The more banks care about the safety of their customers, the more resourceful the fraudsters become. Every year they come up with new ways to deceive citizens and steal money. 2019 was no exception. Through social networks, information is rapidly spreading about a new fraudulent scheme, the victims of which are Sberbank's clients.
How scammers work
If earlier citizens, more often than not, lost their money due to carelessness and gullibility, then in 2019 scammers are making every effort to lull the vigilance of potential victims. The new scheme of deception is so plausible that people, without a shadow of a doubt, share confidential information with scammers. Sberbank clients publish detailed posts on social networks about how scammers operate.
The victim's phone receives a call allegedly from the Sberbank customer support center. Sometimes the fraudster introduces himself as a supervisor or security officer. Moreover, the user sees a well-known combination of numbers as an outgoing call number: +7 (495) 500-55-50 or 900. These numbers are indicated on the back of the plastic card and on the official website of the credit institution.
When talking to the fraudster, the sounds of the customer support service are heard in the background: conversations of other operators, mentions of Sberbank, requests to stay on the line.
The person is notified that funds are being debited from his bank account at the moment. The interlocutor offers to verify the number of the Sberbank card and calls it absolutely correctly. Also, the fraudster is aware of the full name, place of residence, passport data of his victim. In short, a person has almost no reason to doubt that they are being spoken to from the office of a financial institution.
Further, for additional distraction, there is a clarification of the reasons why the fraudsters took possession of the card: whether the client has lost it, how long has he used an ATM, whether he has linked new numbers to his personal account. At the same time, the "bank employee" at first does not try to find out any specific information, is not interested in the CVV2 code, which swindlers have always tried to seize before. He also knows the exact amount on the client's account or confidently lists the latest card transactions. And imperceptibly he gets to the most important thing - the code word, which is necessary if the client contacts Sberbank by phone.
Sometimes they use another version of deception. People are sent SMS messages from the official numbers of Sberbank about attempts to withdraw funds. Then “caring employees” call from the support service and ask them to name the same code from SMS, with which the illegal operation will be canceled. In fact, by reporting this data, the client, on the contrary, loses his money.
The roots of the problem
The main reason for the activation of fraudsters is that they managed to take possession of users' personal data. Some telegram channels openly trade personal information. For 2-3 thousand rubles by phone number they provide information about the card number and operations on it. Prices for passport data are higher - from 5 thousand. They even sell scans of passport pages, SNILS policy, TIN.
Information security specialists talk about information leakage through Sberbank employees. Perhaps, the prosecutor's office will soon be involved in the initial link in this criminal scheme.
The company DeviceLock, which develops software for protecting personal data, previously announced theft of information about clients of other large banks in Russia.
As for the real number of Sberbank, from which the calls are received, the bank advised to contact the mobile operators for comments. According to experts, the phone number can be faked using special programs. It is also technically possible to get through from a real Sberbank line, but scammers cannot intercept an incoming call. Mobile operators, in turn, block fake numbers like 900 or 8-800.
Safety regulations
In response to numerous complaints, Sberbank reminded customers of simple rules on how to protect themselves from the encroachments of fraudsters. One of the main concerns is that employees of a financial institution almost never call people themselves. Most often, they automatically block cards in case of suspicious actions and wait for the owner to get in touch by contacting the branch of the credit institution in person or by phone.
As mentioned earlier, scammers can fake an outgoing call number, but they cannot intercept an incoming call. Therefore, you should always call the bank's support service yourself.
Sberbank once again reminds that you should never provide your card details, code words, SMS content or one-time passwords. At the slightest suspicion, it is better to end the conversation.
Despite the widespread publicity, the Central Bank is just watching the situation. According to the management, there is no reason for panic, and the problem has not become widespread. Like any credit institution, Sberbank constantly updates front monitoring systems aimed at assessing and tracking suspicious financial transactions.
