10 October 2019
Almost all money thefts (97%) from the individuals and 39% of money thefts from corporate accounts in 2018 were committed using social engineering tricks, i.e. fraud. The Financial Sector Computer Emergency Response Team (FinCERT) at the Bank of Russia has arrived at this conclusion.
The number orunauthorizedtransactionson corporate accounts has been decreasing since 2015: 1.47 billion roubles were stolen in 2018, which is 7% less than in 2017 (1.57 billion). On the contrary, the same kind of operations on bank cards is growing: 1.384 billion roubles stolen in 2018, which is almost a third more than in 2017 (0.961 billion). The Bank of Russia is concerned with the social engineering issues, said Governor of the Bank of Russia Elvira Nabiullina, according to Interfax, the leaks also occur due to gullibility of bank customers. “Ifsomeone is calling you asking for your bank details, you should hang up and call back your bank’s customer service, you can find the phone number on the back of the card. It’sbasiccyberhygiene, these things must be developed using advanced technology,” she said (as quoted by Interfax). Compensating bank customers requires consideration, thinks Nabiullina, increasing responsibility of the banks must be discussed, while the main focus has to be financial literacy of the customers themselves.
This year, a new banking scam emerged: frauds can now substitute their incoming numbers with the bank customer service numbers. Buying bank customer databases that include the customer’s full name and phone number, passport details, and card numbers, and pretending to be bank security officers, they find out the missing card or account details on the pretext of blocking suspicious transactions. After that they steal the victims’ money. From September 2018 to September 2019, FinCERT submitted 5,000 phone numbers with the 8-800 prefix to be blocked in the signalling system, which is 38 times more than between September 2017 and September 2018.
Malware is one of the main cybercriminals’ tools: emails containing virus-infected files or links to websites are actively used to attack financial institutions and their customers. In 6 months, FinCERT detected almost 13,000 ads for buying or selling various databases, 12% of which were for data bases about lending and financial organisations.
The leak of Sberbank customer data was the most prominent. On 3 October, the media reported that the bank’s database was on sale on the darknet, subsequently Sberbank admitted a leak of data on 200 customers. A week later, however, another share of data turned up on the darknet, which made Sberbank to admit that the number of victims added up to 5,000.
Thosecards have been re-issued; the money is safe. Thebank security service withdrew all the stolen data, promised the bank. Theinternalinvestigation confirmed that the data had been stolen by a Sberbank employee.
TheBank of Russia promised to discuss stricter liability for cybercrimes, said Elvira Nabiullina to reporters at FINOPOLIS 2019 (as quoted by Intefax), “We do think that the liability for crimes in this area must be stricter. We are going to discuss specific proposals with the market stakeholders.”