THIS MESSAGE (MATERIAL) IS CREATED AND (OR) DISTRIBUTED BY A FOREIGN MASS MEDIA PERFORMING THE FUNCTIONS OF A FOREIGN AGENT AND (OR) A RUSSIAN LEGAL ENTITY PERFORMING THE FUNCTIONS OF A FOREIGN AGENT.
Attackers began to steal money from Russians using QR codes, which contain information about the client’s account. Having sent such a code, allegedly to a bank employee under the pretext of protecting against credit fraud, one of the residents of Moscow has already lost 75 thousand rubles in January, the Izvestia newspaper reports.
At the same time, the publication emphasizes that this scheme is already known to banks. As cybersecurity experts explain, attackers took advantage of the fact that some banks allow financial transactions using a QR code, such as withdrawing money from an ATM or transferring it to someone.
Any information can be stored in a QR, and when sending even critical information in the form of such a cipher, the client does not have fears or doubts.
From the point of view of the risks associated with fraud based on the use of social engineering, the service for withdrawing cash from someone else’s card using a QR code is quite critical, Veniamin Kaganov, director of the Association for the Development of Financial Literacy, fears. According to him, in cases where the client does not understand the essence of the services offered and the meaning of his actions, an attacker can easily mislead him and induce him to generate a code supposedly to protect funds, but in fact use it to steal money.
Using social engineering techniques, scammers try to gain confidence and in a conversation they can find out the balance on the account, added Ilya Danshin, a leading specialist in the information security department of Loko-Bank. Then the attackers ask to go to the page in the bank application, take a screenshot of the QR code with the account details of the victim client and send it to a third-party chat bot, the link to which they send. Further, the chatbot itself can automatically deduct funds from the victim’s account, he explained.
We also recall that recently fake coronavirus vaccination certificates traded by scammers have fallen in price online, follows from monitoring by Group IB. The same trend is fixed by experts from Positive Technologies.
According to the study, over two weeks, more than 12.8 thousand offers for the sale of vaccination certificates and QR codes, including official certificates of vaccination of children by Sputnik M, were identified. In total, from November 2021 to January 2022, the number of illegal offers exceeded 110 thousand, while in September-October 2021 there were just over 3 thousand.
Source: Rosbalt
Tristin is an accomplished author and journalist, known for his in-depth and engaging writing on sports. He currently works as a writer at 247 News Agency, where he has established himself as a respected voice in the sports industry.
