In the third quarter, according to the Central Bank, fraudsters stole record amounts of funds from the accounts of bank customers. A significant proportion of theft was carried out through remote banking services. At the same time, the number of mobile phone numbers from which scammers call Russians has grown by more than 30 times. Participants in the cybersecurity market confirm the intensification of fraud. Experts believe that stress during the period of mobilization, the ongoing digitalization of services and the suppression of the withdrawal of funds in other ways, in particular by security systems, played a role in this. Moreover, by the end of the year the situation may worsen further, and the upcoming legislative measures are unlikely to help.
According to the “Review of information security incident reporting in the transfer of funds” published by the Central Bank, in the third quarter the maximum volume of fraud was recorded this year and the second result in history - almost 4 billion rubles. More were stolen only in the fourth quarter of 2021 - 4.5 billion rubles. Taking into account the fact that the number of incidents turned out to be far from a record, the average amount of stolen goods increased, amounting to 17.3 thousand rubles. At the same time, bank customers managed to return a minimum of funds for the entire period of observation (since the beginning of 2019) - only 134 million rubles. (3.4% of the stolen).
The largest contribution to the total volume of operations without the consent (OBS) of the client was made by theft through remote banking services (RBS) of individuals - they account for 69% of stolen funds (80 thousand incidents for 2.7 billion rubles). This exceeds last year's records by 43% and 39%, respectively. Throughout the year, the share of social engineering in cases of theft through RBS of individuals grew from 72% to 75%, and in the total volume of fraud, its share increased from 52.5% to 54.5%.
The situation is most dramatic in the segment of telephone fraud: the number of numbers identified by the regulator, from which attackers call citizens, in some cases has increased tenfold. So, according to the results of the third quarter, the number of identified fraudulent mobile phone numbers increased 35 times, to 176 thousand, urban - almost 5.5 times, to 103 thousand.
During 2022, the situation with telephone fraud in Russia changed in different directions. In the first month after the outbreak of hostilities in Ukraine, experts noted a decrease in the number of fraudulent calls: by 42% from February 24 to March 23 (see Kommersant on April 18). This happened because the "call centers" of the attackers encountered problems with the withdrawal of funds and they had to rebuild their processes. But the activity of scammers recovered by the summer (see Kommersant of June 22).
In the first half of the year, the number of fraudulent calls to Russia increased tenfold compared to the same period last year, according to Informzashita.
An increase in telephone fraud cases in the third quarter is confirmed by Kaspersky Lab. “However, there was nothing fundamentally new in the attackers’ approaches, the current news agenda continued to be used, legends about calls allegedly from banks or law enforcement agencies, as well as their combinations,” explains Sergey Golovanov, the company’s chief expert. He clarifies that attackers have begun to use messengers for calling more often in order to bypass the protection measures of telecom operators. Criminals take advantage of the fact that not all potential victims notice that the call is coming not through the phone, but through the messenger, explains Pavel Krylov, head of anti-financial fraud at Group-IB.
However, the operators claim that they have not recorded a multiple increase in telephone fraud through mobile calls. This is being discussed in MTS, MegaFon and Tele2. “We assume that a significant part of such calls are made in instant messengers, and when determining the source of an unwanted call, they can be counted as calls from mobile numbers,” says Sergei Khrenov, director of fraud and revenue loss prevention at MegaFon.
Tele2 adds that a noticeable increase in fraud numbers identified by the CBR may be due to a low base for comparison in 2021: “It is important to consider that the correlation between the number of fraudulent numbers and the volume of theft is also arbitrary, since potential victims may not respond to attempts delusion." In the future, the number of theft of funds should be reduced, they believe in Tele2: “This will be facilitated by the development of operator and banking protection systems. At the same time, the number of fraudulent calls is likely to grow, as attackers will be forced to spend more resources on their activities.”
Fedor Muzalevsky, director of the technical department at RTM Group, explains the general surge in fraud using social engineering by the fact that Russians “in connection with the news agenda” carried out a lot of withdrawals and transfers of funds: “Including urgently, using various non-traditional schemes, for example, on accounts offering fast transfer services between countries, many of which are unreliable.” Also, according to him, the news about the mobilization and proposals to avoid it allowed the criminals to steal a significant part of the money of citizens. “In the fourth quarter, the trend of increasing theft will continue,” the expert is sure.
The increase in fraud through remote banking channels may be due to the complexity of withdrawing funds. “If earlier it was profitable for attackers to steal little by little through websites, now they are focusing on large amounts at once through remote banking,” says Veniamin Kaganov, general director of the Association for the Development of Financial Literacy.
In addition, according to market participants, overall digitalization plays a role in the growth of fraudulent traffic. According to the vice-president of the Association of Banks of Russia Alexey Voilukov, more and more banks are transferring services to digital platforms, which allows fraudsters to expand the range of fraud scenarios. At the same time, he believes, over the past year, "nothing fundamentally new to combat fraud has been done either technically or legislatively."
To combat social engineering, it is planned to pass a law according to which banks will return stolen funds to customers. “The Central Bank, together with market participants and experts, proposes to change the legislation so that people can count on a refund even when they were misled and therefore transferred funds to the accounts of intruders,” the regulator reports, citing Vadim Uvarov, director of the information security department of the Central Bank.
However, Aleksey Voylukov emphasizes, the law has been discussed for more than a year and is unlikely to increase the amount of refunds: “The law implies that money is returned to the client if the account to which they were transferred was blacklisted and the bank knew about it. However, in this case, the bank simply initially will not transfer money. To be blacklisted, the bank must notice an increase in suspicious transactions on the account, report to FINCert, all this can take up to five days, during which time the fraudsters will have time to collect money, withdraw it and switch to another account.”