Search This Blog

Showing posts with label Sberbank. Show all posts

Russian banks revealed new types of fraud


Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work.

VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money.

Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds.

The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish videos on the Internet with a proposal to refund value-added tax to all Russians left without income. In this scheme, customers click on a fraudulent link from the description to the video and independently perform expense transactions, which leads to a loss of money.

"Internet companies began to actively appear that offer customers to take advantage of the volatility of cryptocurrencies and promise a large profit," said Kuznetsov about another scheme.

Finally, financial fraudsters copy popular initiatives of well-known brands and companies to attract their victims, using hashtags of the period of self-isolation, for example, #stayhome and offer to participate in the campaign to get three thousand rubles ($42). For this, it is allegedly necessary to provide card data and a one-time SMS password.

It is worth adding, according to the international company Group-IB, using the remote access program TeamViewer, fraudsters steal from the clients of large banks on average from 6 million to 10 million rubles per month ($84,000 - 140,000).

Sberbank employee confesses he is the culprit behind the customer data leakage


Recall that on Thursday, Sberbank reported a possible leak of credit card accounts, which affects at least 200 customers of the Bank. According to media reports, at the weekend on one of the forums, which was blocked by Roskomnadzor (Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications), there were messages about the sale of personal data of Bank customers. The authors of the announcement indicated that they have access to data of 60 million cards.

Sberbank assured that the funds of its customers are safe because credit card accounts that do not have CVV codes, as well as logins and passwords from the Internet Bank were in the public domain. So, fraudsters can not steal money from the cards.

According to German Gref, President of Sberbank, Sberbank employees learned about the incident on the day of the leak, October 2: an ad was found with personal data of employees. After that, the employee of security service of Sberbank contacted an attacker trying to sell the stolen data.

During the conversation, it became clear that we are talking about an internal leak, Gref said.

According to a statement on the Bank’s website, "as a result of the internal investigation, the security service of the Bank in cooperation with law enforcement agencies, on October 4, 2019, identified an employee of the Bank born in 1991, the head of the sector in one of the business units of the Bank, who had access to databases and who tried to steal customer information for selfish purposes," the message on the Bank's website reads. The culprit of the leak faces criminal liability.

The leak indirectly affected the data of 200 cardholders of Sberbank, which have already been reissued, so " the owners have nothing to worry about," Gref said. He noted that the reissue took only two days.

Gref also apologized to customers and thanked them, noting their calmness.

Sberbank helped one of the largest US banks to prevent a cyber attack


In July, Sberbank helped one of the largest US banks to prevent a cyberattack and avoid damage of several million dollars. Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov announced this at the Eastern Economic Forum.

"At the end of July, our cyber defence center recorded an attack on one of the largest American banks. We informed the Bank, informed the relevant departments of payment systems to prevent the withdrawal of funds. At least several million dollars were saved," he said.

At the same time, Kuznetsov refused to tell which Bank was exposed to attack.

Kuznetsov shared the details of the cyberattack scheme. According to him, the fraudsters managed to hack one of the acquiring terminals and conduct a large number of operations. In the United States, PIN verification of transactions up to $130 is not required. As a result, at one moment the resources of several banks were attacked through a large number of operations.

At the same time, he stressed that this is a clear example of the fact that credit institutions should detect such attacks in an automated mode and not allow any actions directed against customers of both Russian and foreign organizations.

In addition, Stanislav Kuznetsov said at the Forum that Sberbank recorded about 2 thousand attacks on its systems in the first half of the year and prevented possible damage from them in the amount of at least 25 billion rubles.

According to him, the Bank noted the growth of social engineering."This is a trend to collect data about a person and corporations, and the second trend - we see that scammers focus on those companies that are poorly protected, and this is small and medium-sized businesses," he noted.

At the end of his speech, Kuznetsov said that North Korea's attacks on Russian banks are a myth, the threat to Russian resources comes "from another direction".

It is worth noting that this is the Fifth Eastern Economic Forum, held in Vladivostok on September 4-6.