition of banks to online services has led to the emergence of Internet fraudsters specializing in stealing funds from bank accounts.
One of the favorite methods of thefts through a mobile bank is fraud - phishing, which involves luring network users to fake banking sites, false payment systems, online stores.
Phishingare cybercrimes:
- based on the spread of malware;
- directing users to fake Internet resources;
- reading personal data (PIN codes, passwords, logins).
In addition to phishing sites, criminals use: calls and messages to telephones, sending letters activating cracking programs, to electronic addresses on behalf of the bank.
Online phishing
This type of fraud refers to online banking, and involves attracting users to phishing (fake) Internet resources. The purpose of criminals is to read the private data of users from payment banking funds.
Pay attention to the reputation of the site!
Phishing software is usually offered for download on web pages of dubious reputation, after which malware gets on smartphones and phones, activates and steals users ’money.
New scam methods
How do scammers withdraw money through a mobile bank?
The ingenuity of criminals knows no bounds. The latest know-how of hacking hackers is sending out MMS messages that open a program that reads information and illegally withdraws money from accounts. A distinctive feature of the invention is the blocking of Mobile Bank alerts informing about the movement of funds.
Malicious programs disguise themselves as postcards, video files, updates for mobile applications. Then, the hacker virus imitates problems in the gadget, and requires a reboot of the phone.
Rebooting the device automatically activates a program that enters the RAM and copies the data: login and password of the online bank, and transfers the data to an outsider. SMS messages about ongoing transactions are also forwarded to the phones of fraudsters, so the victim of the robbery does not suspect anything and remains for a long time in complete ignorance.
Protection methods
- ignore and delete messages from unfamiliar numbers;
- install licensed antivirus programs on phones (smartphones).
To create additional control over ongoing transactions, and receive parallel reports, contact a financial institution with a request to attach the Mobile Bank to e-mail.
Sberbank online service - advantages and disadvantages
A package of services of the Sberbank online service is an SMS service that reports on receipts and withdrawals from an account, as well as a list of commands for individual numbers for standard payments - replenishment of a phone, transfer between personal cards.
Activation of the Internet resource -a mandatory requirement for access to the service, along with a plastic card and a cooperation agreement, combining and linking accounts to a phone number. Sberbank’s mobile Internet service is convenient, but not without vulnerabilities.
Link to an outside number
It is possible to bind a third party number to a mobile bank without the owner’s knowledge. Similar situations arise in case of accidental or deliberate errors of bank employees. This allows the fraudster who misappropriated the mobile bank to steal money with impunity, since the current account holder remains in the dark.
To return the lost money, the client will need an official document confirming the connection of the extraneous number. At the same time, without actual evidence of fraud, it is difficult for the owner of a mobile bank to count on a positive solution to the issue, and the quick return of the stolen one.
Switch to a new operator or number
Similar situations are possible: when changing or re-registering a number, and in the absence of a statement from the user about changing confidential data. The influence of the human factor should not be excluded - an accidental or intentional mistake by the maintenance staff.
How to issue a waiver of the number? Write two statements asking to disconnect the old and connect the new number. Otherwise, there will be the possibility of an uncontrolled connection, to a mobile bank, of eight extraneous numbers.
Money stolen in this way can be returned in rare cases, proving the guilt of the operators in the intentional fraud with the number.
System flaws
The SMS notification system and online banking are differently organized in different banks, and each has strengths and weaknesses. Sberbank customers become victims of fraud for two reasons:
- Making transactions through the Mobile Bank, while still being able to transfer significant amounts, does not require entering data from a bank card,
- A mobile bank is connected to everyone, without checking the reputation of future users.
Do not exclude the possibility of a negligent or dishonest attitude of bank employees to the performance of their duties.
How to return the missing money?
What happened is what happened. You can return lost funds. Take action by pulling yourself together and ending the panic.
Remember, losing your temper, you play into the hands of criminals who count on such a reaction.
Theft of funds from the account is possible without the attackers knowing the PIN code and bank card, therefore, if a hack is suspected, promptly contact the bank providing financial services, or contact the nearest branch with the request to block the account and provide the available information about the balance.
Upon confirmation of theft:
- Examine the account servicing agreement concluded with the financial institution and pay attention to the obligatory actions of the bank in such circumstances.
- Submit a written complaint requesting you to investigate suspicious transactions.
- Print the account statement and attach it to the claim.
A written statement must contain: a description of the situation and a list of evidence indicating that the applicant was not involved in suspicious transactions.
