Robots now steal money from Russian bank cards
Welcome to the pages of the blog iCover . In all likelihood, we are witnessing the emergence of a new trend in the electronic fraud industry. Theft of money from bank cards of users abroad, and now in Russia, attackers increasingly trust robots. In accordance with the task set, the cardholder is not dialed by a bank operator, but by voice a robotic IVR operator programmed for the simplest monologue. We invite you to familiarize yourself with some interesting data for the past year and the opinion of experts on the possible development of the situation in the near future.
In accordance with the data of a professional study conducted by the capital agency for information security of remote banking services and protection against data leakage (DLP) “ Zecurion (Silver partner of Samsung Electronics under the Samsung Enterprise Alliance Program in the development of mobile corporate solutions), since from April 2015 to April 2016, using the IVR scheme (Interactive Voice Response Service), about 6 million rubles were stolen from Russians' cards. On the national scale and the analyzed time interval, this figure looks quite modest, but given the growth dynamics of the “popularity” of the new method of fraud, it cannot but cause fair concerns.
Traditionally, IVR are programmed for incoming calls and configured to welcome the subscriber - eg: “Thank you for calling our company. If you know the internal number of an employee, you can dial it right now ... ”and so on. Recently, fraudsters have expanded IVR capabilities by extending them to outgoing calls in order to steal user card data. As a rule, the robot who has phoned refers to the need to clarify information or a system failure, after which he asks to duplicate the card data, login passwords to log in to the online banking account, PIN and CVV codes. Taking into account the dynamics of recent months, Zecurion experts have warned: the number of attempts and the likely amounts of theft of card funds of Russians in the current 2016 will increase by 40-50%.
')
Most often, robotic software algorithms are launched by fraudsters in cloud data centers, which significantly complicates their operational identification. In order to finally confuse the user who almost believed the metal voice, the robot can redirect the latter to a very real interlocutor, who plays the role of the bank employee. Psychologically, such a scheme looks flawless and, taking into account the surprise factor, it sometimes misleads even quite prudent and careful users. In the absence of sufficient explanatory information from banks, the rate of fraudsters that the electronic assistant will cause unconditional trust of ordinary users most often works.
“The new fraudulent scheme is quite specific, but effective,” says Vladimir Ulyanov, head of the Zecurion analytical center. - The victims know little about the fact that robots can call. Faced with an unusual situation, bank customers are lost - this is the first thing that attackers need, and it is much easier to process a person further. Secondly, the answering machine is credible: in the view of people, such systems are used by large companies. Also, in the opinion of the victims, the robot does not have enough intelligence to deceive. But at the same time, citizens who are being targeted by scammers forget that live people are setting up the system. ”
According to Dmitry Kashtanov, head of the Binbank business security department: the scheme with the client’s “processing” by the voice robot is most often started at a stage when fraudsters already have logins and passwords to log into the Internet bank. It is at the stage of entering a one-time password to confirm the operation the moment of trust acquires special value. More recently, in order to extract a one-time password that came to the SMS, fraudsters were dialing in person. Now we have all the chances to communicate with the “robot”. In order to motivate the call, the robot often refers to an erroneous transaction due to a system failure. To cancel it, the robot asks to provide a one-time password, delivered to the client by SMS.
At the same time, according to Alexei Sizov, head of the department for combating the fraud of the information center Jet Infosystems, automating the fraudulent scheme deprives it of flexibility, since the live interlocutor always retains the advantage to quickly respond to the emotional state of the victim. But, on the other hand, Sizov agrees, according to statistics, auto dialing will give attackers more if the “quality” of the attack (compared to the traditional way when a person calls) decreases threefold, but the number of dialers will increase fivefold. Here, he clarifies, a lot depends on the level of professionalism and ingenuity of the robot tuners.
In the case of an automatic informer dialer, experts advise you to reset the call, call back the contact number listed on the bank’s website or your personal manager and clarify how justified are the requirements that the electronic assistant presented to you. This advice also works if a real person contacts you by phone.
For our part, we hope that the information received in time will allow our readers to avoid the problems described above.
Dear readers, we are always happy to meet and wait for you on the pages of our blog. We are ready to continue to share with you the latest news, review materials and other publications, and we will try to do everything possible so that the time spent with us will be useful for you. And, of course, do not forget to subscribe to our headings .
