About scammers and people

Bank fraud has become part of everyday life. Methods of attackers are becoming more sophisticated: often the victim does not immediately understand what happened.













We have collected several stories told by the victims and are freely available, and examined them in terms of the actions of attackers. Webself articles about how he drove scammers by the nose were also useful to us. Details under the cut.







What's happening?



Many stories are similar to one another: the victim is called from the bank number (or a very similar one) and asked to confirm the transaction, which, of course, no one committed. If the victim has questions, fraudsters skillfully rub into trust, giving details about finances that in an ideal world can only be known to the bank and the victim. Money from the victim’s accounts goes to the account of a third party, from where they will be withdrawn later. Attackers always have fallback options in case the victim encounters difficulties or asks too many questions.







We will not discuss who exactly deals with such matters, and leave aside the question of ethics. We are interested in the technical side of the actions of fraudsters, as well as ways to protect against them.







The information is provided for informational purposes only. The author is not responsible for any harm that may be caused after reading this article.







Where do the attackers get the data from potential victims? After all, this is not only a full name and a phone number, but also a code word, state of accounts and deposits, recent transactions. There are shadow platforms on the darknet that specialize in receiving and selling such data. This has been written in detail before us.







Having received the data of potential victims, scammers must create a legitimate cover. Here they have at least two options: choose a number very similar to a bank number, or replace your number with a bank number.







The second method is much more dangerous, since the victim, by googling, will make sure that the number belongs to the bank and continue the conversation.







Obviously, the substitution of numbers is a shadow service, which is provided by dozens of services. As a rule, this is done using SIP telephony, a subspecies of IP telephony. The servers, of course, are located outside our country, so law enforcement agencies will not investigate their activities.













Having reached the victim, the fraudster begins a social engineering session, the purpose of which is to get the maximum possible amount of money. If you omit the nuances, then you can divide all the cases into several groups:









Typically, scammers act on a script that branches depending on what the victim says. This indicates the level of preparation of scammers and their determination :)







We tried to systematize the most common actions of scammers. The diagram below shows the results.













What to do?



Now we will talk about several ways to protect. They may seem obvious to some, but the continued success of fraudsters is a good reason to repeat what has been said many times.









PS It is interesting that in situations where fraudsters replace their number with a bank number using SIP-telephony, a call to an incoming number (bank number) in most cases will lead you to a conversation with a bank employee. This is possible because the substitution of the number works only in one direction.




That's all for now. Be careful.








All Articles