As a result of the client’s appeal, a prerequisite is created for the requirement that the receiving bank return the illegally received funds. Documents indicating the illegality of carrying out the financial transactions specified in the claim are attached to the appeal.
The relevant services of the receiving bank, within 45-90 days, consider and study the request for a refund, after which they make a decision on further actions.
Security Action
During the period of consideration of the claim by the acquiring bank, the security services of the banks involved in the investigation examine the documents, check the reputation of the party that filed the complaint and received the money transfer.
During the investigation, service employees, without fail, communicate with the client’s employers, neighbors, relatives, because the first complainant is suspected of fraud.
Therefore, when submitting a claim to the bank, be prepared for the fact that you will repeatedly have to prove your own non-involvement in transactions.
In the case of receipt of evidence of the innocence of the claimant and the fraudulent nature of the actions of third parties, the receiving bank returns the stolen funds to the owner within the period established by law.
Additional actions
When submitting a claim to the bank, file a statement with the police. The document must contain a detailed description of the situation, with a detailed indication of the circumstances surrounding the incident. The document is submitted in duplicate, for registration with law enforcement agencies and marked on receipt, for yourself.
Based on the submitted applications, the cyber police take measures to capture the attackers. In particular, the police:
- apply to the bank for information about the investigated transactions;
- when withdrawing money through ATMs / terminals, they examine video from surveillance cameras, interview witnesses, and the victim.
Typically, such investigations are conducted in parallel and in cooperation with the bank's security service.
In the absence of the result of the investigation, the victim has the right to make a second complaint to the bank, on the basis of which a second appeal is made to the bank to the recipient, with a request for a refund.
Every year, the number of people who use bank cards is gradually increasing. The time is not far off when the card will become the main payment instrument and will almost completely squeeze out cash from circulation (this is not the people and banks themselves who are more interested in this, but the state, since cashless payments are easier to control). A non-cash method of payment by card is convenient and has many advantages; it has been used in many countries for decades. But unfortunately, every coin has a downside: there will always be scammers who want to take other people's money.
Card fraud has already become so widespread that it is no longer possible to dismiss it, referring to isolated cases of theft of money from the card. The number of methods of deception (already known - old and new, gaining popularity in a fraudulent environment) and the number of deceived bank card holders is constantly growing. And in order not to become a victim of deception, it is necessary, as they say, to know your enemy in person. This review will feature popular and rare bank card fraud schemes that will be constantly updated, including with the help of visitors to the Finance for People website (we are counting on this). We also pay attention to the reasons that lead to the theft of the cards themselves or money from them, as a rule, the holders themselves are to blame for this because of non-compliance with elementary rules for the safe use of plastic.
How do card scammers work? And how to prevent it?
Before introducing you to various types of modern plastic card fraud, I would like to say a few words about how this happens and why is all this possible? There are two types of criminal actions that lead to the theft of money on our card accounts. The first option is without our participation, when data on our cards (their details) are massively stolen from the servers of banks, online stores, online services, etc. This is rarely done by single hackers, as a rule, organized criminal groups (organized crime groups) or cybercriminals are involved in this. Card details are then sold on the “black markets” on the Internet, and money is cashed out (“laundered”) due to, for example, bays on the card (we will talk about this later).
The second option is with our, so to speak, direct “help”. The initiators here are lone scammers. Usually they use very effective methods of social engineering (a method of managing human actions based on the use of human factor weaknesses), i.e. due to various tricks or tricks affect the "weak" places in the human psyche. There is no need to hack something (use technical means), since a well-trained person will give the necessary information to the criminal himself, and even say thanks for that.
Why do people fall for such tricks? This is due to a catastrophically low level (but, thank God, they began to deal with it at the state level), ignoring the rules for the safe use of bank cards when paying with them in ordinary stores, on the Internet, or when withdrawing funds from them at ATMs, etc. etc. We, for the most part, are very irresponsible about such a modern banking product as a plastic card, and we ourselves come across this.
If someone found out (stolen) the data from your card, or your bank has a suspicion of such actions, then the card is considered, and the bank may well block it. It’s not worth worrying in this case, because, in this way, the bank is trying to protect your money, although sometimes it overdoes it too much.
Like banks and the state, in the person of the main financial regulator - the Central Bank of the Russian Federation, they care about our security. For example, various brochures and articles are published promoting the “proper” use of card products. And one of the effective measures was taken by the Central Bank in 2015, when all banks were forbidden to issue cards without a chip, only with a magnetic strip. As you know, the latter lose much in security to chip cards, allowing attackers to read information (skimming) from the magnetic strip and use it to steal funds from the account. Sberbank, for example, since 2013 has been issuing only chipovan cards, which greatly complicates the life of Internet thieves.
