How scammers withdraw money from a bank card via mobile banking

Fraudsters can transfer money from your card to theirs if they know the login and password for logging into Internet banking, and they must hold your phone in their hands in order to receive SMS confirmation of entry and transfer.

Another option: You lose your phone or give it to another person. He sends an SMS to number 900 (this is from Sberbank) with the text: “transfer phone number amount.” Phone number linked to someone else's card. In a second, the money is transferred, however, there are restrictions on the amount of transfer in this way - it seems, no more than 6,000.

There are quite a lot of cases with smartphones on Android and iOS, if you catch a virus, it somehow steals money in much the same way as I wrote above, only you won’t see it.

So, advice: do not give out your login and password for logging into Internet banking, do not give your phone to strangers, if you have lost your phone or card - immediately call Sberbank and block the card and do not use smartphones with unlicensed software.

If you have such a desire, it’s quite easy. To do this, a special SMS attack is organized on your phone to which the mobile bank is linked. As a result of about 20-30 attempts, your phone will give them the parameters of your mobile bank (at least this is true for Sberbank). Well, then it’s quite simple: If the amount on the account is more than 3,000 rubles, then part of the amount will be sent to another phone number (registered to a “dead soul”). In this case, SMS confirmation of payment is performed using a temporary dummy telecom operator account for your number (your real account is temporarily blocked for a couple of minutes). If the amount is less, then they can “forgive and let you go in peace.”

I don’t know the details, but in general this is how it all happens. Personally, I was charged a little more than 6,000 in two transactions. This was about two years ago.

Yes they can. Fraudsters are usually good psychologists and know how to process. There is a scheme when they call the phone number listed on Avito - a person is selling an item, for example, and powerful processing begins, and he himself says the password to the mobile bank and SMS confirmation codes.

There is also a scheme using a second SIM card, restored using false documents, or if criminals get the opportunity to temporarily use the real passport of the defrauded person.

They can withdraw money from your card through a mobile bank, but usually the victims themselves provide passwords to access the mobile bank. Fraudsters take advantage of their gullibility and learn this information directly from them.

Usually they send an SMS that the card is blocked and leave a phone number for contact. After the victim calls there, under the guise of unlocking, they will find out all the information, including one-time passwords, and withdraw some or all of the money.

Yes they can. Now in the modern world, with the rapid development of modern technologies, scammers also do not stand still and come up with various ways to take over other people’s information. Therefore, on the Internet you need to be careful, do not follow “wrong” links sent by someone unknown, and do not download third-party applications that cause you doubts. Do not give your bank card details to anyone.

Then everything will be fine.

In principle - they can. Therefore, precautions must be taken. Do not reveal secret passwords and codes to anyone, do not trust your documents to strangers, even for a short time; in short - do not be careless and imprudent, because this only benefits scammers.

Yes, it happens when fraudsters themselves log into a mobile bank and intercept passwords, after which they transfer money to other accounts. That’s why I never use the bank on my phone, my phone doesn’t have access to the Internet for passwords, I pay from my laptop, it’s more reliable.

Yes, if they get access to the phone to which the card is linked

Types of scams and fraud with payment cards - how to recognize fraud and not become a victim of fraudsters

Plastic cards have become a common way to store money. It would seem that your finances are reliably protected, because your credit card is always at hand, and you can only get cash or pay in a store if you know the PIN code. However, not everything is so smooth. Fraud with bank cards is gaining momentum, as fraudsters each time come up with new schemes and frauds, the purpose of which is to withdraw money from the card account. In order to avoid becoming a victim of thieves and protect your own savings, you need to know all kinds of data theft methods and options for protecting against them.

Types of fraud with bank cards

A bank card is almost a universal means in the financial world - wages are transferred to it, loans are issued, and payments are made with it at points of sale and on the Internet. If someone needs money on the other side of the world, they can also be transferred using a card. At the same time, the number of crimes related to the theft of funds from plastic is also growing. Most of them occur due to the inattention and excessive trust of credit card owners. There are many ways to steal money from a card, which are worth considering in more detail.

Via mobile banking

When installing third-party applications from the Internet, which require a card to be linked to work, you should be very careful. The fact is that the creators of the program specifically infect it with a virus, which, penetrating the smartphone, begins to work for scammers. It replaces the mobile banking window with a phishing one, that is, a fake one, and the phone owner enters his data there, suspecting nothing. The virus sends them to scammers, who then illegally gain access to the client’s card account.

