Column by Maxim Builov about interesting statistics from the Central Bank on fraud

There have been noticeable changes in the portrait of cyber fraud victims compiled by the Bank of Russia based on a survey of Russian citizens over the past year. First of all, they touched upon the paths that attackers take to reach their victims. Thus, the number of attacks via instant messengers almost doubled (from 12% to 22.5%). The share of telephone calls and SMS also increased – from 54% to 60%.

In addition, according to the results of 2023, women confidently outperformed men. If in 2022 there was almost parity (50.6% versus 49.4% in favor of men), then in 2023 the advantage of women was 11 percentage points (p.p., 44.5% versus 55.5%, respectively).

There is no doubt about the representativeness of the study. Almost 400 thousand respondents surveyed by the Central Bank is a very respectable sample, even taking into account the fact that only 40% of them encountered scammers personally. It is all the more curious that, according to the study, it turns out that 12.4% of respondents suffered from the actions of fraudsters. This is a high share, especially against the backdrop of data from the Central Bank itself, according to which last year the share of prevented attacks on citizens grew rapidly: in the first quarter the share of victims was 8.5%, in the second quarter it decreased to 4.1%, and in the third quarter – up to 2.6%.

Evil tongues would say that such an improvement in statistics, the calculation method of which is not disclosed to ordinary citizens, may be the result of “twisting the indicators.” This looks especially suspicious against the backdrop of the testimony of the victims – they turned out to be almost 10 percentage points more than according to the Central Bank for the third quarter. At the same time, a positive observer might argue that those 60% who are confident that they have not encountered fraudsters were in fact protected by the “invisible hand of the regulator.”

An equally ambivalent feeling is caused by the statistics on social engineering given in the survey, which, according to the Central Bank for last year, decreased from 50.5% in the first quarter to 31.6% in the third. According to a survey of citizens, the share of attacks using social engineering (via telephone and instant messengers) increased – from 72% to 76.5%. The fact that 87.6% of them did not fall for the attackers’ bait could certainly indicate some increase in financial literacy in cybersecurity.

But the very increase in the share of social engineering in attacks suggests that this method continues to gain popularity. And there are questions with the level of financial literacy – citizens still transfer money, call the code from SMS (15.3%) and disclose card details (14.8%). That is, they are doing exactly what the regulator, banks and the media have been warning them against for years. Which view of the given statistics to choose is a matter of temperament. “It can’t be worse,” say the pessimists. “Maybe, maybe!” – the optimists answer.