There is also a great offer from banks in conjunction with international payment systems Visa and MasterCard - this is PayWave / PayPass. Cards equipped with this technology allow you to pay for goods and services without entering a PIN code (up to 1000 rubles) and contacting the card with a payment terminal, which is much safer than ordinary plastic. Already, many banks offer such cards - pay attention to them. The future, in general, for such contactless technologies, you can now pay for purchases in this way from smartphones with built-in NFC-chips (by analogy with the card).
Methods (types) of fraud with bank cards
Bank card theft
There have always been scammers who have stolen and will steal valuables in such a banal way. Your wallet has been stolen, and there are several of your cards in it, including credit cards. It’s good if all the cards are with a chip, then the criminal will need to find out the PIN code (we hope that you do not have it written on the card itself or on a piece of paper that is carefully put into the wallet), without which you won’t pay for the goods in the store, and there’s no money in the ATM take off. But if there is an old-style card (with a magnetic strip), then there's nothing to be done, you can cash it in a store by buying any product.
By the way, if the card supports PayPass or PayWave instant payment technology, then a purchase worth up to 1 thousand can be made without problems (above 1 thousand - only with the introduction of a PIN code). But still, a card is not money, but just a piece of plastic, which is the “key” to your money, and it can be quickly blocked. How to act if your card is stolen and how to prevent this, read the appropriate.
The theft of data from bank cards from the servers of banks, shops, etc., which we have already talked about, can also be attributed to this method, but, unfortunately, nothing depends on us here. The only way to counter this is to insure the risks of the theft of the card and its data (risks of compromising it).
Technical Tricks
Fraudsters came up with many tricks that are based on the use of various technical lotions: the simplest and very complex, but quite effective.
Skimming
The classic way of cheating, gradually fading into the past with the advent of cards with a chip, but nevertheless still relevant. Attackers use special devices to steal data - skimmers that quietly attach to the card reader of an ATM and copy data from the card’s magnetic strip when the card is inserted into the card reader slot. It is difficult for a non-specialist to distinguish an ATM with a sticky skimmer from the original equipment - the same relief and color. The arsenal of fraudsters includes an on-board keyboard or a miniature camera, necessary in order to read / peep the entered PIN code. The copied data is "poured" onto the blank card, from which any amount is withdrawn from the card using the peered pin code (within the available limits, of course). Details about skimming, and how to recognize it, can be found in.
Repeated (double) debit from the card
Not so often, but still this happens when you pay twice for a purchase made by you with a card. It’s good if you have activated a service (it’s not so expensive, but it is extremely useful and informative), and we learned about it in a timely manner and began to take appropriate measures. Otherwise, you just give your money to the store (do you have extra money?). Such a problem may arise due to a technical malfunction on the side of the store (a problem with the terminal or a human factor - the seller’s mistake), an acquirer-bank servicing the store, or a payment system (error in the processing center). This may be the intentional action of the seller, although it is unlikely that he will get anything from it, payments are non-cash. Most likely, these are random actions due to inexperience or inattention, the very human factor. How to protect yourself from re-write-offs and return your money, read on.
Sniffering (sniffing and intercepting data)
Fraudsters practice intercepting data in crowded places (in restaurants, cafes, train stations, etc.) using a network traffic analyzer (sniffer, from the English word for sniff - “sniff”) - a special computer program for intercepting packet data , their decoding and analysis. The free and public wifi network is just the place where you can become a victim of an attacker. Fraudsters can intercept any of your data, including passwords from payment accounts and payment details of your card, if you suddenly decided to pay using it in an online store, and the connection was not properly protected.
Adhesive tape method for an ATM
Cheap but effective. A man approaches the ATM, wanting to withdraw money from his card, inserts the card into the card reader and dials a PIN code on the keyboard. From the side of the dispenser (device for issuing money) a characteristic rustle is heard, but for some reason money is not visible. A person "writes off" this to an ATM malfunction, shrugs, takes out his card and goes to another ATM. What is the result? The money really was withdrawn from the card and even the ATM issued it, but in reality they stuck to the double-sided tape stuck in the dispenser by a scammer who would take the money out for you. If something similar happened to you, and in addition, the ATM issued a check to you, then do not rush to leave it. See what needs to be done in such cases in this one.
