Russians have been warned about a new fraudulent scheme. Criminals are creating virtual bank cards, extorting personal data from the victim. Then, fraudsters steal money through ATMs with contactless technology. Here's what you need to know to protect your savings.
What is known about the clever scheme
The press service of the Central Bank of Russia reported a new scheme used by fraudsters to create virtual images of bank cards. According to the regulator, fraudsters contact potential victims by phone or through messengers and report an attempted theft of funds.
Then they convince the victim to install a fake Central Bank application, ask them to launch it and enter a confirmation code from the bank, supposedly for authorization. Thus, they obtain the necessary card details.
What is a virtual card image?
A virtual card image is a digital copy of it that allows access to funds, said Eryania Bochkina, an analyst at Banks.ru portal. At the same time, no physical medium is required - it is enough to have a phone at hand. This opens up the possibility for fraudsters to remotely withdraw money from the card using only their device.
The scheme with creating a virtual image by installing an application on the victim's phone is quite new. However, virtual cards have been used in fraudulent schemes before.
The State Duma is currently discussing a bill that prohibits transferring more than 50 thousand rubles to virtual cards within two days after their opening. A similar opportunity is planned to be provided to banks by the National Payment Card System (NPCS).
Marina Probets, an Internet analyst and expert at Gazinformservice, notes that creating full-fledged functional virtual images of bank cards is a relatively new and complex method of fraud. However, experts have already recorded similar scams using malicious programs, when attackers manipulated the trust of their victims.
Previously, among the methods used by attackers were phishing, data theft using keyloggers and Trojan viruses that stole information about bank cards. Screen sharing, that is, screen recording, was also often used to obtain data from mobile devices. However, this usually required physical access to the device or its prior infection.
The scheme described by the Central Bank differs in that criminals seek to gain functional access to the card remotely, imitating the operation of a legitimate application. This makes it more dangerous and difficult to detect.
What are the dangers of using virtual images of bank cards by fraudsters
Using virtual card images for fraud poses a serious threat, as it allows financial transactions to be carried out on behalf of the victim unnoticed, says Marina Probets. Unlike traditional methods of data theft, when fraudsters only learn information about the card, in this scheme they gain full access to the victim's funds.
This allows them to make contactless payments, transfers and other operations, virtually eliminating the possibility of quick detection of fraud.
As a result of this scheme, the victim faces large financial losses and severe stress associated with lengthy proceedings and attempts to recover their money.
However, the risks do not end there. According to Nikita Leokumovich, Head of Digital Forensics and Cyber Intelligence at Angara SOC, virtual card images are one way to conduct transactions without the client's consent.
This means that the victim not only loses the ability to control the movement of funds in their account, but also becomes part of a criminal chain that uses stolen or transferred bank cards to withdraw and cash out funds. If such a dropper account is detected by the regulator or banks, it will be entered into the database of fraudulent accounts of the Bank of Russia.
How to protect yourself from scammers
Experts urge to be especially careful about installing any applications, especially those that request access to screen functions, camera, microphone and other sensitive data.
The most important rules:
Install applications only from official stores, such as Google Play or App Store, and be sure to check reviews and ratings.
Never download applications that are offered to you by phone or in suspicious messages.
It is important to regularly update the operating system and antivirus software on your smartphone.
If you receive suspicious calls or messages on behalf of the bank, contact the bank yourself at the verified phone numbers listed on the official website or on your bank card to confirm the information.
According to Roskomnadzor, 200 notifications of personal data leaks were recorded last year. This is 180 cases less than in 2023. Most often, data leakage occurred in companies engaged in trade and provision of services. In the year before last, the leaders in the number of leaks were organizations from the fields of insurance, medicine, trade and education.
Read more on the topic:
Attackers began to use a new method of stealing one-time passwords from Russians
How to reduce your digital footprint on the Internet: several effective ways
The Russian region with the highest level of IT crime has been named
Scammers attack Russians through Telegram secret chats
