How does this type of scam work?
The scammers' goal is to take your money.
. To do this, it is enough to receive your full card details (number, expiration date and CVV/CVC code), create a transfer from it and confirm it with a code from an SMS that will be sent to your phone.
The most popular way to do this is to call and introduce yourself as a bank employee
. The reason could be any:
▪ aggressive: your card is blocked;
▪ neutral: we need to clarify your data, confirm the transfer from the card, etc.;
▪ seductive: you have received a transfer for several thousand, to receive it, provide your card details.
The number of options depends on the imagination of the organizers of the scheme. It is beneficial for them to change the format so that victims do not get used to it.
How do scammers find out your name and personal information?
Fraudsters don't even need to know the number
your card. A mobile number is enough.
You can often find out your name by your mobile number. In the mobile application, Sberbank will show the first name, patronymic and first letter of the last name. Tinkoff – first name and first letter of the last name.
There are other ways to find out a name by phone number. And no one was banned from Google.
Many people also often drop their card number in PM.
. This is everywhere - from parent chats on WhatsApp to fundraisers on social networks.
Next is a matter of technology. If you suddenly
a bank employee will call, call you by name and patronymic, dictate your card number,
won’t you believe him?
How to deal with scammers
The most effective way to protect yourself from scammers is to use software to block unwanted calls. There are special applications for iOS and Android with a database of compromised phone numbers, plus many firmware for Android smartphones, for example, Xiaomi MIUI, have a standard anti-spam system.
Prospects for the development of 5G within five years have been determined
Telecom
Russians with an active civic position can contact their telecom operator or bank with a message about a call from scammers and indicating the phone number. Additionally, you can write a statement to the police about attempted fraud.
Where do scammers get phone numbers to call?
Previously, bank card data was stolen mainly by single individuals. Often they were behind bars
. Mobile numbers were changed like gloves. The cards were registered to dummies.
You understand that such people have nothing
. And there is a lot of free time.
Entire call centers have now entered the game. Data is massively parsed
– phone numbers are taken from free classifieds sites, social networks, etc.
They also work on purchased databases. Most often, they are leaked by bank employees
. There is a full name, phone number and part of the card number. Least.
Finally, scammers exploit holes in the software. Through them, either customer data is stolen or money is stolen.
There is information that one well-known bank only recently closed a hole that made it possible to make a transfer without the client’s consent
. You didn’t even need a CVV – just a card number, phone number and a one-time code from SMS.
No one knows how many such vulnerabilities bring (or will bring!) someone a stable income. And he won't know.
The evolution of fraudulent schemes
A new fraudulent scheme to steal money from the population is gaining popularity in Russia. The attackers call potential victims and introduce themselves as employees of a credit history bureau, stating that unknown people want to take out a loan using their passport.
“Scammers call pretending to be employees of a credit history bureau. They inform the subscriber that they have received three or five requests for his credit history (CI) from major banks. When the victim objects that she has not submitted any applications for loans, the bureau’s pseudo-employees lead her to believe that right now someone is trying to get loans in her name,” the United Credit Bureau told RIA Novosti.
Having told about this, the scammers begin to wonder if the person has recently lost his identity documents, simultaneously finding out which banks he uses. Having specified the information they need, they notify the interlocutor that they will transfer it to the security service of his bank (or banks). All of the above is just the first part of the diagram.
How black scam call centers work
Recruiting staff for such a call center is not difficult. You don’t need to be a brilliant psychologist when there are manuals and scripts honed on real victims.
Most likely, you have even seen advertisements for similar vacancies. “An employee is required for a new call center, work in the financial sector, salary from $1000 + bonuses
” – sound familiar? They can write whatever they want in the ad. Sometimes the call center is not even mentioned.
People who want quick and easy money go to work in call centers. True, the turnover is huge. Those who are ineffective are immediately fired.
Some people can't stand it. Some people can't do it. Someone starts spending money on alcohol and drugs.
Newcomers are told to “open trades.” They are trained to speak from scripts
– pre-prepared scenarios.
More experienced ones “close deals.” They put pressure on clients not to leave.
People from prisons also sometimes work for such call centers. Especially if you already have experience. But there are relatively few of them.
Intelligent scammers
Fraudsters are finding effective ways to counter the means lenders use to identify them. They are becoming smarter and more resourceful, rarely working alone and prefer to use “kits” of fake documents in an attempt to impersonate the ideal borrower. As a rule, the lifespan of a “passport” for such a trained fraudster is very short and amounts to one or two days.
If you try to draw a portrait of a typical, mass fraudster for the capital region, it will be a 32-year-old bachelor with a higher education and a salary of 55,000 rubles per month. He purchases modern mobile phones with a memory capacity of 128 GB and a cost of more than 30,000 rubles on credit and hides from the sight of gullible creditors. Most often, typical fraudulent loans, according to statistics, are issued in the middle of the day on Monday.