Lebanese loop
ATM Phantom
Not such a popular way of card fraud because of its "scale" and high cost. Instead of a real ATM, fraudsters can build a plastic frame with a skimmer built into it. From the inserted card into the card reader, all the necessary information can be considered for its subsequent cashing out (see about skimming) and at the same time, the attackers will recognize your PIN code typed on the “pseudo-keyboard”. Alternatively, an ATM can swallow at all and not give out a card. Read the details about the phantom ATM, there are also tips on how to avoid falling into such a scam.
Data theft using viruses (trojans)
A very dangerous type of technically perfect fraud when a smartphone or computer is “infected” with a virus program, for example, a Trojan (details in). This is such a smart “digital pest” that it can not only ruin the data on your computer or “steal” valuable information, but also act on behalf of the owner of the phone (or else it will be!).
For example, you installed some free program from GooglePlay on your android, and with it a virus entered your smartphone. Your phone number is tied to a card, i.e. a mobile bank service is activated on your phone. So, a Trojan installed by chance, you can use SMS banking to find out your balance, send an SMS command to transfer from your card to another, and independently reply with an SMS to the message confirming the operation. Moreover, the owner of the smartphone may not see any signs of activity, the virus will simply hide them from it, or see, but it will be too late.
Many fraudsters of Sberbank (and not only him) have come across such fraud, it pleases that the maximum daily limit for transfers through a Sberbank mobile bank is 8 thousand rubles, otherwise the virus would have taken all the savings.
Alternatively, the virus can transfer money from your card account to the account of a certain mobile number, and then scammers will cash out this account. How to protect yourself from such problems, study the material at the above link.
Duplicate SIM Card
Knowing your card number to withdraw money from it is not enough (), usually any operation is accompanied by an additional identification of the card holder (3-D Secure), when the bank sends a one-time password to the phone number attached to the card, and the card holder must confirm this password, entering it in the appropriate form. Thus, any card transaction (on the Internet or through a mobile bank) is impossible without access to the phone attached to it.
What do intruders do? They go to the mobile phone salon and duplicate the SIM card. Just like that, without a SIM card owner’s passport, a duplicate cannot be made, therefore, there is a criminal conspiracy of fraudsters and sellers of a mobile phone salon. After creating a duplicate, access to the “attacked” map is blocked.
To steal money from a card using mobile bank commands, you don’t even need to know the card number; look, for example, from Sberbank cards. And if the criminal already knows the details of the card (for example, he looked at them), then having made a duplicate, he can transfer a large amount of funds through his Internet bank to his accounts and look for the wind in the field. Do not forget that with the help of your cell phone, an attacker can gain access to email accounts, and they are also a payment account, for example, Yandex.Money wallet is tied to Yandex.Mail.
This is a very insidious fraud, so it’s better to adhere to certain so as not to fall for it, follow the same link for a more detailed description of fraud.
Methods of influencing the psyche and the human factor (social engineering)
The main protection against the following methods of card fraud are knowledge (including financial literacy), personal experience and the experience of other people who have fallen for similar scams. We have been helped by numerous cases of fraud, which are described in a huge number of reviews on the Internet, as well as many articles that reveal the tricks of small bandits. It is better if we study not on our own, but on another's, albeit bitter, experience.
SMS fraud
A typical example of SMS fraud is the receipt of an SMS message from a bank number allegedly about blocking funds on your card due to an attempt of unauthorized access to them, with a recommendation to call the number given in this message. You will be informed by phone that to unlock money on the card account you must transfer its details: card number, name, validity period and a three-digit secret code on the back of the plastic (CVV / CVC). Thus, the unlucky card holder, in order to save his money, transmits all the important data - he is not given time to think and analyze the situation, which is the calculation of cunning intruders. Moreover, scammers will also ask them to dictate the password that came to the victim’s cell phone (and this is the one-time password that they need to confirm the transfer of money from the card being attacked). If the person is not blind, then in the text message he will see a phrase about the inadmissibility of transferring a one-time password to an unauthorized person. But he will read it later, when he realizes that a decent amount has been taken away from his card account (well, if not all).
Usually, after such cases, people begin to think what’s what, but it happens that they repeatedly come across the same scam.
What other tricks do dishonest people go to, using SMS messages to lure money from cardholders, and how to prevent this, read in.
Phishing
A very common type of fraud, when, for example, the Internet user is “poked” with a pseudo-site of his Internet bank, very similar to the original, on which they will try to fetch (catch) his card data in any way. Hence the name of this method of fraud, translated from English. “Fishing” is fishing.
