Phishing (selling goods on online platforms)
Phishing is a type of Internet fraud, the purpose of which is to gain access to confidential user data – logins, passwords and other personal information.
You place an advertisement for the sale of goods on the trading platform, after which the scammer introduces himself in the messenger as a potential buyer of the goods and offers to make payment by transferring funds to your bank payment card, and also offers to use delivery services.
When communicating, the fraudster may explain that in order to transfer funds, your bank payment card must contain an amount equal to the transfer; if your bank payment card does not have this amount, the fraudster will offer you to top up your balance, all this is done in order to steal as much as possible a large amount of money.
If you agree to this method of payment, the scammer provides a link, following which you are asked to enter the details of your bank payment card (full card number, expiration date, CVV or CCV code), if you enter the specified details, you will receive a message on your mobile phone SMS notification with a confirmation code, after which on the website you will be asked to enter the received confirmation code, thereby you confirm the transfer of funds from your bank payment card to bank accounts controlled by fraudsters.
In order to avoid becoming a victim of cybercriminals when making transactions on the Internet, you should:
- communicate with potential buyers or sellers only in the internal chat of the trading platform (often trading platforms block the possibility of switching to fake resources);
- when communicating with a user, you should go to his profile and pay attention to the creation date (if it was created a few days ago, this should cause additional caution);
- you should refrain from making online payments related to prepayment and transfer of deposits for goods and services in favor of organizations and individuals in the absence of reliable information that the named entities are who they claim to be;
- Avoid clicking on unknown Internet links that are provided during correspondence supposedly to receive an advance payment or arrange delivery. If you have been sent such a link, then, regardless of who sent it, you should carefully check the domain name (resource address) before clicking on it. You can do this by finding the official website on the Internet and checking the spelling of the domain name. A difference of one letter or symbol indicates that this is a link to a fake resource.
Remember! To receive a funds transfer, there is no need to enter the card expiration date and CVV code.
Phishing (utility payments)
In your Internet browser, you enter “payment of utilities” in the search bar, after which you are offered link options; by clicking on the first link offered, you go to a site that looks similar to the Internet banking site. To enter your personal account, you are asked to enter your login and password. After entering the specified data, you will receive a session key on your mobile phone, which you will also be asked to enter on the website. After entering the session key, the site page freezes. At this moment, fraudsters have already gained access to your personal account and are stealing funds available in your bank account.
Tips on how to avoid becoming a victim of a phisher.
In order to avoid becoming a victim of cybercriminals when making transactions on the Internet, you should:
- is very attentive to any case when it is necessary to enter card details or information provided by the bank (SMS code, login or password for Internet banking). The most reliable way to protect your funds is not to tell anyone your card details;
- to make online payments, you must use only reliable payment services, be sure to check the domain name of the resource in the address bar of your browser.
Remember! To receive a funds transfer, there is no need to enter the card expiration date and CVV code.
Phishing (purchase of theater or cinema tickets)
A young man meets a girl on the Internet. After talking for some time in the messenger, the girl invites him to meet in reality, choosing to go to the theater for the first date. The young man is not surprised that the girl offers to buy tickets not at the theater or through popular online booking services, but on a website to which she provides a link.
The guy follows a link to a website that looks similar to the official website of the theater in the city where the young man lives, and then fills out a payment form, where he indicates his bank payment card details, as well as the confirmation code sent to his mobile phone, in the future money is stolen from him.
In order to avoid becoming a victim of cybercriminals when making transactions on the Internet, you should:
- Be careful in any case where you need to enter card details or information provided by the bank. The most reliable way to protect your funds is not to tell anyone your card details.
- Use a separate bank card for online purchases that does not store funds and does not receive regular income in the form of wages, scholarships or pensions.
- Avoid clicking on unknown Internet links that are provided during correspondence supposedly to receive an advance payment or arrange delivery. If you have been sent such a link, carefully check the domain name (resource address) before clicking on it. You can do this by finding the official website on the Internet and checking the spelling of the domain name.
- A difference of one letter or symbol indicates that this is a link to a fake resource.
Vishing
A stranger calls you. The caller introduces himself as an employee of the contact center or bank security service, or may also introduce himself as an employee of the Ministry of Internal Affairs of the Republic of Belarus.
