According to VTsIOM, more than half of Russians encounter various types of telephone fraud. In this way, almost 150 billion rubles were stolen from Russians in 2020. This problem is also relevant in the Rostov region: in 2020, approximately 20% of criminal activities in the Don were phone and Internet fraud.
In the new “Point of View”, SFedU experts explained what psychological and technical methods attackers use, why a person is very trusting and how to avoid becoming a victim of scammers. An IT specialist, a lawyer and a psychologist shared their knowledge and opinions.
IT specialist about the methods of attackers and ways to protect against them
Elena Basan , Ph.D., Associate Professor of the Department of Information Technology Security, told what technical methods scammers use and how the user can protect himself.
The speaker noted that it is possible to intercept a user’s data on the Internet the moment he logs in to the site. An attacker can easily obtain a login and password if an insecure protocol is used to connect to the site and the data is not encrypted.
“That is why, when connecting to public access points, it is recommended not to log into social networks and personal accounts, and even if you log in, you must then change your passwords,” emphasized Elena Basan .
According to the expert, “sniffers”—programs that “listen” to the network and intercept information—can intercept traffic within one network. From the received traffic, an attacker can use the data to spoof or block a connection in order to attack the victim’s network.
The speaker highlighted another attack scenario for the purpose of obtaining data – penetration into a public server on which a website or service is running. Each website has a network address of the server on which it is stored – we are used to seeing it in symbolic representation (for example, sfedu.ru). Knowing the server’s network address, an attacker can scan the network and, having detected open network services, try to connect through them. However, the speaker noted that these scenarios require good technical training and powerful computing technology.
“At the same time, the most significant vulnerability of almost any information system, be it an inidual server or an enterprise, is a person and the human factor. As a rule, an attacker can take over a database of logins and passwords by bribing those employees who are responsible for administering the network. Until now, the greatest vulnerability is represented by dismissed employees or offended system users who have access to the organization’s infrastructure,” said Elena Basan .
By following simple security rules, the user can avoid leakage of personal data. The specialist advises:
1) Change your passwords regularly. If the database is compromised, the fraudster will not be able to use your authorization information.
2) Make passwords strong and non-repeating.
3) Avoid authorization on sites and services when connecting to a public network.
4) Update your software regularly and use an antivirus and firewall to protect your communications.
Nevertheless, scammers often manage to obtain the necessary data both by phone and on the Internet. The speaker highlighted several factors on which the ability to track an attacker depends: the level of his training, the level of training of the investigative specialist, the actions of the user and the timeliness of contacting the relevant authorities.
The expert emphasized that finding a cybercriminal is a difficult task. Using direct or indirect evidence, the investigator must discover the digital footprint of the fraudster.
“To search for traces of cybercriminals, you can use tools to analyze logging logs, where messages about events that occurred in the system are stored. In essence, the search for a criminal comes down to searching for the network address or at least the network from which the attack was carried out. Even if the attacker used tunneling tools or so-called onion routing or the TOR network, then with proper investigation you can try to trace the chain of events,” explained Elena Basan .
According to the speaker, in the case of telephone scammers, everything completely depends on the vigilance of the victim. You should not answer calls from unfamiliar numbers and communicate with operators on the other end – your voice can be used to falsify data.
“It is best to install a system that protects against telephone spam and blocks suspicious numbers. It’s more difficult to track telephone scammers; means of masking a subscriber’s phone number have existed for a long time, and you can use Internet services to generate calls and messages,” concluded Elena Basan .
Lawyer on the difficulties of investigating cyber fraud and legal liability for attackers
Ekaterina Tishchenko , Ph.D., Associate Professor of the Department of Criminal Law and Criminology, told how scammers usually act and how government agencies fight them.
The speaker noted that fraud is indeed the most common crime against property at present. Technological and social changes have created more opportunities for fraudsters to commit crimes.
“The huge surge in fraud and especially so-called remote fraud can be attributed to technological and social changes in recent years. For example, the active transition of all kinds of organizations, both private and public, to the online sphere. Another factor was the pandemic and the ban on movement. The transition towards online transactions was going on confidently before, but due to changed social conditions it happened much faster,” emphasized Ekaterina Tishchenko .
Ekaterina Tishchenko noted that the Criminal Code of the Russian Federation contains a wide range of norms that make it possible to define such actions as criminal. The basic norm is Art. 159.6 of the Criminal Code of the Russian Federation “Fraud in the field of computer information.” It provides punishment for the theft of someone else’s property or the acquisition of rights to it by interfering with the functioning of means of storing, processing or transmitting computer information.
“The degree of punishment is determined by the amount of damage from the crime, and therefore may entail a fine, arrest, compulsory labor or imprisonment for the guilty person. In this sense, substantive law adequately reflects the current situation and does not require changes. Another thing is that law enforcement practice and the prevention of remote fraud require attention and effort,” the expert said.