In the form of a nozzle, the same methods of social engineering are used as in the previous method, the main thing is that a person goes to a fake site and believes that he is on the original resource. A link to such fraudulent sites may contain, for example, an e-mail from a fraudster, executed in a typical bank form (color, logo, etc.), and the text will stimulate it to go, frightening possible problems with money on your card accounts.
At the same time, the names of such sites are outwardly similar, but still slightly different. Find, for example, the differences between the original site name sberbank.ru and the pseudo-site sbepbank.ru. As you can see, it is not so easy to notice the differences with the "inexperienced" eye.
About this fraud and how not to fall for the bait of Internet thieves (phishers).
Bay on the map
The well-known method of “laundering” (cashing out) dirty money stolen from bank accounts is based on a transfer (gulf) scheme to a person’s card (“drop” - according to fraudulent terminology), who agreed to withdraw money credited to him for a decent fee and give it to a specific person. Having bought such offers, a person risks twice.
Firstly, he violates the law, and if he is caught, and this will not be special for the relevant labor authorities, then a real term of up to 7 years can be obtained.
Secondly, he runs the risk of falling into a pseudo-pourer, who fraudulently lures the advance from the victim, and hides with the money received. In general, it’s just the pseudo-fillers who make the announcement of the bay on the map, and the real representatives of this illegal business are silent like a fish and only work with trusted people. That is why so often people come across in the hope of making decent money by providing their card for the gulf and closing their financial holes, but in reality they lose their last money.
To have a full understanding of, check out our article detailing this cheating method. There is also information about the measures to be taken if you were dragged into this adventure.
Buyers-scammers and sellers-scammers on bulletin boards (including Avito)
They act quite simply - they ask to transfer the advance to their card, and this is where the contact with the seller ends. It evaporates without a trace. Keep in mind that it will be impossible to return the money transferred by you through the bank, since you transferred it of your own free will.
But the fraudster is already a more “cunning beast”. Such people offer to transfer an advance for the goods and ask the unsuspecting victim for all the details of the card (although only its number is enough for the transfer). Moreover, they have the audacity to call again and ask for a one-time password that comes to the victim’s phone, which indicates that the scammers are already halfway to their goal - stealing money from a card account. We talked about several cheating scenarios in this common cheating and how to protect yourself from such phantom buyers. Read and do not fall for these scams.
It is possible that you know other ways of card fraud. Therefore, write about them in the comments, and together we will try to collect as many cases of card fraud as possible. Forewarned is forearmed!
26.08.2014 10:04:00
Using plastic cards, both credit and debit, is convenient. You do not have to carry a large amount of cash with you, while the funds can be disposed of at your discretion at any time, both for making purchases and paying for services, and for transfers to relatives and friends. However, plastic cards, being a convenient way to access money on a card account, inevitably become the object of attention of attackers, inventing more and more new ways to steal this money. In order not to lose your money, you need to know what methods criminals use. We have prepared a short review, the top ten most popular methods of credit card fraud. We hope that knowledge of these techniques will allow both customers and bank employees to avoid troubles and problems when using credit cards.
1. Screaming
This method of accessing someone else’s bank account was a real scourge of the entire system of card payments several years ago, and attempts to use it remain popular so far. The criminals who choose this method are armed with fairly advanced technical devices. The first of these is a scrimmer, a portable scanner that reads data from a victim’s card. This device looks like a patch installed on the slot for receiving an ATM card. The scrimmer passes the card through itself and pushes it further into the ATM, while reading data from the magnetic tape.
After that, fraudsters easily make a copy of the card, so copying information from a magnetic strip is no more difficult than making a copy from a tape cassette, these were popular not so long ago (the principle of storing information on magnetic tape is the same). But in order to use such a copy card (“white plastic”, as information security experts say), criminals must know the pin code that is entered on the keyboard of the ATM. This code is read using a video camera installed nearby, or using a thin patch keyboard installed on the ATM keyboard.
In order not to become a victim of this type of fraud, it is enough to carefully inspect the ATM before entrusting it with your card: it is easy to notice overhead devices, as they change the standard appearance of the device. When entering a PIN code, you should also cover it from possible peeping - keep in mind that a camera with a powerful lens can be mounted at a great distance, including on the upper floors of buildings. But the best protection against screaming is the use of a card with a chip that supports hardware encryption of information. To make a copy of such a card in the "field" conditions is almost impossible.
