- Joined
- May 15, 2016
- Messages
- 14,161
- Likes
- 2,643
- Points
- 1,730
The scheme of taking money from citizens, identified by Group-IB, relies on the substitution of payment system pages, with the help of which bank customers confirm their consent to carry out P2P payments (card-to-card transfers). In Russia, scammers, according to experts, have been practicing such a forgery since the end of last year and have already managed to steal 3.15 billion rubles from online shoppers.
The P2P payment confirmation system, based on the use of the 3-D Secure authorization protocol, improves the security of CNP transactions (without the presence of a card) when paying for goods and services online. This technology is supported by all international payment systems - Visa, MasterCard, JCB, AmEx, as well as the Russian MIR.
Attackers are constantly looking for ways to bypass 3-D Secure, but basically all these efforts boil down to stealing one-time codes using social engineering or malware. The authors of the new fraudulent scheme chose a different path - they use imitation of 3-D Secure pages, providing them with logos of reputable payment systems.
The attack is carried out in stages. First, a customer who has the misfortune of contacting a fake online store or web service is redirected to a phishing page for payment. The details intercepted in this way are used to generate a transfer to the fraudster's card.
In response, the bank sends the cardholder an SMS with a one-time code, which must be entered on the 3-D Secure page to confirm the payment. Since scammers replace this page on the fly, an additional identifier also falls into their hands and helps them successfully complete the money transfer in their favor. This scheme, according to experts, is difficult to implement and poorly detected using classical anti-fraud solutions. However, with a clear execution for the issuing bank, the payment will look legal, and it will be extremely difficult for a client who finds a fraud to get his money back.
According to Group-IB estimates, Russians cheated under this scheme make more than 11,700 payments every day for a total of 8.6 million rubles. This affects not only account holders, but also issuing banks and the owners of brands borrowed by scammers - online stores and payment systems.
“The scheme is really dangerous and is spreading and modifying extremely quickly,” comments Pavel Krylov, head of the GIB's online fraud counteraction department. - At the moment, units of the largest banks in Russia and the CIS have protection against this type of fraud. It is based on behavioral analysis and the ability to track each session and user behavior both on a web resource and in a mobile application in real time. "
Group-IB does not exclude that the fraudulent scheme they identified will become widespread outside Russia.
__________________