News

“Transfer the money or tomorrow your son will be drafted into the army and sent you know where”

After the events of 24 February in Russia the number of calls from telephone scammers has sharply decreased. However, this calm did not last long – recently there has been a new increase in the activity of intruders, the head of the Russian research center said in an interview with Gazeta.Ru “Kaspersky Lab” Maria Namestnikova. Fraudsters are returning not only with renewed vigor, but also with new schemes – in particular, they blackmail people with military registration and enlistment offices, scare people with disconnection from SWIFT, offer fake social payments in mobile applications, and much more.

“Transfer the money or tomorrow your son will be sent you know where”

– How has the number of fraudulent calls in Russia changed since February 24?

– It has shrunk. After it all started, the proportion of users in Russia who received calls from unknown numbers with suspected fraud dropped to 9% per week. Although in December this figure was around 10-11%.

– What do you think, will there be a rollback to the previous indicators?

– It’s already happening. In May, this figure was already almost 13%.

– Fraudsters are returning with old schemes like “Hello, I am an employee of such and such a bank – urgently transfer all your money to me” or is there something new?

– There are schemes that are well tested, and they continue to work. And there are new scenarios that have become relevant in the new environment. For example, stories about fake compensation payments from Social Security Fundnew schemes from pseudo-employees of banks, there were calls from supposedly military registration and enlistment offices.

“Wait, what’s with the military enlistment offices?”

– They call mom or dad, introduce themselves as a military commissar and blackmail: “Transfer so much money or tomorrow your son will be taken into the army and sent, you know where.”

– You said that false bank employees also have new trump cards. Give an example?

– We have seen new schemes from such scammers that relate to the disconnection of Russian banks from the SWIFT system. They call and say: “Our bank will soon be disconnected from SWIFT, urgently transfer your foreign currency savings to a safe account.”

There is little logic here, but attackers are betting on people’s ignorance of SWIFT functions. And if they do, then, apparently, they find such people.

– Since we touched on the topic of SWIFT, I can’t help but ask how the attackers themselves withdraw money from the country?

– They don’t have any problems. Attackers have always been in the black zone and used various workarounds. Now, practically nothing has changed for them: they both used cryptocurrencies and still use them.

– I accidentally heard from your colleagues that it’s better not to make fun of intruders over the phone. Like, there were cases when false employees of banks threatened the victim for a sharp tongue with violence in reality: they called the address of residence, place of work, etc. It happens? This is true?

– It happens. But we do not detect such behavior of attackers en masse. Let me remind you that their main goal is to lure money, not intimidate.

– In your opinion, is it worth spending time on scammers: talking, making fun of them?

“Of course not. I can’t stop anyone, but I will warn you that this is just a waste of time.

We recommend that the average user immediately hang up and, if in doubt, call the bank back on their own using the phone number from the bank card or the official website – not the one from which the potential scammer called.

– What other new mobile threats that appeared after February 24 can you note?

– New threats have emerged around app stores and stores. From Google Play and App Store popular apps disappeared. However, users are not always aware of this. They still go to the store, drive in the name, for example, games, but instead of the official application, they end up with fakes that can be malicious.

– Are there any examples?

I can give an example from personal experience. A game that my children are fond of has been removed from Google Play. One of them had a smartphone. He tried to download the game from the store. How? Search, issue, list of similar applications. But all or almost all of the output consisted of very dubious programs, one way or another using the name of that very game.

We found a way to install differently. But this is us: we focused and understood what we were facing. And if in our place there is an ordinary user? It seems to me that in many such cases problems are inevitable.

– It turns out that now it is dangerous to download applications even from stores?

– In official stores, of course, it is still much safer than downloading applications from other sources. Pre-moderation reduces the risk of encountering malicious applications there. But the main problem now is not them. The main one is phishing applications.

After February 24, dozens or even hundreds of applications appeared on the Russian Google Play, promising all kinds of compensation, social benefits, and child benefits. That is, the Internet used to be full of such sites, but now they are multiplying on Google Play as applications.

Moreover, the functionality of the applications is ridiculous. You install them. Icons appear on the desktop. If you click on them, a browser window opens with a phishing site where they promise “many millions of money.” Only to get them, you have to pay a commission of 300 rubles.

– How do you interpret the reason for the appearance of such applications?

– I think this is just an attempt by scammers to test the strength of moderation in the Russian Google Play. It should be noted that the moment was chosen well, because Google in Russia is now in uncertainty. However, this is just speculation, I have no evidence.

– Could this be the result of the activities of the so-called cyberarmy of Ukraine and their hacktivists?

– Not. We are talking about fraud in its purest form. And hacktivists are about cyber vandalism.

I wouldn’t be surprised if it’s just a coincidence. They decided to run in a new scheme, and once it worked. And if it worked, then the scammers “will not rust” – they quickly replicate working schemes.

– Is there such a problem in the App Store?

– If there is, then it appears very rarely, we do not see it. With the App Store, in principle, to do this, if not impossible, then extremely difficult – for Apple draconian moderation.

Recently there was a case when an unofficial application of one bank appeared in the App Store. But this case is one. And then, most likely, it happened as a result of a mistake by a particular moderator.

In addition, the developer of the clone application quickly got in touch and publicly explained his motives.

– Are there any changes in, shall we say, the hardcore cybercriminal community, the hacker community? Have hackers increasingly used smartphones as a point of entry into corporate infrastructures? Or is it still more like spy movie fiction?

– No, the use of smartphones to penetrate the perimeter is no longer science fiction or fiction. In the last couple of years, we have seen that attackers, one after another, begin to use Android in their scripts. That is, hackers, who previously had all the “master keys” configured only for Windows, suddenly began to master the mobile operating system.

But here it should be noted that there are no detailed statistics on this issue and cannot be, since there is an ART group behind each such case. [advanced persistent threat, термин в кибербезопасности, обозначающий противника, который представляет высокий уровень угрозы]. And each incident involving ART is unique.

– Nevertheless, is it possible to talk about a trend in which hackers attack smartphones not only for money, but also for the purpose of espionage, compromising corporate infrastructures, and so on?

– There is a trend – it is 100%. There are more and more such hacker groups. They are all slowly moving in.

– Why do you think?

– I would attribute this to the fact that in the last couple of years a lot of people began to work remotely. Some even work only from a smartphone. And smartphones are a less secure segment for hackers. If our corporate computers are monitored by the information security service, then this practice is not yet widely used with smartphones.

For intruders, the path through a smartphone is easier, and therefore more attractive. Therefore, they modify their code base so that smartphones can also access company networks.

– How does it work? Are there any popular scenarios?

– If we talk specifically about espionage and targeted attacks, then, due to the fact that ART groups are often involved in hacking smartphones, everything is always different. However, the goal in most cases is the same – to use a smartphone to access the corporate network.

The logic is this: if you have access to the company’s infrastructure from your smartphone, then you have credits there: login and password. Therefore, they must be stolen.

– Did the number of hacker attacks on Russian smartphones increase after February 24: so that with viruses, espionage and other attributes of an action movie?

– I cannot answer this question. But I will say the following: actions of cyber vandalism have become more frequent. Viper blockers have appeared – malicious programs that either block access to the device, or delete all files from it, or do both.

You downloaded a file or application, opened it and that’s it. Data is being erased or the screen is locked. And at the same time, no ransom is demanded from you, or anything else. Just vandalism, a manifesto…

This is similar to what it was before the era of cybercrime, in the late nineties and early zero. When hackers sit and think, why don’t they turn off all the computers in the world. Not for the sake of a goal … But simply because they can.

Back to top button