2. Phishing
The word phishing is translated from English as fishing, and the eponymous scam method really has much in common with the ancient art of obtaining food. As well as fishing, bait is used, and the victim must also swallow it on his own, caught on a hook. Only a trap site is used instead of a worm, and instead of a hook, is the card data that the victim enters on the page of such a site.
Phishing cybercriminals create a website that mimics the bank’s official website. For these purposes, a domain name is used, similar to the name of the bank, but registered in one of the domain zones of South America, Africa or another remote region. The calculation is simple: Not all people carefully look at the address bar of the browser and not everyone understands that the site only looks like a familiar site, in fact, it is a completely different page. They lure the victim to such a front page, as a rule, with a letter also imitating an official letter from the technical support of the bank. Only the link contained in such a letter leads to a trap site. Under the pretext of verifying information, the victim is asked to enter all the card information on the front page, including CCV and pin code. Some front pages even redirect the victim after receiving the necessary information to the bank’s real page, and even a person who suspects something is wrong sees the real site of a financial organization.
The recipe for fighting a phishing attack is simple: carefully watch what kind of site is open in your browser, and in no case send to the Network the information that a real bank already has. Best of all, if something strange happens, call your bank and check what happened. Just, for God's sake, do not dial the number that is published on the fake web page, be careful!
3. Down shop
One of the varieties of phishing is the use of an online store specifically designed to collect information about victims' cards. Remember that miracles do not happen, and if a product is offered at a price several times lower than the market price, then something is wrong here. Often a site with “attractive” offers, whether real or virtual goods, is simply a “strip” between you and your bank, filtering out payment information and redirecting it to another account. At the same time, even the payment confirmation code sent by the bank to your mobile phone will not save - you yourself will enter it into a special window on the scammers website.
4. “Security Check”
In everyday life, people, as a rule, are not vigilant; they do not wait for an attack at any moment. And such a call is a sudden attack on your bank account. Some criminals act so brazenly that they even ask you to read the confirmation code that you will now receive in SMS. Do not hesitate: at this moment the fraudster makes a payment using the information received from you, and there are only a few seconds left before parting with the money.
5. The "salvation" of money
A more perfect version of the previous method is to transfer the victim to a stressful state. “Money is being debited from your card now, we need to urgently check the information. What is the number, expiration date and last three digits printed on the back of the card? ” The options may be different, but the meaning is the same: you need to decide quickly, your money is in danger, urgently dictate all the information. It is proved that in a state of stress and anxiety, a person is prone to rash acts and does not try to analyze the situation.
6. “Mom, I have problems, don’t call, transfer money to this account”
Even if your child sits on the couch next to you, you will be scared to receive such a message. This is how parents work: they worry about their children, and the reaction to a possible threat to them is very strong. And if your child is somewhere in the city? A simple, effective and impudent scheme that uses strong feelings and basic, fundamental instincts.
7. The loyal customer
8. Selling a card with a zero balance
Often fraudsters offer to buy bank cards with zero balance. Along with the card, some personal data is also bought. It would seem that bad things can happen if there is still no money on the card? But troubles can be serious enough if the card is used for criminal activity. For example, it can accept payments from victims of fraudulent schemes, it can be used to cash stolen money. In any case, the police and tax authorities investigating fraudulent schemes will go to the owner of this card.
9. Robbery at an ATM
Old as the world, the “wallet or life” method was transformed into the “card and pin code or life” method. Be careful when approaching an ATM in a disadvantaged area and at night.
10. Nigerian prince
The scheme, which has become a real classic of fraud thanks to smart guys from Nigeria, who at one time organized a large-scale international “business” to take money from gullible whites. However, the Nigerian regulars of local Internet clubs were simply the first, now such "princes" can be from any country and with any skin color. The scheme works thanks to people's faith in miracles and the desire to get rich quick, using a turned-up case. The victim receives a letter from a stranger who tells that he is a representative of a wealthy family from a distant country (in the classic version - a Nigerian prince).
Blinded by the possibility of a fantastic quick profit, people open accounts and maintain correspondence with the “prince”, watching his dramatic adventures in a distant land. As a result, it comes down to one thing: for any purpose (a security deposit for an air ticket, a postage fee - whatever) you need to transfer a small amount from your credit card, in no way comparable to the millions that the whole company promises. As a result, some victims manage to transfer thousands of dollars, helping their new friend and expecting millions.
Information value
There are many fraud schemes with credit cards, many of them are no longer relevant, but criminals are constantly coming up with new ones. To use bank cards not only convenient but also safe, remember: the most expensive thing in the modern world is information. To give personal information, information about a credit card to outsiders is the same as giving your wallet.