Our other articles and events
In accordance with the data of a professional study conducted by the capital agency for information security of remote banking services and protection against data leakage (DLP) “ Zecurion (Silver partner of Samsung Electronics under the Samsung Enterprise Alliance Program in the development of mobile corporate solutions), since from April 2015 to April 2016, using the IVR scheme (Interactive Voice Response Service), about 6 million rubles were stolen from Russians' cards. On the national scale and the analyzed time interval, this figure looks quite modest, but given the growth dynamics of the “popularity” of the new method of fraud, it cannot but cause fair concerns.
Traditionally, IVR are programmed for incoming calls and configured to welcome the subscriber - eg: “Thank you for calling our company. If you know the internal number of an employee, you can dial it right now ... ”and so on. Recently, fraudsters have expanded IVR capabilities by extending them to outgoing calls in order to steal user card data. As a rule, the robot who has phoned refers to the need to clarify information or a system failure, after which he asks to duplicate the card data, login passwords to log in to the online banking account, PIN and CVV codes. Taking into account the dynamics of recent months, Zecurion experts have warned: the number of attempts and the likely amounts of theft of card funds of Russians in the current 2016 will increase by 40-50%.
')
Most often, robotic software algorithms are launched by fraudsters in cloud data centers, which significantly complicates their operational identification. In order to finally confuse the user who almost believed the metal voice, the robot can redirect the latter to a very real interlocutor, who plays the role of the bank employee. Psychologically, such a scheme looks flawless and, taking into account the surprise factor, it sometimes misleads even quite prudent and careful users. In the absence of sufficient explanatory information from banks, the rate of fraudsters that the electronic assistant will cause unconditional trust of ordinary users most often works.
“The new fraudulent scheme is quite specific, but effective,” says Vladimir Ulyanov, head of the Zecurion analytical center. - The victims know little about the fact that robots can call. Faced with an unusual situation, bank customers are lost - this is the first thing that attackers need, and it is much easier to process a person further. Secondly, the answering machine is credible: in the view of people, such systems are used by large companies. Also, in the opinion of the victims, the robot does not have enough intelligence to deceive. But at the same time, citizens who are being targeted by scammers forget that live people are setting up the system. ”
According to Dmitry Kashtanov, head of the Binbank business security department: the scheme with the client’s “processing” by the voice robot is most often started at a stage when fraudsters already have logins and passwords to log into the Internet bank. It is at the stage of entering a one-time password to confirm the operation the moment of trust acquires special value. More recently, in order to extract a one-time password that came to the SMS, fraudsters were dialing in person. Now we have all the chances to communicate with the “robot”. In order to motivate the call, the robot often refers to an erroneous transaction due to a system failure. To cancel it, the robot asks to provide a one-time password, delivered to the client by SMS.
At the same time, according to Alexei Sizov, head of the department for combating the fraud of the information center Jet Infosystems, automating the fraudulent scheme deprives it of flexibility, since the live interlocutor always retains the advantage to quickly respond to the emotional state of the victim. But, on the other hand, Sizov agrees, according to statistics, auto dialing will give attackers more if the “quality” of the attack (compared to the traditional way when a person calls) decreases threefold, but the number of dialers will increase fivefold. Here, he clarifies, a lot depends on the level of professionalism and ingenuity of the robot tuners.
In the case of an automatic informer dialer, experts advise you to reset the call, call back the contact number listed on the bank’s website or your personal manager and clarify how justified are the requirements that the electronic assistant presented to you. This advice also works if a real person contacts you by phone.
For our part, we hope that the information received in time will allow our readers to avoid the problems described above.
Dear readers, we are always happy to meet and wait for you on the pages of our blog. We are ready to continue to share with you the latest news, review materials and other publications, and we will try to do everything possible so that the time spent with us will be useful for you. And, of course, do not forget to subscribe to our headings .
Our other articles and events
- Netatmo Welcome Camera Review. Good Big Brother
- Portable Hi-Fi players. Music is not with the iPhone
- Sale of useful gadgets and interesting pieces
- Jawbone UP3 vs. Xiaomi Mi Band 1S Pulse - the battle for our hearts!
- A selection of smart watches today. What changed?
- Spring discounts on Onkyo Hi-Fi equipment
- Logitech gives Tom Clancy's the Division
Source: https://habr.com/ru/post/392859/
All Articles