Moreover, most archives only consist of no more than 1-2 thousand archives.
By 2021, the volume of offers for the sale of clients of these Russian banks on the darknet is reduced by half. RBC wrote about this with reference to information received from DLBI.
A downward trend in the total mass of bids for the sale of databases of clients of financial institutions is also noted in Kaspersky Lab. According to analysts, the number of such ads decreased by 30%. As a result, the indicator, according to Kaspersky Lab, returned to the 2018 level.
When calculating the data, experts take into account the offer to sell the client database of a new, previously unlisted financial institution. In total, in 2021, analysts found 20 such advertisements. The three databases, according to DLBI representatives, contain more than 100 thousand bank user records. Including, they contain the following information:
- Notes of those who wish to take out a loan at Sovcombank.
- Application of users who want to take a loan from the bank Dom.RF.
- Information about selected Sberbank clients who are members of the Sberbank Premier program.
Sberbank did not confirm the data leak. According to representatives of financial organizations, the entries in the database of fraudsters are nothing more than information collected about bank customers, who surf the internet. Sberbank argues that data containing commercial secrets cannot get into the hands of attackers.
Representatives of Sovcombank and Dom.RF., in turn, admitted that they had leaked client applications for loans.
In the remaining 17 databases, according to analysts, about 1-2 thousand records are presented. Allegedly, they could have been merged by employees of the bank’s regional office before changing jobs. DLBI believes that the database may be of interest to spammers.
At the same time, experts pay attention to the fact that on the darknet you can still find many offers for obtaining old archives.
Why scammers need databases of Russian banks
Information about financial institution clients is an important weapon in the hands of fraudsters who are focused on theft of money. Attackers use social engineering techniques to gain access to the assets of potential victims. This approach involves using information to induce alertness. Here’s an example of how it works:
- Fraudsters call potential victims and introduce themselves as bank employees. To confirm his involvement in a financial institution, he can mention in the speech information about the accounts of potential victims. For example, it could be the card number and the full name of the holder.
- A client of a financial institution, after hearing personal information, can believe that a bank representative is talking to him. In this case, the fraudster gets the opportunity to “pull” data from the potential victim which allows him to gain access to the money.
Recall that in early December 2021, the Central Bank came to the conclusion that they began to steal more from the clients of Russian banks. At the same time, representatives of the regulator drew attention to the fact that it is now rarer to compensate victims of fraudsters.