Use modern plastic cards with a chip that supports hardware encryption, such as Plus Bank cards. If you often pay for goods and services on the Internet, get a separate card for this, transferring only funds for the next payment to it. This is convenient to do, for example, using the Internet banking from Plus Bak.
And be careful when trusting information about your card to people you don’t know.
With the advent of multi-functional phones that support many functions, cases of illegal access to their contents have become more frequent. This is due to the presence in the phone memory of sufficient information to implement a criminal plan related to the theft of money. The main victims of the attackers are owners of phones with the Android platform installed. However, among the victims there are also users of simple telephone sets.
Service "Mobile Bank"
Activation of the Mobile Bank service is usually carried out upon issuing a plastic card by registering your telephone number in the system. The service allows you to make financial transactions with funds on a card account using mobile communication elements.
- The client is notified of all movements of money by SMS.
- Payments via the Internet are accompanied by the need to confirm your identity in the form of entering a code in a special field that came via SMS to a phone number registered in the system.
- After making simple steps with a set of numbers, you can find out information about your own bank accounts.
- Instant notification of operations related to the withdrawal of funds, indicating the place and time of the procedure, will help the owner of the banking product, if it is lost or stolen, calculate the intruder who committed the financial transaction, since all ATMs and cash registers in retail outlets are equipped with a video surveillance system.
Despite the obvious advantages of the system, working with it carries the risk of being prone to fraud.
How fraudsters withdraw money from a bank card through a mobile bank
Attackers use several theft schemes:
- By introducing a Trojan into the phone, which intercepts all incoming SMS coming to a mobile phone. Having received the information, the fraudster is able to transfer funds to his account using the "Mobile Bank".
- With help phishing sites displaying the banking page of a site on the screen of a mobile applicationwhich is fake. The user enters their data in the form of a username and password, and the offender, having received them, logs in through the official banking site and carries out withdrawals by transferring to another account.
- Using a fake Google Play windowin which the card data is indicated.
- When changing a SIM card in case the old product has not been disconnected from the Mobile Internet application.
Can scammers withdraw money from the card by phone number
Over the course of his life, each person changes his or her phone number more than once, buying new SIM cards, ceasing to use the old number, which can later be sold to another subscriber.
Before you permanently refuse an unnecessary number, it is recommended to deactivate the mobile banking service, since its new owner, being a dishonorable person, can take advantage of the opportunity to access the system and take possession of other people's money belonging to a former subscriber.
How fraudsters withdraw money from a bank card without a PIN code
Without possession of information about the card’s PIN code, withdrawing funds from it is impossible. It is worth noting that a three-time incorrect password entry leads to the blocking of the account, after which access to money can be obtained only by personal appeal of the product owner to the department of a financial institution or by telephone to the bank hotline.
However, scammers resort to various tricks that contribute to the withdrawal of funds from the card:
- Make purchases in shopping centers where a password is not required.
- In case of loss or theft of the wallet, which stores the card and pin code together, the attacker has the opportunity to make a problem-free withdrawal of funds from it.
- Conducting Internet operations using basic card data, such as product number, expiration date, as well as CVV code.
- By scanning a magnetic tape and making a copy of the medium. This is possible with the help of specially installed equipment in remotely located ATMs, terminals, as well as in some retail outlets. Thieves read not only data from the medium, but also copy the pin code to it.
Reasons for SMS notification of a bank card holder about withdrawal of money
If the phone number received an SMS notification about the withdrawal of funds from a bank card, its owner needs to analyze the information about the financial transaction conducted in order to exclude:
- the fact of notification, which is a belated result of personally withdrawn money, since messages often arrive belatedly;
- withdrawal of obligatory payments due to programming automation of the procedure in your personal online banking account;
- debt collection by bailiffs;
- card service fee;
- write-off for the use of credit;
- banking error by calling the hotline.
If the SMS message is not associated with any of the above events, then it is likely that the money from the card was stolen.
What to do if fraudsters withdrew money from a bank card
In case of disappearance of funds from the account, its owner should suspect that fraudsters have withdrawn money from the card through a mobile bank. How to return the money? - The first question that arises from the victim. Experts recommend in such situations to adhere to the algorithm:
- Call the hotline number of the bank.
- Explain the situation to the operator and ask to block the banking product.
- Read the section of the contractual relationship with the bank, which discusses the conditions for contesting transactions and actions in such a situation.
- Personally visit the bank branch, not forgetting to take identification documents.
- Make a statement of disagreement with the transaction.
