Fraudsters began to use the review sites VC and Banki.ru to deceive bank customers
Fraudsters have invented a new scheme of deception, with which they are trying to mislead bank employees and steal money from accounts. To do this, attackers use fake reviews on major industry sites VC.ru and Banki.ru, which consumers usually use to review companies. In their messages, the kidnappers press for pity, use insults and threats to force bank employees to carry out transactions that the security service previously blocked as suspicious.
A new fraud scheme, in which fraudsters tried to steal millions of rubles from customers, was reported at the Tinkoff Center for Ecosystem Security. They also noted that fraudsters for the first time apply social engineering methods not only to bank customers, but also to employees.
“First, scammers use social engineering methods to convince bank customers to transfer their money to them. However, such money transfers have special characteristics, according to which the fraud monitoring service detects and blocks them to verify the legitimacy of the transaction. As a result, the attackers cannot get the money,” – explained in Tinkoff agency “TASS”.
In order to force the security service to allow a blocked transaction, scammers write fake messages on behalf of angry customers and publish them on review sites about the quality of banking services. They use loopholes in site moderation, allowing you to publish messages without verifying the identity of the author. In their posts, the attackers scold bank employees, asking them to look into the situation and unblock the operation as soon as possible in order to eventually steal money. For verification, the bank’s security team contacted real customers who confirmed that they did not publish reviews on the sites, and the text describes a fictional story. After that, the fraudulent transaction was canceled and the money remained in the account.
“Scammers publish posts on VC.ru and Banki.ru on behalf of the clients themselves, and also convince the clients themselves to write reviews,” – reported in Tinkoff.
There are cases when scammers even convince customers to leave reviews on their own behalf. Being under psychological pressure, they describe fictitious situations in order to speed up the unlocking of funds on a tip from intruders. According to Tinkoff Zashchita, since the beginning of spring, employees have helped dozens of people save their funds, which fraudsters tried to withdraw from their accounts in this way. Recently, about 15 reviews have been identified, written both by the attackers themselves and by deceived customers. The security service of the bank blocked the transactions and prevented the withdrawal of more than 3 million rubles from the accounts.
Tinkoff employees advise customers not to trust scammers who promise quick enrichment or threaten to leak personal data and just hang up. If the attackers pose as employees of Tinkoff or the Central Bank, it is better to call these organizations on official numbers and check whether the call really came from there. And most importantly, do not disclose personal payment information to anyone, especially the three-digit code written on the back of the card, the code word, as well as codes from SMS and push notifications.