The scheme of deceiving subscribers through mobile phishing is by no means new. So in 2016, a user of a popular social network published a post on his profile urging people not to open a message supposedly received from the FSSP, as this leads to the loss of funds from accounts linked to online banking. Such cases were covered in the media in 2015. Read more about what banking fraud is and what types of this crime there are.

The problem of mobile fraud with bailiffs received wide publicity in January 2017, where someone, probably falling for the bait of attackers, posted a warning notice on the doors of one of the Yekaterinburg branches of Sberbank under the flashy heading “Sberbank is warning us.”

Representatives of the bank, in turn, denied involvement in the dissemination of this information and generally did not comment on the situation, calling on clients to be vigilant. They also gave recommendations on timely updating of anti-virus software and warned against clicking on links received from suspicious numbers.

In 2018, cases of digital bailiff fraud are observed less frequently, but still exist. So in January, residents of the Smolensk region were subjected to a massive phishing attack.

While representatives of Sberbank prefer to refrain from assessing what is happening, FSSP employees report that they do not practice notifying citizens about debt via SMS, and such notifications are clearly the work of criminals.

Scheme specifics

Such shadow manipulations are not technically complex, but are aimed primarily at gaining the trust of the device owner. Assessing the marginality of the scam, scammers complicate the scheme of interaction with the victim, trying to make it more perfect and inconspicuous. This is largely why it is important to understand the principle of its operation, which is as follows:

According to an alternative scheme, the phone does not reboot, but the user is directed to a copy of the official FSSP website - at this time the virus does its work. In some cases, the subscriber is asked to log in to the system in order to obtain information about the debt.

It is noteworthy that malicious notification always arrives in private messages and is not distributed in online messengers. In a similar way, attackers steal personal data from a victim’s personal computer or laptop after opening a link received by email.

Can money be debited from the card automatically when opening a message or do you need to click on the link?

Given the numerous calls from victims not to open SMS messages sent by scammers, it may seem that this will be enough to infect the device with malware.

However, from a technical point of view this can rarely be realized, since the virus cannot penetrate the operating system without first downloading it. In addition, according to subscribers who became victims of digital deception, the account was reset after clicking on the link, and not at the moment of opening the message.

It is noteworthy that users who own devices on the Android operating system suffer more at the hands of attackers. At that time, iOS, which powers Apple smartphones, is less susceptible to infection, since the system is protected from unauthorized intervention by default.

However, in both cases, nothing can guarantee security better than a skeptical user regarding links with unknown content.

You can find out in detail about what fraudulent schemes with bank cards exist and what to do if money is stolen.

Where to turn if you couldn’t avoid being scammed?

To achieve justice, you should adhere to the following plan of action:

1. Freeze your account by visiting your local bank branch, using online banking, or by calling the bank.
2. Contact the bank and write an application, reporting the unauthorized withdrawal of funds from the account (drawn up in 2 copies, where one of them remains with the applicant with a mark of acceptance).
3. Contact the local police department with a copy of the application, recording the act of theft of funds.

You should act immediately and contact the specified institutions no later than 3 days from the date of theft.

Due to the fact that the methods of fraudsters may vary, it is not always possible to find out exactly how the money was written off. In cases where the system is infected with a virus, the bank has the right to refer to the fact that the device was not equipped with the necessary security measures and refuse to return it. If the client entered his data on a fake site, this may be considered a violation of the terms of use.

This is where the difficulties lie, but, objectively, the likelihood of a refund still exists. The police are not always able to identify the criminals, since the latter use various methods of encrypting addresses, trying to maintain anonymity.

We talked in detail about how to return money if it was stolen from a bank card.

The best guarantee of the safety of personal savings is the vigilance of their owner. You should not trust information from suspicious sources, but it is better to quickly check it. You can verify or refute the existence of debt on the official website of the FSSP.

Under no circumstances should you click on unknown links, and your device should be protected with a licensed antivirus. Only in this case can you be sure that personal savings will not pass into the hands of fraudsters.

If you find an error, please highlight a piece of text and click Ctrl+Enter.

That they are negotiating with Apple. “We are working with Apple so that at the operating system level there is no possibility of manipulating the functionality of the Siri device and the functionality of SMS banks,” explained the bank’s press service.

The fact is that Sberbank recently discovered that the Siri voice assistant can be used to steal money from user accounts. At the root of the problem is a fairly old topic: bypassing the iOS lock screen using Siri ( and ). It’s no wonder that researchers have long recommended disabling the use of Siri when the lock screen is active in order to avoid various problems.

Sberbank described the following method of attack. If an attacker has physical access to the victim's iPhone, and a bank account is linked to this phone number, the scammer can use this for personal gain. Even without unlocking the device, the fraudster can ask Siri to send a message to number nine, zero, zero (900 is the Sberbank mobile bank number) and dictate to the assistant the word “transfer”, as well as the recipient’s phone number. Although Sberbank requires confirmation of the transfer via SMS message, this is also not a problem. After the bank has sent the code, you need to ask Siri again to read the last message and send the five digits of the code to number 900. As a result, the attack only takes a couple of minutes. RBC journalists write that they tried the described method of attack themselves, and they succeeded.