Ekaterina Tishchenko emphasized that violated rights can only be restored by contacting law enforcement agencies. In the system of the Ministry of Internal Affairs, a special department has been created to combat Internet fraudsters, the name of which is assigned the letter “K”.
The speaker noted that certain difficulties arise in the investigation of cybercrimes. This is due to the fact that the Internet provides greater anonymity. The international nature of the crime can also complicate the investigation, as it limits the capabilities of the police forces. Thus, sometimes fraudsters have clear advantages over the police in terms of technology and material resources.
The investigation procedure takes a long time and requires a lot of effort. Therefore, when investigating remote fraud, a common violation is the unjustified refusal to initiate criminal cases.
“And from the point of view of preventing remote fraud, this should be the prevention of victimization, that is, information work with citizens and organizations about the methods and capabilities of Internet fraudsters,” noted Ekaterina Tishchenko .
According to the speaker, banks are actively fighting fraud using spoofed numbers. However, this problem could not be completely resolved. A popular practice is manipulation of bank cards, in which the most primitive mechanism is theft of plastic media; the most common is the theft of confidential user data; the most difficult one is replacing information on IP addresses, after which the user is automatically redirected to fake sites where he is asked to enter personal information
The lawyer emphasized that several persons may be involved in fraud. Participants in the scheme send SMS messages to citizens’ mobile phones with the following text: “Your bank card is blocked, to unblock it, contact the customer service department by phone…”. After calling the number, the fake support employee finds out the necessary card details and invites the victim to go to the nearest ATM. Then he asks you to perform an algorithm of actions, as a result of which the “mobile banking” service on the card is assigned to the phone number of the attackers.
In conclusion , Ekaterina Tishchenko recalled important rules that will help protect your money from financial scammers:
1. Never give your bank card details to anyone. A bank employee, while talking on the phone to identify a client, usually asks for his full name, date of birth, and secret word. May request the last 4 digits of the card. He never has the right to request other information (especially the code from SMS and the CVV code indicated on the back of the card).
2. If it becomes clear that a scammer is in contact with you, you need to interrupt communication and contact the police. If transactions are actually being carried out on your card at the moment, you need to pause them by blocking the card. It’s better to do this yourself by calling the bank’s hotline number (listed on the back of the card) or by calling the bank’s official website.
3. Do not save card data in your personal account or browser.
Psychologist about the leverage of criminals and the reasons for people’s gullibility
Alexander Miroshnichenko , Ph.D., Associate Professor of the Department of General and Educational Psychology, told why people trust scammers and what motivates attackers to deceive others.
The speaker noted that people trust scammers for a number of reasons. Firstly, a person is social – that’s why he is trusting. Trust is a necessary condition for interaction in society. Secondly, scammers take advantage of heightened emotional tension, fear of losses, and the need to make immediate decisions. This helps reduce the victim’s vigilance.
“Many people on a subconscious, instinctive level are ready to obey and scammers take advantage of this. In most cases, it is very difficult to interrupt a conversation with them, to say no and to “get out of the emotional hold” in a dialogue,” explained Alexander Miroshnichenko .
According to the expert, people over 50 are the most gullible. Firstly, it affects growing up in the USSR with high censorship of information sources and the absence of reasons not to trust it. Secondly, there is a lack of understanding of many technical nuances of bank transfers and the safety of personal data.
The psychologist identified the most common techniques used by scammers. Among them: a call about an allegedly completed transaction from a bank card; a call about a relative’s troubles; interception of access to personal accounts on social media. networks to disseminate information about financial assistance. So that the victim does not have time to think about the situation, attackers put pressure on the urgency of making a decision and the fear of losing money or harming a relative.
“In order not to succumb to such provocations, one should not make quick decisions. If they call from the bank and talk about actions that you did not perform, immediately stop the conversation without explanation and go to the bank branch with the documents.
If they report a relative in trouble and the need to transfer money, stop the conversation and immediately call back the person allegedly in trouble.
If you are asked to transfer money to a card on social networks, contact the person asking in any other way before making the transfer. If the information is confirmed, support with condolences and financially, if not, you will save money and nerves,” explained Alexander Miroshnichenko
The expert also described the psychological portrait of a typical fraudster. Its main elements: excellent knowledge of human nature, acting skills and no shame. The attacker doesn’t care which person he deceives. The most important thing for him is getting money. The psychologist noted that cases of fraud have especially increased during the period of isolation and in the context of a deteriorating economic situation.
“It is possible and necessary to warn and this is the joint work of various institutions of our society. And more effective preventive work is not punitive after the fact, but educational, correctional, rehabilitative,” summed up Alexander Miroshnichenko .
Authors: Anastasia Dashevskaya and Daniil Skryagin