Search This Blog

Showing posts with label Banking scam. Show all posts

The Central Bank of Russia spotted a fraud scheme using the voice menu of one of the banks

The Central Bank of Russia informed banks that fraudsters use the voice menu to get information about the status of customers' accounts, using only the last four digits of the card.

It all started with the fact that one of the credit organizations reported a sharp increase in the number of calls to customers from fraudsters, and the attackers knew the exact amount on the accounts.

It turned out that the scammers made phone calls to the IVR system (Interactive Voice Response), replacing customer numbers. When calling from a client's number, they requested information about the remaining funds by entering the last four digits of the Bank card.

After that, the scammers called potential victims and introduced themselves as Bank employees. As proof of authenticity, they provided customers with information about their account balances. After that, they successfully used social engineering methods to steal money.

The phone numbers of customers and their Bank cards were compromised and spread on the Internet. The Central Bank believes that fraudsters could get them from the Joom client base, which was in the public domain. Then, representatives of the online store and banks assured that there is no danger for customers, since the data that fell into the hands of fraudsters is not enough to debit money from their accounts.

It turns out that the last four digits of the card may be enough to get confidential information from Bank customers. But this information is not officially classified as secret and is printed on any check.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, the use of biometrics can simplify the identification process for the user and make this process more secure. At the same time, the expert believes that the use of biometrics would increase its cost for the Bank. Thus, despite the recommendations of the Central Bank, banks will continue to minimize their costs in this area, risking making their customers victims of fraud.

Cyber Criminals Use New Method To Steal Funds From Bank Customers' Account


According to a report of the Central Bank, this year, Bank fraudsters have a new way of stealing from Bank cards, they pose as Bank employees using the technology to substitute phone numbers. Special IP-telephony services allow them to perform substitution of numbers, or scammers disguise the number using the letters OOO instead of 000 and so on.

It is noted that the two tools help the scammers to commit thefts. The first is access to personal data. Only in the last six months, the Central Bank specialists found 13 thousand ads for buying or selling names and phone numbers. Attackers, who got personal data, can easily simulate a conversation as an employee of a credit institution, insurance company or government agency.

The second tool of scammers is special programs that allow them to disguise as the official number of the Bank. The Central Bank recognised the falsification of Bank numbers as a new massive way of stealing money from the population.

According to the Bank of Russia, this summer the number of fraudulent calls to customers increased dramatically, and in June-August, the regulator sent data to Telecom operators on more than 2.5 thousand numbers from which calls to customers of Banks were received. However, only 200 numbers were blocked.

Experts believe that blocking numbers is not the best way to combat fraud. It would be more correct to stop the leakage of personal data from Banks and other organizations.

Thefts are mostly associated with the substitution of phone numbers, and Telecom operators refer to the lack of norms in the law. We will initiate changes to the law on communications, - said Artem Sychev, the First Deputy Head of the Department of information security of the Central Bank.

HDFC Bank Issues Warning Against a New Online Scam: Here's What you Should Know!



HDFC Bank has sent out a warning to its online banking users about a scam carried out by an app known as AnyDesk which is used by hackers for stealing money through unified payments interface (UPI). The main objective of the scam is to acquire unauthorized access to a victim’s mobile and carry out illegal transactions without any knowledge of the account holder.

In February, Reserve Bank of India (RBI), said, ‘AnyDesk’ have the ability to acquire complete access to users mobile devices which is exploited by hackers to steal their money via making transactions remotely. AnyDesk is a remote device control app which allows the remote controlling of devices.

Bewaring the customers, the bank has issued an official mailer concerning the matter and further warned its users that hackers attempt to access their account related confidential information such as OTP, PIN, expiry date, debit card details, and other sensitive data which is required for the purpose of authentication during transactions.

To ensure the safety of its users, HDFC Bank advised them against sharing their confidential data with anonymous callers and in order to keep their bank balance fortified, they should avoid downloading any apps onto their smartphones.

Commenting on the matter, the bank said, "Beware! Fraudsters may ask you to download AnyDesk App and share a 9-digit code which gets them access to your phone to steal money. Do not share your card details / OTP / PIN with anyone and report any unusual activity immediately to the bank.”