How income is divided
People who worked in such schemes anonymously reported that the caller receives up to 20%
from the amount if one works.
If one person opens a deal and the other closes it, then both receive 10%
.
The rest of the money is the salary of the organizers of the schemes, payment for the “roof”, purchase of equipment, rent of offices. Money is needed to purchase data: a unique database will cost a couple of thousand dollars
, access to the general one is half the price.
Money is withdrawn through cards issued to random people. “Drops” withdraw them from ATMs.
But lately, scammers are increasingly using cryptocurrency
. It does not have legal status in the Russian Federation and often does not allow tracking transactions (especially if it is an anonymous coin like Monero or ZCash or a mixer service is used).
A large city may have several dozen firms
who engage in this type of fraud. Imagine the turnover yourself.
Take care of your passport
A passport is the main identification document; most transactions in everyday life are carried out upon presentation of it. It is precisely this that is of great interest to the attacker.
Vigilance should also be exercised when handling copies of documents, regardless of whether they are paper, scanned or just a photo. Remember, probably just last weekend you gave your passport as collateral at a bicycle or children's electric car rental point in the nearest park, or maybe you sent a scan of your passport to a travel agency to issue air tickets. Simple rules will help you protect yourself from scammers: carefully monitor your documents and their copies, do not transfer them to anyone unless necessary.
The loan application process begins with submitting an application. An application always implies a request from a bank or microfinance organization for the borrower’s credit history, which is immediately reflected in it. Data immediately appears with the name of the bank and the exact time of the request.
If a citizen has a suspicion that his data is being illegally used to apply for a loan, then he should open the list of credit history books from the central catalog of credit histories of the Central Bank, find out which bureaus store the data, request a credit report from each bureau and check the closed part of the report for requests from credit institutions. If an application is found, you must contact the organization to which this application was sent.
Why is it so difficult to understand that a scammer is talking to you?
Because they are trained specialists
. And an amateur will almost always lose to a professional.
For the creators of such schemes, breaking through bank clients is just business. Which does not stand still, but grows and develops.
Scripts are being improved. Techniques of psychological pressure are being honed. More and more detailed databases are being purchased. They work with the most vulnerable people.
Besides, not everyone reads your internet.
. A simple experiment: you can call ten elderly friends, introduce yourself as a bank employee and ask for their card details. You can write in the comments how many CVV/CVC codes you received.
Often call centers disguise real bank numbers with similar combinations of letters and numbers. As a result 900
turns into
9OO
- 9 and two letters “O”, for example.
Fraudsters use pre-recorded clips to convince you that the system is serious. Here's an example:
Similar examples are here, here and here. There are thousands of such videos on YouTube
.
But this is not a story about high technology. And about the methods of social engineering. And about trust in a person endowed with, albeit small, power. Especially if he pretends that he wants to help.
Previously, the scammers worked more clumsily, pressed with authority, and threatened. Now this is a “team of professionals”.
Each of them is ready to spend 10-20 minutes
time or more. Simple arithmetic: divide the balance on your card by 5 (20% of the amount is the income of the black call center employee). You almost certainly won’t earn that much in 10-20 minutes.
Personal experience: I gave 300 thousand rubles to scammers from the “bank security service”
On June 1, 2021, I received a call from an unfamiliar number. The man introduced himself as an employee of the bank where I have a regular main account. He said that someone changed my phone number on the account. He asked if I knew the new phone number from my profile. The number was unknown to me, and who changed it and how.
As a bank employee told me, an application for a loan in the amount of 300 thousand rubles was submitted on my behalf to a trusted person. I didn’t leave any applications, especially for large sums. Then he transferred me to the security service of the same bank, where a girl began to communicate with me.
She said that I would have to come to a specific branch of their bank because there was a leak of personal data, and it was done by one of the employees of this branch. They needed to find a specialist who does this.
During the conversation, they started calling me on the second line, I put the girl on hold and switched to a new conversation.
The new interlocutor introduced himself as an employee of the investigative committee. He began to say that this was already the thirteenth case in Moscow where bank data was leaked. He informed me that I needed to act according to the instructions of the bank's security service. And the next day come to the investigative committee and give evidence.
Mikhail Babkin,
lawyer of portal 9111
If you receive a call from the bank's security service, you need to ask for the bank branch number and promise to call back. And then hang up and call the real bank number listed on the back of your card. Fraudsters will try with all their might to hold the call; they will say that the security service number cannot be given. This is a lie. They will not be able to give you the branch number, and when you call the real number of any bank, they will confirm that real representatives of the bank have not contacted you.
I switched back to the conversation with the girl supposedly from the bank security service. She said that I can’t switch off now - there is an internal audit of the bank. Then she asked how long it would take me to get to the department she named. I needed about two hours.