At the same time, Sberbank representatives are aware that in iOS it is possible to disable Siri when the lock screen is active.

“Currently, the ban on this kind of manipulation is set at the operating system settings level: in the Siri settings, it is possible to prohibit access to Siri when the screen is locked,” says Sberbank.

Journalists asked representatives of Alfa Bank, which also has functionality for transferring money and paying for services via SMS messages, their opinion about the problem. The bank replied that they were not aware of cases where their clients would have suffered due to such fraud and expressed doubt that such attacks could be widespread. “Still, it’s not very often that we leave our phone unattended,” says Vladimir Bakulin, head of the e-business monitoring department at Alfa Bank.

However, in order to reduce the risk of fraud, Alfa Bank introduced a limit on the maximum transfer amount via SMS in the amount of 500 rubles per day. “To make a transfer via SMS for a large amount, the client must create a template in the Internet bank, but still the transfer limit is no more than 25,000 rubles,” say bank representatives. Sberbank also has similar restrictions. According to current tariffs, when transferring to bank accounts, the limit is 8,000 per day; when paying for their mobile phone, the client will not be able to spend more than 3,000 per day, and no more than 1,500 per day can be transferred to a third-party phone.

Initially, an SMS is received from number 900 (Sberbank service number), in which an unknown person asks to transfer him a certain amount of money, which will be debited from the victim’s account if the sent digital code is sent in a response message. Or the operation will be confirmed automatically after 600 seconds.

A person is naturally stunned by such a hopeless situation. And this is where the fun begins.

Suddenly a phone call comes from the official number of Sberbank (8-800-555-5550). On the other end of the line is a man who addresses the victim by name and reports that scammers are trying to deceive him. And he, as a bank security specialist, must understand and help with this problem.

Next, the Sberbank employee says that you need to stay on the line, write a response to the message - the code that is indicated there, then insert a space and the word - “cancel transfer”. After this, the money, along with the bank’s security specialist, disappears without a trace.

What to do?

1. Do not panic. If you do not make any transactions, the money is not automatically debited.
2. Do not do anything he says, but tell him that you will call him back and hang up.
   IGNORE that he will insist that you don't have much time. Putting the victim under time pressure is the first thing scammers do. When there is not enough time, a person does not have time to comprehend the situation and follows the lead of a more confident person, i.e. on the scammer's lead.
3. Start asking about the employee’s name, what department he is calling from, and who his manager is. Start to pull the rug out from under his feet.

You ask, how can this be?

Pay attention to the service number from which the SMS comes. For a real Sberbank it is usually 90-0. Fraudsters may have 900 and 9OO (with two letters O) and other options.

The reverse telephone number can be easily imitated by anyone if you call through some Internet telephony computer programs. Therefore, there is nothing surprising in this.

MegaFon and Sberbank of Russia warn about fraud when using the Sberbank Online payment system.

When a computer is infected with a virus, the Sberbank Online service website is replaced with a fake one. The authorization data entered on it falls into the hands of attackers. To obtain the secret transaction confirmation code required for successful operation, sent to the user’s mobile phone, scammers call and, posing as Sberbank employees and misleadingly, convince them to tell them the code.

The virus is spread through social networks, dating sites, “free” software, and spam emails. If the virus software detects that the computer is working in the Sberbank Online system, it connects to the scammers’ control server, from which screen forms that emulate the bank’s website are loaded.

Sberbank recommends that when using the Sberbank Online system, you follow the information security measures that are posted on the bank’s official website:

· Under no circumstances disclose your password to anyone, including employees of Sberbank of Russia;

· Check that a secure SSL connection is established and specifically with the official website of the service (https://esk. sbrf. ru). The personal account access page contains only login and password entry fields;

· When you receive an SMS with a one-time password, carefully read the contents of the message. You should enter it into the form on the website only if the operation was initiated by you and the details of the recipient of the funds correspond to the details of the operation in the received SMS. To cancel transactions, messages with passwords are never sent by the bank, since cancellation of transactions in the Sberbank Online system is not provided;

· Do not use the Sberbank Online service directly from a mobile phone, smartphone, PDA, or tablet, which receives an SMS with a confirmation one-time password;

· If you lose your mobile device to which the Bank sends an SMS with a confirmation one-time password, you should promptly contact your mobile operator and block the lost SIM card.

Sberbank recommends that if you have any suspicions that your password (permanent or one-time) has been compromised by unauthorized persons (including those posing as Bank employees) or requests to perform transactions not initiated by you, immediately contact the Bank's helpline by phone (495)-500-0005, (495)- 788-9272 or 8-800-200-3747.

You can inform us about the fact and suspicion of fraud by calling the Customer Service 0500, or by leaving a message on our