No matter which sector your business works in, you have to depend on third parties that provide goods and services to support your business. It doesn't matter if you're a small business or a large organization operating in the manufacturing and supply chain, these third parties are important for your daily work.
At some point, suppliers interact on-site or digitally with your business, and this makes them a threat factor. Businesses deal with these risk vectors by denying access to these supplies have, for instance, restricting access in a few areas, or using IT and network resources.
According to ESET experts, one of these fraudsters' tricks is related to travel services: criminals pretend to be employees of travel companies and ask victims to make an advance payment.
The second scheme popular among fraudsters is fake websites, where one can allegedly receive "New Year's payments from the state." "Hackers fake web pages under the banner of law firms or imitate the sites of popular banks, where they ask you to enter card details to receive funds," the experts explained.
Analysts also warned that the data on the expiration date of the bank card and the three-digit CVV number cannot be transferred under any circumstances. "This information is needed only for payment, but certainly not for receiving money," noted in ESET.
Experts have also recorded a serious increase in the number of fake food delivery sites. Fraudsters completely imitate the appearance of popular sites and then use them to find out the bank data of Russians and withdraw money from cards.
Domain names of real and fake sites often differ from each other by just one character. “For example, dellivery-club instead of delivery-club or eda.ynadex instead of eda.yandex,” the company explained.
Experts noted that the victims of attackers are also often fans of ski resorts. "Attackers take advantage of the desire of Russians to save money and sell fake online tickets to ski slopes," ESET stressed.
ESET experts also warned that cybercriminals often send congratulatory emails, offering to click on malicious links.
Scammers know that on the eve of the holidays, companies generously distribute bonuses and gifts to their customers, and take advantage of this. When a person clicks on such a link as a rule he gets to a phishing site where he is asked to fill in personal or banking information. Often such messages contain links to viral software.
At the international online cybersecurity training Cyber Polygon 2021, organized by BI.ZONE, Stanislav Kuznetsov, Deputy Chairman of Sberbank, and Henrietta Faure, Executive Director of UNICEF, discussed the important issue "Cyberbullying and more: how to protect children from the threats of the digital world?"
Stanislav Kuznetsov cited UN statistics, according to which more than 70% of children in the world are Internet users (this is 30% of all Internet users of the planet). 95% of teenagers have smartphones, and 45% are online most of the time. While the Internet offers huge educational opportunities for children, the World Wide Web is a dangerous place full of cyberbullying, social engineering, violence and phishing. And children are the most vulnerable to digital threats because they trust each other more, and it is more difficult for them than for adults to distinguish good from evil.
Henrietta Faure agreed that cyberbullying is a very big risk. She thinks authorities should control it because they have laws and a justice system. They can restrict illegal activities on the Internet.
Moreover, she considers it very important to always be in touch with your children and to know what is going on.
"You need to hear and listen to your children. Take your time: ask them what they are doing online. Often parents think that children will always come to them for advice, but this does not always happen. That's why we need to tell our kids that they need to let us know all these things. If the criminals successfully attacked one victim, they will attack millions of others. And if one teenager knows which service to contact in case of a problem, he will tell his friend," said Henrietta Faure.
"Children are our future, and it is obvious that we need to expand international cooperation to protect them," concluded Mr. Kuznetsov.
Henrietta Faure agreed that UNICEF's cooperation with large companies and ecosystems, such as Sberbank, can be very fruitful.
"There are three most common types of data leakage," said Vseslav Solenik, Director of the R-Vision Center of Expertise.
Personal data of Russians become available to fraudsters due to the negligence of employees and partners of companies, hacking of IT structures of organizations, or due to the carelessness of the citizens themselves.
Mr. Solenik stressed that in most cases, data leakage is illegal. Often, scammers find out personal data from the people themselves, promising them profitable bonus programs.
"Fraudsters attract them with various bonus programs, favorable offers and other things. And in exchange, the attackers receive a full set of personal data," the expert added.
The specifics of the Russian legislation is that even when transferring the full name and phone number of the company, the subject is obliged to fill out the consent form prescribed by law, where he is forced to specify his passport data, registration address and other information that can be used later by fraudsters.
"At the same time, it is impossible to fully protect your personal data from fraudsters today. You can only observe the hygiene of information security, raise your awareness to resist phishing and attacks, be vigilant and refuse to transfer personal data in exchange for minor services from dubious companies," the expert stressed.
Solenik added that it is equally important to know the current legislation. He called on the Russians to defend their rights in the field of personal data processing: to report incidents of leakage to the regulator and to seek the responsibility of companies for this.
Earlier, the majority of Russians supported the introduction of amendments to the law on personal data. Thus, 62 percent consider it necessary to be able to withdraw consent to the use of their personal information. In this case, Internet services will have to delete it within three days.
Experts analyzed how often children encounter cyber incidents in the online space. It turned out that every fifth child has at least once encountered malware and viruses. Also (in 19% of cases), children come across unwanted content "for adults". In 18% of cases, children's social media accounts were hacked or attempted, and 15% of parents also reported that suspicious strangers wrote to their child.
