A new vulnerability was discovered in the popular free classifieds service – the seller transferred an expensive product to the buyer through the delivery service, but did not receive money on the account. How was his account hacked and what advanced technologies did the fraudsters use?
80 percent of attackers calling on behalf of financial institutions use number spoofing. This technology is already known.
The seller finds a buyer through the free classifieds site. The deal went through. The goods have been transferred to the delivery service. The seller is waiting for the receipt of almost 120 thousand rubles. But as soon as the goods are in the hands of the buyer, the seller’s account is hacked, the data is changed, and the money is withdrawn from the account. Presumably, the delivery service accidentally indicated the seller’s phone number on the invoice. Through the substitution of the number on his behalf, they called the support service and received access to profile.
“Scammers do not deceive the user, but in fact the platform itself, calling the support service from a fake number, thus impersonating the site’s client. Now, when calling the support service to identify the user, so that our operator understands that he is really an Avito user, we In addition to the phone number, we are requesting additional data that the attacker does not have, “said Maria Skorik, press secretary of the Avito service.
The most popular cheating scheme. Victoria Guseva posted an advertisement for the sale of the printer on the website. A buyer from Makhachkala immediately became interested. He said that he sent the money via delivery to Avito and sent a link, which in fact did not lead to a true site, but to a fraudulent one. The link is supposedly needed to receive payment, but in fact to entice card data… Communication via messenger is also a clear sign of a scammer.
ONF came out with a proposal to develop additional protection measures against financial fraud for retirees. According to the Bank of Russia, in the third quarter of last year alone, fraudsters stole 2.5 billion rubles from the accounts of Russians, which is a third more than in the same period of 2019. ONF proposes to enable cardholders to refuse online payments and outgoing transfers. It will be possible to leave, for example, only withdrawal of funds from an ATM or payment in a store, for a telephone, utilities and so on. A citizen can be given a choice of which operations he wants to give up and which he wants to leave in his life.
In addition to social engineering and number spoofing, there is another way to your money – your phone is stolen with a banking application. The phone is password-protected, but you can move the SIM card to another device. It can be quickly blocked in case of theft and additional protection can be activated in the banking application. No matter what they say, it is still unsafe and premature to replace a passport with a telephone.
Source: Вести.Ru by www.vesti.ru.
*The article has been translated based on the content of Вести.Ru by www.vesti.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!