Sberbank's clients have become victims of extremely advanced scammers who call from the bank’s numbers and know a lot about the client, including account information. According to experts, such awareness is possible only if the data is obtained illegally from a bank, for example, by buying from employees. Calls are so plausible, and the information is reliable that almost the only protection is to call back to the bank and check the information.
In social networks, there were reports of fraudulent actions against citizens of Sberbank customers using social engineering. When a call was made on the mobile phones of potential victims, the Sberbank phone number was determined. In one case, calls were from number 900, in the other - from +7 (495) 500-55-50. Both are indicated as contact on the back of Sberbank cards. To the doubted customer, the “employees” also sent SMS with confirmation from the short number 900, which imitated the message from the bank. In addition, they provided information on account balances or on recent transactions.
According to the scammers, they called from the bank to warn the client about the attempt of unauthorized debiting of funds from the card. The attackers knew not only the name of the victim and the phone number, but also passport information. The client of Sberbank, who faced them, said that he had been called back many times within an hour. Calls stopped only after he blocked the card through an online bank.
Experts confirm that the call scam from the official number is technically quite real. “You can download a special application on your mobile phone, the cost of one call with the changed number will be several rubles,” says Luka Safonov, head of the laboratory of practical analysis of Jet Infosystems security. “There are applications for sending SMS.”
A lot of customer information can be collected through the same social networks. For example, according to Mr. Safonov, according to the number of the car, you can find out the passport details of its owner. However, accurate knowledge of the balance says about the insider in the bank, assured information security experts.
“We see a clear shift to address attacks because now it’s easy enough for an insider to find a market,” says the head of the IB service of the top 30. “On websites, in telegram channels, there are more and more offers like in databases from banks, and for individual clients with a large balance in the account ". The trading of customer data from Sberbank, Alfa-Bank, Tinkoff-Bank, Pochta-Bank, Avangard, Russian Standard and MTS Bank was also reported by DeviceLock (without checking the relevance of the data).
The correspondent of “Kommersant” accidentally witnessed the purchase of data from a Sberbank client from a person who offered such a service through a telegram channel. Knowing the phone number, he for 99 rubles. was ready to find out about the presence of a person’s account in a bank, for 2.5 thousand rubles — the full number of a bank card, for 2 thousand rubles — an extract of operations for one month, for 8–10 thousand rubles — a code word, for 5–6 thousand rubles - passport data of the owner, including registration. The seller offered to perform any operation on any card of the bank and in a minute reported the balance on the card, the amount and time of the operation, corresponding to reality.
It is technically not easy to prevent leaks of this kind, said Zecurion CEO Alexei Raevsky. “Banks have low motivation, since responsibility for leakage of bank secrecy is rather illusory,” he explains. “At the same time, finding an insider in a bank is not a trivial task.”
Sberbank assured that they are carefully studying "similar cases of fraudulent actions" against customers and "constantly improving the anti-fraud system." “Sberbank employees never call customers with similar questions. In the case of fraudulent operations, the antifraud system works automatically, after which the client himself contacts the bank, they added. “Phone number counterfeiting issues should be addressed to telecom operators, but it is certain that telephony numbers 900 and 8-800 telecom operators are technically blocked.” .
The Central Bank says that now four telecom operators are participating in the information exchange with FinCERT. In the period from September 1, 2017 to August 31, 2018, FinCERT sent 127 numbers of mobile operators and numbers in the code 8-800, as well as more than 100 mass fraudulent SMS mailings to block. The work is planned to be enhanced by establishing interaction with the operators of not only mobile communication, but also of ip-telephony and instant messengers, telecom providers, the Central Bank assured.
In the meantime, Sberbank's clients can only increase their vigilance and check suspicious calls by calling back to the bank on their own. “Fraudsters can initiate a call from any number, but they cannot take a call to this number,” notes Luka Safonov. “Therefore, if you are called from a bank, just call him yourself on any of the official numbers.”