Russians have been warned about a new fraudulent scheme. Criminals are creating virtual bank cards by tricking victims into revealing personal data. Then, the fraudsters steal money through ATMs using contactless technology. Here's what you need to know to protect your savings.
What is known about the clever scheme
The press service of the Central Bank of Russia reported a new scheme used by fraudsters to create virtual images of bank cards. According to the regulator, fraudsters contact potential victims by phone or through messengers and report an attempted theft of funds.
Then, they convince the victim to install a fake Central Bank application, ask them to launch it, and enter a verification code from the bank, supposedly for authorization. In this way, they obtain the necessary card data.
What is a virtual card image?
A virtual card image is a digital copy of the card that allows access to funds, said Eryania Bochkina, an analyst at Banki.ru portal. This does not require a physical card; it is enough to have a phone at hand. This opens up the possibility for fraudsters to remotely withdraw money from the card using only their device.
The scheme of creating a virtual image by installing an application on the victim's phone is quite new. However, virtual cards have been used in fraudulent schemes before.
The State Duma is currently discussing a bill that prohibits transferring more than 50 thousand rubles to virtual cards within two days after their opening. A similar opportunity is planned to be provided to banks by the National Payment Card System (NSPK).
Marina Probets, an internet analyst and expert at Gazinformservice, notes that creating fully functional virtual images of bank cards is a relatively new and complex method of fraud. However, experts have already recorded similar scams using malicious programs, where attackers manipulated the trust of their victims.
Previously, the methods used by attackers included phishing, data theft using keyloggers and Trojan viruses that stole information about bank cards. Screen sharing, i.e., recording the screen, was also often used to obtain data from mobile devices. However, this usually required physical access to the device or its prior infection.
The scheme described by the Central Bank differs in that criminals seek to gain functional access to the card remotely, imitating the operation of a legitimate application. This makes it more dangerous and difficult to detect.
Why is the use of virtual bank card images by fraudsters dangerous?
Using virtual card images for deception poses a serious threat, as it allows financial transactions to be carried out on behalf of the victim unnoticed, according to Marina Probets. Unlike traditional methods of data theft, where fraudsters only learn information about the card, in this scheme they gain full access to the victim's funds.
This allows them to make contactless payments, transfers, and other operations, virtually eliminating the possibility of quickly detecting fraud.
As a result of this scheme, the victim faces large financial losses and severe stress associated with lengthy proceedings and attempts to recover their money.
However, the risks do not end there. According to Nikita Leokumovich, head of digital forensics and cyber intelligence at Angara SOC, virtual card images are one way to conduct transactions without the client's consent.
This means that the victim not only loses the ability to control the movement of funds in their account but also becomes part of a criminal chain that uses stolen or transferred bank cards to withdraw and cash out funds. If such a dropper account is detected by the regulator or banks, it will be entered into the database of fraudulent accounts of the Bank of Russia.
How to protect yourself from fraudsters
Experts urge caution when installing any applications, especially those that request access to screen functions, camera, microphone, and other sensitive data.
The most important rules:
Install applications only from official stores, such as Google Play or the App Store, and be sure to check reviews and ratings.
Never download applications that are offered to you by phone or in suspicious messages.
It is important to regularly update the operating system and antivirus software on your smartphone.
If you receive suspicious calls or messages on behalf of the bank, contact the bank yourself using the verified phone numbers listed on the official website or on your bank card to confirm the information.
According to Roskomnadzor, 200 notifications of personal data leaks were recorded last year. This is 180 cases less than in 2023. Most often, data leaks occurred in companies engaged in trade and the provision of services. In the year before last, the leaders in the number of leaks were organizations from the fields of insurance, medicine, trade, and education.
Read more on the topic:
Attackers have begun to use a new method of stealing one-time passwords from Russians
How to reduce your digital footprint on the Internet: several effective ways
The Russian region with the highest level of IT crime has been named
Fraudsters are attacking Russians through secret Telegram chats
