Savvy users divert money from banks by rounding currency during conversion
Computer security specialists from the company Positive Technologies have revealed a scheme of fraud , which this year began to actively use to generate income, some users of the Internet bank and mobile bank.
Description, briefly (for Alfa-Bank, see comments ):
According to experts, especially persistent users earn in this way up to 15,000 rubles per month.
Positive Technologies explains that this fraud scheme is called “rounding attack” and has been known for a long time, since the advent of online games. In Russia, it was actively used in 2016, using the vulnerabilities of remote banking systems.
According to the company, 25% of Internet banking and mobile banking systems of Russian banks (Internet and mobile banks) are subject to rounding attacks.
“If 10–50 thousand rubles are stolen from a bank within a month, then this fact most likely will not be disclosed,” said Timur Yunusov, a senior expert at the security systems department at Positive Technologies. “Banks will disclose information on embezzlement and leakage only when they are stealing money from customers or if the hacker attack“ bankrupts ”(we are talking about millions of thefts).”
Representatives of the banking industry, on condition of anonymity, shared information that there is a less laborious fraud scheme when a client creates a request for an exchange, then waits for a change in the course to a profitable side, and only after that confirms the old application with a password. Since the application was created at the old rate, it changes according to the old rate.
Description, briefly (for Alfa-Bank, see comments ):
1. The Internet Bank user transfers, relatively speaking, 29 kopecks into dollars. If the rate of this currency is 65 rubles, then the amount of 29 kopecks corresponds to $ 0.004461.
2. When converting, the bank rounds the amount to two decimal places, that is, to $ 0.01.
')
3. The fraudster transfers 1 US cent back into rubles. As a result of the transfer, he will receive 0.65 rubles (65 kopecks).
4. The net profit from the operation is 0.36 rubles (36 kopecks).
According to experts, especially persistent users earn in this way up to 15,000 rubles per month.
Positive Technologies explains that this fraud scheme is called “rounding attack” and has been known for a long time, since the advent of online games. In Russia, it was actively used in 2016, using the vulnerabilities of remote banking systems.
According to the company, 25% of Internet banking and mobile banking systems of Russian banks (Internet and mobile banks) are subject to rounding attacks.
“If 10–50 thousand rubles are stolen from a bank within a month, then this fact most likely will not be disclosed,” said Timur Yunusov, a senior expert at the security systems department at Positive Technologies. “Banks will disclose information on embezzlement and leakage only when they are stealing money from customers or if the hacker attack“ bankrupts ”(we are talking about millions of thefts).”
Representatives of the banking industry, on condition of anonymity, shared information that there is a less laborious fraud scheme when a client creates a request for an exchange, then waits for a change in the course to a profitable side, and only after that confirms the old application with a password. Since the application was created at the old rate, it changes according to the old rate.
Source: https://habr.com/ru/post/394037/
All Articles