Cybercriminals use phishing tools in their work.
Fraudsters have found a way to bypass two-factor authentication, which is the confirmation of transactions via a code in an SMS message. Kommersant wrote about this with reference to information received from Kaspersky Lab.
Analysts draw attention to the fact that the scheme is aimed at deceiving users who know that it is impossible to reveal transaction confirmation codes from SMS messages to other people.
Scammers use phishing to get information. Here’s how it works, using a schematic example shared by the experts at Kaspersky Lab:
- Cybercriminals offer financial institution clients to extend MTPL. The message contains information about the car. Personalization of data helps fraudsters to sleep alert.
- To pay for OSAGO, potential victims are offered to follow the link. When you open it, the user is notified of the amount. To pay for it, the system offers to follow another link. On the new page of the client, the financial organization is asked to enter card details and confirm payment via the code that comes via SMS.
In fact, through the phishing site, potential victims confirm the transfer of funds to the scammer’s account. Similar schemes are used by cybercriminals to gain access to online store shoppers’ money.
See also: They began to steal more from the clients of Russian banks, but now they are less likely to succeed in compensating for losses
We will remind, beforehand, that VTB analysts came to the conclusion that in the second half of 2021, only 16% of Russians avoided meeting with scammers.