Parents also noted that children make unconscious or uncoordinated spending on the Internet: they subscribe to paid services or buy access to online games. Parents whose children bought something on the Internet said that in most cases (81%) the purchase amount was up to 1 thousand rubles ($14).
“Parents need to abandon online wallets and cash and make a separate bank card for the child in order to protect the family from unwanted spending. This can be a virtual account or an additional card to your own. The fact is that openly criminal websites and services on the Internet do not accept bank cards for payment. In addition, adults have access to the limits and settings of the children's card, and they can always challenge unwanted spending in the bank and save the family budget," said Alexey Govyadov, head of analytics and automation at ESET in Russia.
Cyber threats that children most often face online: malware (viruses, etc.); unwanted content 18+; hacking or attempted hacking of a page in social networks; suspicious strangers wrote to the child; unconscious or uncoordinated spending; the child was in suspicious groups or communities.
Speaking about child safety on the Internet, half of the parents surveyed say that their child knows that in the event of a cyber incident, they should immediately contact adults. More than a third of the respondents also noted that their child knows safe sites and applications, and also makes online payments only on trusted resources.
Attackers call a potential victim and offer to install an app on their phone that "reliably protects money from theft." And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim.
According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.
Dmitry Kuznetsov, head of methodology and standardization at Positive Technologies, warns that Bank employees never ask customers for card or account details.
The police do not exclude that such fraud may be widespread and asks Russians to remain vigilant.
According to the Central Bank, the activity of telephone scammers increased four times in the first six months of this year. In total, the regulator recorded more than 360 thousand unauthorized transactions with funds of Russians for a total of about 4 billion rubles ($51,8 million). Banks returned about 485 million rubles ($6 million) of stolen money to their clients.
The low percentage of refunds from the Bank is due to the fact that people, in fact, become victims of their own free will. After all, the client signs an agreement with the Bank that prohibits the transfer of confidential information about the Bank card to third parties, said lawyer Yakovlev.
However, it should be noted that the data of clients of Russian banks has risen in price on DarkNet. Ashot Hovhannisyan, the founder of the DLBI DarkNet search and monitoring service, explains that the increase in the cost of such services indicates a decrease in the number of offers on the market. This, in turn, means that credit institutions reduce the chances of hackers to steal data and increase security.
According to experts, this approach makes it possible to reduce the cost of attacks on victims and increase conversion.
"The robot says: "Your card in this bank is blocked, call us back at this number”. When the victim calls back, allegedly the bank's security officers answer, ” explained Artem Gavrichenkov, technical director of Qrator Labs. He added that scammers make up to hundreds of calls a day using such robots.
Fraudsters also use fake IP telephony service numbers, bulk SMS sending services and messages in Messengers on behalf of the Bank, said Sergei Nikitin, deputy head of the Group-IB computer forensics laboratory.
The fraudsters in this case used "reverse social engineering", said Alexey Drozd, head of the information security department at SerchInform. In such cases, the victim calls the attackers.
Andrey Zaikin, Head of Information Security at CROC, explained that people are not used to the use of robots by scammers, this increases the credibility of hackers.
The technology also makes the attack cheaper, adds Mikhail Kondrashin, technical Director of Trend Micro in Russia and the CIS. A robot is a simple software for auto-calling, notes Mr. Zaikin. Developers of voice platforms usually do not charge a fee for creating such a bot, and the average cost of a call is 2.5–3.5 rubles ($0.3-$0.4) per minute.
Previously, many fake call centers operated from prisons, but recently, according to Group-IB, most are organized outside and sometimes even abroad. According to experts, international cooperation at the state level is necessary to neutralize them.
In autumn, experts recorded mass registration of domain names with the names of well-known brands in the .RU zone
Specialists at Infosecurity, a Softline company, recorded mass domain registration in Runet with the name of well-known brands and the ending –off, which can be used for sales.
As an example, the company cited the domain names familiya-off.ru, detskiy-mir-off.ru, tele2-off.ru, rosneft-off.ru and citilink-off.ru. According to the head of the Infosecurity special server Sergey Trukhachev, on October 20, the Ethic threat detection service detected the registration of 192 such domains. All of them are registered through the same Russian structure with servers at ISPIRIA Networks Ltd, located in Belize (Central America). As Trukhachev noted, the company is often used for hosting malicious sites.
At the end of September, the appearance of hundreds of similar domains in Runet was noticed by SearchInform. According to Alexey Drodd, head of the company's information security department, it’s about very diverse brands (furniture companies, clothing stores, jewelry stores, mobile retail).
According to Kirill Kirillov, co-founder of BrandMonitor, domains with the names of major brands are registered every day, and the earnings of scammers depend on the method of monetization. For example, according to Kirillov, counterfeit dealers can earn 3-10 million rubles ($39,000 - $117,000) annually.
Such a site can be blocked in a day if it is obvious that it is phishing or distributes malicious software. There are also cases when it is technically impossible to block access to a resource: if their servers are located in a country where hosting providers do not block sites (for example, in Belize).
The companies surveyed said they monitor domain registrations with similar names and fight them when signs of fraud appear.