Phone fraud as part of the Ukrainian problem – Sber study
Up to 90% of the call centers created with a criminal purpose, working against citizens of the Russian Federation, are in Ukraine, the rest are located in the CIS countries, follows from the report “Analysis of fraudulent calls from the territory of Ukraine. Participants and numberspublished on Thursday by the bank.
The total amount of funds stolen by criminals from fraudulent Ukrainian call centers reached 75 billion rubles in 2020.
In the report, Sber experts analyze well-known fraudulent SIP services (Session Initiation Protocol, a data transfer protocol used for IP telephony), provide statistics on fraudulent calls, consider scenarios for deceiving citizens of the Russian Federation and citizens of other states, and also offer a set of measures to counter criminals.
According to Sberbank, in 2022, fraudsters made 1.5 billion attempts to call bank customers in order to steal money by fraud. Over the past six months, only in Sberbank, such attempts have affected more than 65% of the client base. About five million calls are made per day, including with the help of robots.
See also: Kaspersky Lab on the situation with telephone fraud in the first half of the year >>>
Years of telephone fraud continued until the start of a special military operation. In January 2022, Sber customers complained to the bank about fraud 250,000 times; in February, 264,000 requests were recorded, a 6% increase. After February 24, 2022, a complete stop of the “fraudulent conveyor” was recorded.
However, a month later, a gradual increase in calls began, although the intensity decreased: if before the special operation the number of complaints averaged 11 thousand per day, then from March 20, 2022 – two thousand per day.
Sber experts name the reasons for this fall: the liquidation of existing call centers in the annexed territories (Berdyansk, Melitopol, Kherson, etc.), attacks on the energy infrastructure of the main cities of location (Dnipro, Kharkiv, etc.), work carried out by specialized federal executive authorities and telecom operators to put things in order in telephony.
See also: Head of the Federal Penitentiary Service: call centers in the colonies are “made up” >>>
As noted in the bulletin, in order to mislead citizens, attackers use telephone numbers of the Moscow region, credit organizations, state authorities and law enforcement agencies.
The substitution of subscriber numbers is also used for the purpose of committing acts of an extremist and terrorist nature, drug trafficking, materials with pornographic images of minors, driving to suicide, involving children in committing actions dangerous to their lives and other illegal acts.
Currently, a cyber war is actually being waged against Russia. The stolen money is used to finance nationalist groups, Sberbank concludes.
In theory, a technical solution to the problem should be a call verification system, which is mandatory according to the requirements of the Federal Law “On Communications” for operators to connect from January 2023. However, this system is currently not available and it is impossible to assess its effectiveness.
See also: Antifraud system requirements approved >>>
Recall, responsibility for telecom operators for skipping a call from a replacement number from a foreign operator was introduced by Federal Law No. 480-FZ of December 31, 2021. The prohibition of number substitution installed law, signed president in June 2021.
Currently, more than 30 operators, due to illegal actions of which it became possible to commit crimes with the substitution of a telephone number, have been brought to administrative responsibility. Some of them have been involved more than once, the bulletin says.
See also: For the first time in the Russian Federation, an operator was fined for substituting a phone number >>>
At the same time, the imperfection of the legislation on communications, the lack of other levers of influence on unscrupulous operators do not allow law enforcement agencies to effectively combat IT crime.
The main problems and visible ways to solve them are:
- Ease of obtaining licenses and gaining access to the communications services market. In order to prevent unscrupulous players from entering this area, it is necessary to simplify the procedure for canceling a license, giving the right to apply to the court, including the prosecutor’s office, as well as the possibility of out-of-court settlement of the issue by the licensing authority in case of repeated violations of legal requirements by the telecom operator.
- The vast majority of calls with spoofed numbers come over VOIP networks and are transferred by operators to telephone networks. However, at present, the procedure for connecting VOIP networks to telephone networks has not been regulated. There is no prohibition on transferring an IP call from the data network to the telephone network in the legislation. It is necessary by federal law to prohibit operators from transferring a call from VOIP networks to telephone networks, or to regulate the procedure for such connection, providing for serious administrative liability for non-compliance with the law.
- In the event of a crime, it is important for law enforcement agencies to establish the source of the call as soon as possible. To do this, operators are required to provide information either about the fact that the call was initiated by its subscriber, or about the operator from which they received the call. However, this cannot be done due to the lengthy procedure for establishing the entire traffic transmission chain and determining the first operator who missed the criminal call, as well as due to the unwillingness of telecom operators to provide information without a court decision.
To eliminate uncertainty and legislate the obligation of telecom operators to provide such information at the request of authorized bodies without a court decision and within a limited period, it is necessary to make appropriate additions to the Federal Law “On Communications”. At the same time, administrative liability should be provided for failure to fulfill this obligation.
It is also proposed to establish criminal liability for employees of telecom operators for repeated violation of the law on communications, resulting in significant harm to the rights and legitimate interests of citizens (organizations) or the interests of society or the state.