- Submission of the document to the bank in duplicate. One remains with the recipient, and the second, with a mark on the assignment of an incoming number, remains with the applicant. The filing date of the application is considered the reference point normalized to resolve the issue of time.
- Present evidence that the money was withdrawn by an unauthorized person.
- If the result of consideration of the application is a decision on the return of funds, the applicant must expect the indicated time to transfer them to the account.
If the bank refused to comply with the legal requirement of the client, then he has the opportunity to exercise his rights in court. To do this, you should file an application with the police about the theft of funds from the account and with a judicial organization to a bank that refuses to solve the problems of its client.
Banking Nuances
Upon receipt of an application from the client about the loss of funds, the Bank acts in accordance with the approved scheme, which implies some mandatory procedures. In addition, you must pass them in a certain sequence.
First you need to make claim appeal to the bank of the recipient of money about their return on the basis of the client's application In order to substantiate its claim, it is recommended to enclose documents to the application, which confirm the illegality of the financial transaction.
Then held investigation of the situation by the security departments of both banks. In the process of implementing this event, the materials provided by the client regarding the transaction are examined, and the reputation of the applicant about the problem and the recipient of the money is checked.
Consideration of the application and decision-making by the recipient of money is regulated by the time not exceeding 90 days.
It is worth noting that during the period of work by the security services of banking institutions, their employees have the right to demand proof of non-involvement in the implementation of suspicious transactions of the applicant, since he is the main suspect in the theft of money, as well as an interested person in recognizing the situation as unlawful. To do this, employees of a specialized unit can contact the employer, district officer, family members, neighbors.
Their main goal is not to solve the applicant’s problem, but to carry out his check for integrity. If this fact is confirmed, the operation will be recognized as fraudulent, and the applicant can count on receiving illegally withdrawn funds from the account.
Contact the police
Along with contacting a banking institution, it is recommended that the injured person contact the police. It should be noted that the banking security service is not interested in such actions, since this may adversely affect the reputation of the financial institution. The application is made in a similar claim to the bank form. Based on the submitted document, law enforcement agencies conduct a comprehensive investigation aimed at searching for intruders. Their actions are aimed at the following activities:
- contacting a bank institution that owns the card from whose account a financial transaction was conducted;
- visiting shopping centers or financial institutions from which the transaction was made from an ATM or cash register;
- study of video information from surveillance cameras;
- interviewing the victim, his family members and possible witnesses;
- conducting analytical processing of the information received.
Will they return the money if the scammers withdrew money from the card
When fraudulently withdrawing money from the account, it should be remembered that all financial transactions were carried out on behalf of the client, so his main task will be to prove his innocence in the transaction. If this succeeds, the banking institution is obliged to make a refund.
For the quick realization of the rights of the injured citizen, it is recommended to file an application with a banking institution and law enforcement agencies whose services are authorized to view video cameras located at each ATM and at retail outlets. Video filming can serve as evidence of the innocence of the owner of a banking product’s operations, as well as assist in the search for an attacker.
If the stolen funds were not returned to the victim, then he has the right to issue a second appeal to a financial institution and to the court. If there is evidence that the cardholder is not involved in the transaction, the bank-owner of the financial product returns the funds stolen from his account to the client and issues an arbitration notice to the financial institution into whose account the money was transferred in order to receive compensation for the transaction carried out fraudulently.
How to avoid loss of funds due to unlawful actions of attackers
Possessing information about the ways of stealing money from bank cards, mobile Internet users can prevent events by analyzing their own actions regarding money transfers and the state of their own phone.
- When installing the program on a mobile phone, you should check it in advance, for the purpose of identification from a malicious utility, since in 99% of cases, users activate the trojan themselves.
- The entire application should only be downloaded from trusted sources. In this case, you should pay attention to the requirements of the utility during installation. The user should be warned about the need to transfer administrator rights or send SMS. If you suspect that the program is legitimate, the client should contact a banking institution to clarify the situation.
- It is not recommended to follow the links in the sent SMS messages.
- Using an antivirus program, you can be sure of the absence of cyber attacks on telephone software.
- For financial transactions it is recommended to use those ATMs and terminals that are installed in a financial institution or in places equipped with video cameras.
Owners of plastic cards are often to blame for theft of funds due to non-compliance with security measures when working with a banking product. If fraudsters withdrew money from the card through a mobile bank, you need to know how to return it in order to promptly take appropriate measures. In order not to become a victim of scammers, it is important not only to monitor the status of your account, but also to those in whose presence the card is used, as well as which programs are installed on the phone.