The fraudster reports that “the bank has detected a suspicious transaction on your card” or “a request has been received for an online loan in your name.” In this case, the fraudster may know your name, as well as the first or last 6 digits of your bank payment card. After which the fraudster tries in every possible way to find out the full details of your bank payment card, your passport data, the fraudster may also ask you to install applications such as “AnyDesk” or “RustDesk” (these applications allow fraudsters to remotely control your mobile device), supposedly to protect your mobile device. the bank application you use.
The caller reports that the conversation is being recorded and no one should know about this conversation, otherwise you will be prosecuted.
All this is done in order to intimidate the person and prevent him from performing actions outside the instructions of the scammer.
Do not share your personal data, card details, security codes, or SMS codes with anyone! If fraudulent transactions actually occur with the card, the Bank itself can block it!
Employees of banking institutions, as well as police officers, do not make calls via instant messengers.
Vishing (Fraud when calling a home phone)
Cases of fraud under the pretext of providing assistance to relatives who allegedly caused a traffic accident deserve special attention, and in order to compensate for the damage or not bring them to justice, it is necessary to transfer a large amount of money.
During the conversation, a person is convinced that he is talking to his close relative. Afterwards, a “law enforcement representative” is connected, usually an “investigator”, who clarifies the details and address of the victim, mobile phone number, he asks not to interrupt the phone call. During the conversation, the victim is convinced to transfer money to the “investigator’s assistant”, “lawyer”. The courier receives the updated address and leaves to collect the money. All this time, right up to receiving confirmation from the courier that the money has been received, the victim remains in touch with the criminals.
In most cases, the victims are elderly citizens.
Young people are involved in the criminal scheme as couriers. They find a dubious part-time job in one of the instant messengers.
The criminals offer boys and girls to take money from one person and transfer it to another, and in return receive 5-15% of the amount of money that was transferred.
All couriers are the most vulnerable point of a criminal organization; the remaining participants are as anonymous as possible. After arrest, they, as a rule, provide assistance to law enforcement officers, while their awareness does not extend beyond the name (nickname) of the recruiter and curator in the messenger.
If you receive a call on behalf of a law enforcement officer that a close relative or acquaintance has been involved in a traffic accident and they need to transfer any money to resolve the issue of not being held accountable and providing assistance, you must immediately stop the conversation and contact this relative. Law enforcement officials never call and ask for money to assist in such situations.
Don’t panic, be vigilant. In order to protect yourself, your loved ones and friends from such illegal actions, inform them about the methods of deception that have become known to you.
Remember that older people are the most vulnerable to attackers, so to protect them from harm, take away large sums of money for a while, and also remind them daily of the danger.
Illegal circulation of means of payment
A large number of citizens, at the request of friends or for a monetary reward, open bank accounts in their name. By issuing bank payment cards that they do not intend to use, and in violation of the terms of the agreement with the bank, they transfer details to third parties. Criminals use cards transferred to their use to transfer, legalize and cash out funds received as a result of criminal activity. Thus, the person who opened a bank payment card in his name becomes an accomplice to the crime.
To open a bank account, you often don’t even need to come to the bank—everything can be done online. Of particular concern is that this criminal scheme involves teenagers between the ages of 16 and 18, who do not even realize the illegality of their actions. Using mobile applications of various banks, they open accounts, register electronic wallets, and then provide the attackers with all the data and details.
Often, teenagers, having received a reward, at the request of scammers, look for those among their friends who will agree to provide the same “service”, receiving additional payment for this.
For the production or sale of bank payment cards for the purpose of sale, as well as for the illegal distribution of card details or authentication data committed for mercenary reasons, imprisonment for a term of up to six years.
The same actions, committed repeatedly, either by an organized group, or on an especially large scale, are punishable by imprisonment for up to ten years.
Crypto exchange scams
With the massive introduction of cryptocurrencies into the financial system, the number of scams associated with crypto exchanges has increased. Cybercriminals have become increasingly sophisticated in using new technologies to identify vulnerabilities and fraudulent schemes.
On social networks, you can increasingly see advertisements for extremely profitable investment projects.
As soon as a novice investor takes the “bait”, he is directed to a questionnaire site from a “well-known bank” or to colorful one-page sites of an investment project. Most often, scammers offer those who want to get rich quickly to invest in cryptocurrencies or buy shares of well-known companies. Almost every project promises fantastic earnings – from 4,000 to 100 thousand dollars per month. The scammer’s task is to make the victim believe in the investment project so that she leaves her contact information to contact the curator. After filling out a form where the victim indicates his contact information, he is often contacted in the Telegram messenger by the same curator who will guide him throughout the entire project.