The girl offered to call me a taxi at the bank's expense, and I agreed. True, I had to pay for the taxi (cash payment was selected in the application), but they promised me that everything would be compensated later. Since the taxi was ordered by a girl, I decided that they had all the documents to reimburse the cost.
I continued talking to the girl all the way to the bank. While I was driving in the car, at the same time as the call, a “bank employee” wrote to me on WhatsApp. He also gave instructions on how to act. I didn’t pay attention to the errors in the text of the messages, I thought that these were typos and that the specialist was in a hurry.
While I was driving, they called me three times from different numbers, but I stayed on the line with the girl. She said that the same people who leaked my data could call me, so there is no need to pick up the phone.
The fact that they stayed on the line with me and wrote to WhatsApp at the same time did not seem strange only because they distracted me with conversations and did not allow me to hang up.
How I got a loan from a bank
Before I entered the bank, I was given detailed instructions on how to behave and how to act:
- If the employee said that the loan had already been issued in my name, I should have left the bank and received new instructions over the phone. The girl was still on the line all the time, the call was not interrupted.
- And if only the application was ready, and the loan process began in front of me, I had to stay at the bank until the documents were ready. According to the girl, this will mean that in front of me is the very employee who is leaking the information.
I went into the bank, took a coupon and got to the first available manager. He said that there was an application in my name for a loan of 300 thousand rubles. We processed it, and the money was immediately credited to my account.
Pyotr Gusyatnikov,
senior managing partner of the law firm PG Partners
There are two ways to change bank client data in his profile. Either on the client’s side (using his login and password), or on the bank’s side (when changes are made by his employee).
If a client discovers changes in his data that he did not make, then either access to his profile was hacked, or it was done by a dishonest bank employee.
Fraudulent actions on the part of the bank are extremely rare - employees are constantly checked. Most likely, the scammers hacked the heroine’s email, accessed her profile on the bank’s website via email and replaced her contact information.
Then they filled out an application for a loan, indicating as contacts a new email or phone number that belonged to them. When the application was approved, they called the girl and persuaded her to come to the branch to complete the loan.
The heroine of the article applied for a loan, signed the documents herself and answered questions from a bank employee. She personally received the money on her card. Until this moment, she had not risked anything. After that, responsibility passed to her.
How did I get a new card?
After the money arrived in my account, I left the branch to get new instructions from the girl on the phone. She asked to withdraw all 300 thousand rubles from the card. I couldn't do this because I left my card at home. To which they told me that I could immediately issue a new card and attach it to the same account. Which is what I did.
I was given a new card without a name, immediately and without an envelope. I told my interlocutor about this on the phone. She replied that this should not be the case, and for security purposes the card should be issued in an envelope. Then I asked the manager at the bank why this happened. It turned out that the envelope was no longer needed.
Why is the card issued without an envelope?
Svetlana Alexandrova,
Alfa Bank consultant
Cards are indeed now issued without an envelope. Bank employees carefully observe banking secrecy. Compromise of card data is excluded. Previously, the envelope contained the PIN code for the card. Now the cardholder can immediately come up with his PIN code by entering it at an ATM or contacting the bank manager.
Next, the girl who called said that she needed to withdraw all the money from the card in order to close the loan and not pay interest. It was possible to withdraw money at the same bank branch, which is what I did.
How I transferred money to scammers
After that, they ordered a taxi for me, and I went to the ATM of the same bank, but at a different address. Allegedly, this had to be done in order to deposit money to close the loan, but at the same time not arouse suspicion, because an internal audit of the bank was underway. In this case, I paid for the taxi myself, and they also promised to compensate me for the cost.
An ATM at another address generated a technical error when attempting to deposit funds according to their instructions. Then they informed me that there was a technical glitch in their system and it would not be possible to repay the loan through their bank’s ATM, but you could try to do it through a partner’s ATM.
As a result, I had to take a taxi at my own expense with the promise of future compensation to three ATMs of different banks. None of them worked. Now I suspect that they deliberately confused me in this way, driving me to different places and not allowing me to come to my senses.
Then the girl allegedly switched me to a technical support specialist, who called a working ATM in the shopping center. He said that all 300 thousand rubles must be deposited into “insurance cells” using the Tele2 phone numbers, 15 thousand rubles for each “cell”. In fact, it was just replenishing various Tele2 accounts, but then everything seemed logical. The specialist said that the money would be frozen and used to pay off the debt.
All phone numbers were dictated by a technical support specialist. Each time the payment was made with a commission of 500 ₽, but the employee reassured me and said that the bank takes on the commission.
I deposited 15 thousand rubles into 5 different numbers, and then the phone began to die. I told the bank employee about this, but he reassured me and offered to buy a charging unit right there in the shopping center, promising that this money would also be used to repay the loan.
