Experts have told how not to lose money because of "gift bonus"
To save your wallet from fraudsters who, posing as Bank staff, promise to earn bonuses on the cards, you should carefully check all the information - links to go to the site, the presence of differences in the design or errors in the domain name, as well as to clarify, is there a specific action on the Bank's website or call center, told RIA Novosti experts.
Earlier on Friday, VTB announced that it has recorded a surge in scams that promise to list the Bank's customers as a bonus 2020 rubles for the survey about the quality of work of offices and contact centre. According to the Bank, the attackers is asked to complete a questionnaire, which to receive remuneration, please specify the data on both sides of the Bank card. VTB noted that this type of fraud relates to the method of social engineering is when attackers, using manipulation and psychological tricks, trying to obtain customer data and access to their funds.
Technical expert for the protection from cyber attacks Check Point's Alexey Beloglazov stressed that in contrast to fraud the Bank will never request confidential data from its customers by phone or in social networks.
Head of Analytics and special projects CC InfoWatch Andrei Arsentiev said that the attackers are counting on the psychological impact – in pursuit of easy money from the well-known financial institution the victim fall for the ploy and provides details of their credit cards. "Method of protection – tiberghien: in this case, recheck the information on the official sites of financial institutions, don't click on links from social networks and mail messages, not to transfer personal data and Bank card data information with codes from SMS to third parties," - he recommends.
Similar councils are given by the representative of the Department the brand protection Group-IB Jacob Kravtsov: check any activity on behalf of the Bank on the official website or the call center. The representative of the company "infosistemy Dzhet" Alexey Sizov, in his turn, pointed out that if a person entered the site, it makes sense to carefully examine its contents: "to ensure no differences in design or errors in the domain name." Expert CrossTech Solutions Group Ilyas Kireev noted that the six-digit authorization code of the transaction that forms the Bank should not be known to third parties. "This is the last line of security before the withdrawal of funds, so the application should unsubscribe from SMS notifications in favor of the push, thereby eliminating the interception of SMS messages, and the settings of the mobile device you want to prevent notifications on the lock screen," he said.
"It is important to remember that in Russia, the Bank is obliged to return the money if the theft occurred without the user's knowledge -- that is, if the money was not scrapped because of neglect and careless attitude to card security, for example, in the case of theft of the card with written on it the pin code, and if the payment is not the result of accidental or careless actions of the user when making payments on the Internet. In most cases, the man himself accidentally reported data to scammers who use social engineering techniques. In this case there will be no payments", - concluded the head of the representative office Avast in Russia and the CIS Alexey Fedorov.