Having told during the conversation about a unique project, where supposedly a special program helps to make money through trading, the curator invites the user to register in the system and make a deposit, usually from 200 to 300 dollars. If the client is in doubt, he may be advised to reserve a place in the project by making an advance payment of, for example, $100 through a popular cryptocurrency exchanger. When connecting to the system in the “personal account”, the future investor is shown successful trading results and the growth of his savings, but behind the beautiful numbers there is an emptiness – all these investment projects do not involve withdrawal of funds, only deposits.
In some cases, the manager asks for bank card details (including secret codes sent to a mobile phone), with which the potential “participant” plans to make investments, and allegedly sends a request to the bank for approval of making a deposit. In fact, the money is simply debited from the account.
When the first amount is credited to the exchange, the program supposedly begins its activity of earning money, but there is no program, and the scammers simply draw beautiful numbers that their client wants to see. Therefore, in most cases, the victim does not stop by simply transferring funds to his personal exchange account. The victim may invest his hard-earned money in a non-existent project for several months before realizing that he has fallen for a scam.
You shouldn’t let your guard down and trust promises of easy money online. Criminal schemes are improving every day, and before you agree to invest your savings, carefully check the information about the selected Internet resource.
Scams involving drawings of free prizes and cash
In various instant messengers, mainly such as Viber, unknown people began sending out links with invitations to participate in various sweepstakes and receive free prizes or even cash. For example, scammers offer to take part in sweepstakes held by Belposhta or some mobile operator.
Allegedly on behalf of RUE Belposhta, scammers send messages in instant messengers about a drawing and offer to complete a survey, for which the user will allegedly receive a sum of money in the amount of 1,000 Belarusian rubles. Please note that RUE “Belpochta” does not send out such messages and does not conduct such sweepstakes. We remind you that under no circumstances should you click on unknown links, even if they were provided by your close relatives, and enter the details of your bank payment cards, personal data, including the subscriber numbers used.
Carefully study the addresses of the sites you go to. Often, scammers register similar domains to those of well-known organizations. Replace, for example, .by with .cn or simply any letter in the address bar.
Fraud on Instagram
People know that many Instagram account owners increase their views and subscribers, create “fake” stories, but for some reason they forget that scammers also know how to do this.
Let’s look at a specific example, an account for selling clothes. While viewing the account, it does not raise any suspicions. A good description, a large number of subscribers, relevant stories containing reviews and reviews of the product being sold.
Let’s look at the signs that indicate that this account is fraudulent.
If we pay attention to the description of the fraudulent account, we will not find any information here about an offline store where you can physically come and touch the product. Also, every self-respecting store has its own website, which is also always indicated in the description. The website often contains information about the legal address and contact numbers of the organization.
It is worth paying attention to the first post posted on the account. If the first post was posted several weeks ago, but when viewing the account information by clicking on its name, we find that the account was created several years ago, then this fact should raise suspicions. Also, when examining further information, you need to pay attention to the location of the account; it is usually absent on fraudulent accounts.
At the same time, you should pay attention to the “Tags” section, if it is absolutely empty, this fact indicates that real customers have never tagged this store in their publications, despite the fact that the account has a large number of subscribers.
One of the more obvious factors that the store is fraudulent is that when we look at the store’s publications, we will not find a single comment, and also that comments on the publications are completely limited.
During the communication, the account administrator informs you that payment is made only through a bank payment card, at the same time provides a link supposedly to pay for the goods, where you will be asked to enter the bank payment card details. In this scenario, you must immediately complete the correspondence, because During further communication, the administrator will try in every possible way to justify this method of payment and find many reasons why payment is made only in this order.
Also, during the conversation, you can clarify whether the store has offline points where you can physically get acquainted with the product, ask the seller for contact information or the legal address of the organization. Often, after a list of these questions, the administrator who corresponds with you stops answering messages.
It is especially important to note that the peak activity of cyber fraudsters occurs during the holidays. This is the most profitable time for them: dozens of people browse websites in search of the right gifts.
Avoid offers on Instagram about selling goods at the “most attractive prices”, do not believe flashy statements that this is supposedly a “secret sale” or “exclusive deliveries directly from the manufacturer”, do not enter confidential data on suspicious sites.
People are indeed always interested in products at low prices or promotional offers. But don’t fall for this bait on Instagram, where scammers are trying their best to play on your feelings and desire to save money.