So I bought a charger (for about 1300 ₽), and at that moment I began to have doubts and panic began. I tried to call the real bank number, which is on the back of the card. But only two rings passed, then for some reason the call was dropped, and the same girl “from the security service” immediately called me. I decided that I was communicating with the bank and calmed down. I never contacted the actual bank employees.
The girl again transferred me to a technical specialist. I returned to the ATM and deposited all the remaining money into the numbers that the man dictated to me. When I finished transferring the money, he asked me to send photos of the deposit receipts to the same WhatsApp number from which the correspondence was previously carried out.
I sent the checks and asked what I should do next. They told me that I could just return home. It was very strange: there was no need to go to the bank, I was not offered to pick up any documents there, and they did not even confirm the repayment of the loan.
As a result, I called the real bank number listed on the back of the card and told about what was happening. A bank employee checked the information and said that no money had been deposited into the account, and that all recent actions were fraudulent. He advised calling Tele2 and the police in order to get the money back in time.
How I contacted the police
I called Tele2, but it turned out that the money had already been withdrawn, and now they couldn’t help me. After that I contacted the police. I called 112, a police car came for me, and we went to the police station closest to the crime scene.
At the department, I wrote a statement about fraud and attached all the documents to it:
- card statement;
- loan documents;
- details of calls to my phone;
- receipts for replenishing the balance of phone numbers.
The investigator questioned me in detail about what happened and opened a criminal case. They promised to contact me as soon as they knew something.
How I tried to return stolen money through the bank
I went to my personal account on the bank’s website and found out that my personal email had been changed there: someone had hacked my profile.
A day later, when I managed to realize what had happened, I wrote a complaint to the bank via their official email. I outlined all the events and asked them questions: how the scammers were able to change my email and how they even know my data. She asked to conduct an internal investigation, identify the reasons for the violation of bank secrecy and compensate me for moral and material damage in the amount of the loan taken. She mentioned that she didn’t leave her information anywhere.
In response, they informed me that they observe banking secrecy, and there were no information leaks. They changed my email and they didn't answer me. They simply advised us to contact the police to identify the perpetrators.
According to Pyotr Gusyatnikov, scammers have always been creative. They can download malicious software onto the phone that gains access to mail, messages, even banking applications. To prevent this, you need to control what is installed on the phone (for example, do not open unknown links from messages), and also install an antivirus on the device.
“Another way to replace your email is to hack the email associated with your profile and log into your mobile bank through it. Then change the email in your profile to a new one and save. To prevent this, you need to have a strong password made up of capital and small letters, numbers and periods,” says senior managing partner of the law firm PG Partners.
Three days after the scam, the scammers wrote to me again, asking how I was doing, and offering to return the money to my account. I didn’t answer, but immediately called the police and told them about it. The investigator who is leading my case promised to call me back. But he still hasn’t called. I think the scammers were actually writing to try to steal more money from me.
What to do if you transferred money to scammers
Oksana Sidorenko,
Chief Legal Advisor at Pravocard
It is impossible to determine who is the culprit in this situation - the bank or the scammers. You can only get your money back through the court or through a bank:
- You must immediately contact the bank with a request for a refund and a request to conduct an internal investigation. The application form can be taken from a bank branch or completed in free form.
Need to:
· describe the events that took place;
· indicate the details of the victim;
· Attach documents that can confirm what happened.
You can send it by registered mail with notification or take it to the bank, asking to accept it and indicate the incoming request number. You can also send it to the official email of the bank.
The bank is obliged to provide a response within 10 working days. If he admits a data leak or illegal enrichment, then the money is returned to the client. If he does not admit it, and the leak is obvious, you need to contact the investigative committee with a statement - a demand to conduct an audit of the activities. If the bank ignores what is happening, also contact the investigative committee or the Central Bank.
- At the same time, you need to contact the police with a fraud report. Whether there was fraud can only be determined by the police and the court, which can subsequently sentence the fraudsters.
Getting your money back in this situation will not be easy. It depends on whether the culprit is identified and how the bank behaves.
- If the scammers are arrested and the court sentences them, it will be possible to file an application to recover money from them. A template for such a statement of claim is available on the websites of district courts, for example here or on the consultant’s website.
- If the police do not find the scammers, you need to go to court with a claim for reimbursement of money and removal of debt. The statement of claim is written in free form, but it is better to contact a lawyer to draft it, as there are many legal subtleties that need to be taken into account. This service costs from 1000 ₽. The court may take the client’s side and oblige the bank to cancel the debt. But he can also side with the bank. In this case, you can appeal to a higher court. The practice of appeals is very different, so the court’s decision depends on the specific case and the amount of evidence on each side.
If you really need a loan
Calculator Compare.ru
