Experts have told how SMS scammers steal money from the Russians
Fraud intercept SMS messages from the Bank appeared almost immediately after this a way of confirming money transfer has become one of the main. Is it popular in Russia is a fraud who is subject to such attacks and what security measures banks take, RIA Novosti was told by the experts in the field of information security.
To intercept TEXT messages from the Bank to confirm transactions, attackers reissue the SIM card. In the language of cybersecurity this kind of attack is called a SIM swap, says head of information security", SearchInform" Alex Drozd.
According to him, SIM-swapping in Russia is not a mass type of fraud, since an attacker would have to make quite a lot of action, for example, to apply for a replacement SIM with a fake power of attorney or look for accomplices inside the Telecom operator or salon.
"All this is time consuming, costly and risky. Therefore, such attacks often target with great damage to the victims when the scammer is sure that the effort will be justified," - said Drozd.
While in the "SearchInform" I do not see a direct link pandemic coronavirus with this type of fraud. "You can talk about the indirect impact of the crisis, as insiders, being in straitened financial circumstances, more willing to transgress moral limits. According to our data, crimes associated with corporate fraud, has become 10% more", - said the expert.
According to the head of Department anti-fraud Center for applied security systems company "infosistemy Dzhet" Alexey Sizov, banks have begun to deal with such damage.
As noted in the Novikombank protection mechanisms on the market now quite a lot. However, some banks to avoid intercept SMS codes, abandon them and use methods of testing operations on the device: check imsi, creating a local electronic signature on the mobile, authentication by biometrics.
According to the head of retail business Department of Novikombank Eugene Gladilina, the Bank is working on implementing various features to improve security, in addition to the existing mechanism for confirming transactions via SMS/Push notifications.
The "Bank House.Russia" also noted that carefully studying the various possibilities of confirming transactions, but it supports the use of SMS or Push is in accordance with the requirements and recommendations of the payment systems.
Meanwhile PSB in the near future implementing a solution for small and medium businesses that will allow you to sign documents with mobile banking using face ID and touch ID. "This technology provides higher level of security - scammers will not be able to conduct a transaction, intercepting or taking the client SMS code. Besides, it's convenient - customers have no need to drive a manual SMS-codes", - told in the press service of the Bank.
The experts evaluated the technology test operations on the device without SMS codes.
According to the head of the research group security of banking systems Positive Technologies Yaroslav Babin, this method of transaction confirmation may be safer if the Bank has provided protective measures. First, it is a secure antipode, which identifies most of the fraudulent transactions