IT NewsSecurity News
Over the past four years, unauthorized online transactions using data from customers’ bank cards have become a real challenge for the banking industry. Main reasons –
development of remote payment services, growing popularity of e-commerce sites among customers and increasing the share of card turnover, on the one hand, relative ease and scalability
attack scenarios, on the other.
In 2019, over 577 thousand fraudulent transactions using bank card data totaling 6.4 billion rubles were recorded in Russia (according to the Central Bank). Banks were able to reimburse customers
only 15% of all operations or every 7th stolen ruble. 69% of all operations were committed as a result of prompting customers to conduct the operation independently by fraud or
breach of trust.
In 2020, phishing remains the most favored scheme among cybercriminals. Trusted customers are increasingly being offered “cheap purchases” and “refunds” of money for goods at major sites
e-commerce. To do this, the “seller” in a personal message offers to go to a page that simulates an e-commerce resource page, and offers to enter card data. After receiving the card data
scammers use them to pay for online purchases, try to withdraw funds using a card-to-card transfer, or sell them on Darknet. To lull customers’ vigilance, scammers use such
wordings like “transferred the goods to the delivery service”. They explain the refusal of a safe transaction on the site’s website by this and offer to make a “secure payment” or “secure transaction” through a link,
which is sent to customers in an SMS message.
According to statistics from Kaspersky Lab, since the beginning of 2020, the base of fraudulent companies has already replenished with more than 4 thousand Russian-speaking phishing resources that pretend to be known
online shopping. Raiffeisenbank continuously monitors external threats to its customers and refine current rules and algorithms to counter new fraudulent schemes. However
The main tool in the fight against social engineering is vigilance and digital hygiene by the customers themselves. To do this, it’s enough to act more consciously to any SMS messages
and incoming calls about data from bank art.
To protect themselves from the tricks of fraudsters during online purchases, information security specialists at Raiffeisenbank recommend paying attention to the following points:
– Real online stores or e-commerce squares always use the principle of safe transaction;
– Carefully evaluate the offer: if the cost of goods is much lower than in other storesthese are probably scammers;
– Before buying, study the site: read customer reviews, check how and when delivery is carried out, is there a pickup point for goods, etc .;
– A separate suspicion should cause using insecure http protocol instead of https;
– better to use unique complex password for each account online stores. Do not use passwords from social networks and banking applications;
– Before entering map data, check the name of the resource on which you enter it. Go to the payment links only with proven resources. Start
a separate card for online shopping and replenish it with the desired amount immediately before payment;
– Plug in sms-information and regularly view card transactions in a mobile application. This will reduce the risk that the amount will be
deducted unnoticed, and will help prevent further deductions when the card is blocked in a timely manner.
We expect that over 2020, social engineering will remain the main vector of fraudulent attacks. Only joint actions of the CBR, the banking community and decision makers
information security will help counter fraudsters. Raiffeisenbank will continue an information campaign aimed at increasing cyber and financial literacy in order to increase
Awareness of our customers.
Director of North-West Regional Business Raiffeisenbank
Magazine: IT News Magazine, Magazine Subscription