On the phishing line – Newspaper Kommersant No. 28 (7473) of 02/15/2023

Despite the decline in the number of fraudulent transactions without the consent of bank customers, last year their volume reached a record high of 14.2 billion rubles. The main direction of theft is the remote banking system (RBS) of individuals. The Central Bank is blamed for the high level of social engineering, which, although it decreased at the end of last year, is clearly not enough. Experts are talking about the rise of phishing.

According to the published by the Bank of Russia on February 14 review operations without the consent of clients of financial institutions, their volume reached a record high – almost 14.2 billion rubles. This is 4% higher than in 2021. At the same time, the number of cases of theft of funds for the first time in seven years decreased immediately by 15%, to 0.88 million.

In the fourth quarter, the volume of unauthorized transactions exceeded 4 billion rubles, the second highest result in the history of observations, while their number decreased to 177 thousand, the lowest value since the first quarter of 2020.

As follows from the statistics of the Central Bank, the lion’s share of fraudulent transactions accounted for the remote banking system (RBS).

In the fourth quarter, their volume exceeded 3 billion rubles. (record value), and at the end of the year – 9.24 billion rubles. (while in 2021 it barely exceeded 6 billion rubles, in 2020 it did not even reach 4 billion rubles). At the same time, the share of social engineering in fraudulent online banking services for individuals decreased — for three quarters it was confidently above 70%, and at the end of the year it dropped to 60%.

Market participants consider the data on the decrease in the level of social engineering to be consistent with the real situation on the market. From the statistics, we can conclude that in the fourth quarter, fraudsters launched a replicated attack on bank customers using technical means (malware, phishing, etc.), which dramatically increased the amount of stolen money, resulting in the percentage of losses from social engineering in the total of stolen money has decreased, says SafeTech CEO Denis Kalemberg.

According to the head of the CERT-GIB group, Ivan Lebedev, “phishing remains the most massive threat to users on the Internet, and its scale is steadily growing.”

The expert notes that in 2022, the Group-IB incident response center (CERT-GIB 24/7) identified more than 20,000 phishing domains in the .ru and .rf zones. During the previous year, only 15.4 thousand domains were registered.

The active growth of fraudulent transactions is associated not so much with remote banking of individuals, but with a significant number of transactions, Fedor Muzalevsky, director of the RTM Group technical department, believes. There are much more of them, including because many companies have broken supply chains and they are forced to look for workarounds for the movement of goods and funds, the expert explains, and “in the process there are dishonest intermediaries who commit fraudulent actions.”

In addition, according to a Kommersant source in the information security market, various fees to help those mobilized to participate in hostilities in Ukraine provided great scope for the development of fraudulent schemes with RBS. “Another significant factor is that people with a drop in income and a desire to go abroad actively fall into various “scams”. As far as I know, the Central Bank considers this not as social engineering, but as a fraud, ”the interlocutor of Kommersant specified.

At the same time, the volume of the return of stolen funds is kept at a record low level – in the third and fourth quarters, it left only 3.4%.

In absolute terms, the volume in the fourth quarter did not exceed 137 million rubles, only 1.5 million more than in the previous quarter. The Bank of Russia believes that the low level of return of funds is still associated with the preservation of a high share of social engineering, when citizens independently transfer funds to attackers or disclose data.

According to Fedor Muzalevsky, the low rates of return of funds are due to the fact that the return schemes have not yet been worked out, the conditions have not been determined. The client, who voluntarily named the code words, codes, passwords and transferred the money, is still at fault, Mr. Muzalevsky emphasizes, and “the banks refuse to do anything about it.”

Maxim Builov, Yulia Poslavskaya