In addition, the program can access client SMS notifications while working in the program. With their help, thieves, disguised as the owner of a debit card, can enter banking and steal money. The client may not suspect anything, since viruses block messages about cash withdrawals and money transfers that should arrive on the phone. It’s easy to avoid getting a Trojan on your phone - you only need to install licensed programs (including antivirus programs) and regularly check your account.

By phone

If a bank card was linked to the phone number, then the fraudster can take advantage of this situation. If a phone or SIM card is stolen/lost, criminals gain access to Internet banking and easily transfer all the money from the credit card. In addition, attackers can hack the site of a mobile operator. After that, they set up forwarding of all SMS messages of the user and use them to access mobile or Internet banking.

SMS fraud

The owner of the credit card receives a message on his cell phone that the card is blocked. To unlock it, it is suggested to make a call back to the operator of the financial institution at the number specified in the SMS. When making a phone call, the scammer introduces himself as an employee of the bank issuing the credit card and asks for secret information: the plastic number, the code word and the PIN code numbers supposedly necessary for unlocking. With the help of this data, it will not be difficult for a swindler to use sums of money from a card account.

Buying goods online is very popular because it helps you save a lot. Fraudsters can intercept data directly during payment, and then use bank card details to further withdraw money. You can avoid this by following simple rules:

• do not make large purchases through the World Wide Web;
• use a virtual card to pay;
• set a limit on one-time payments;
• use only trusted sites to make purchases;
• activate the Secure Code service.

Theft of a plastic card

Fraud with bank cards by stealing a credit card is common. If this is detected, you must urgently contact the operator and block the card or do it yourself through a mobile or Internet application. This is extremely important when the plastic only has a magnetic stripe. It is not possible to withdraw money without a PIN code, but paying in a store will not be difficult. It is more difficult to use cards with a chip or with contactless payment, because for any operations you will need to enter a secret password number.

Using fake ATMs

Attackers use various tricks just to take control of other people's finances. They can even make a pseudo ATM. It is installed in a crowded place so that as many people as possible can use it. By inserting a card into the device, a person sees information about the lack of cash or a system malfunction. Meanwhile, scammers get hold of all the information they need to withdraw money. A fake ATM may return the card, or may keep it. In this case, withdrawing money will be even easier, because you have the original and know the PIN code.

For payments via terminal

When shopping in a store, you should carefully monitor the cashiers who take the plastic into their hands to pay at the terminal. If a store employee swipes a bank card through the terminal twice, then the first time he does this to write off money, and the second time to remove information from the plastic card in order to withdraw money later. In addition, it can remember the cvv code and data on the front side, with the help of which it is easy to make purchases on the Internet.

How scammers withdraw money from a bank card

It’s easy to withdraw money with the help of the credit card owner. Known methods are used for this. The first of them is fraud with bank cards by sealing with tape the part of the ATM where the money comes from. The client inserts a card, enters a PIN code, hears the ATM counter, but does not receive money because the money dispenser does not open. In the second case, scammers make a special device from photographic film, which is inserted into the card reader - the ATM accepts the credit card, issues money, but does not return the card.

Ways to gain access to confidential information

It is much easier to obtain the necessary information contained on plastic than bank card users think. Fraud often occurs due to the fault of bank clients themselves due to negligence and inattention. Fraudsters can easily spy the secret code over the shoulder when the owner of a bank card pays in a store, withdraws cash from an ATM, etc.

In addition, there is a conspiracy between criminals and sellers who can provide fraudsters with information from customers’ payment cards. Sometimes scammers negotiate with bank employees. They tell them to which address the credit card ordered by mail will arrive, which the thieves intercept and withdraw cash. A common method is to infect mobile devices with Trojans, which steal data when a bank card holder makes payments online.

Progress does not stand still. The same can be said about credit card scams. If earlier fraud with bank cards was limited to sealing the cash withdrawal compartment and stealing plastic, then in the modern world fraud has moved to a new level. Now new contactless technologies and the Internet are coming to the “aid” of attackers, although the carelessness of users plays a big role here too.

A call from bank employees to the service number

Recently, facts of fraud with Sberbank bank cards have become known. To do this, scammers use the organization’s service number, because this is technologically possible. The victim of the scam receives an SMS from number 900 with a request to transfer a certain amount of money. To do this, you must send the code contained in the message in response, or the operation will take place automatically in 600 seconds.

After some time, a call is heard from the official number of Sberbank (8-800-555-5550), where a person, identifying himself as a security specialist at a banking institution, asks the client to send a response SMS, where to indicate the code, space and the phrase “cancel transfer”. After sending the message, the money, as well as the Sberbank employee, disappear without a trace.

Launching a virus program in ATMs and terminals

This type of fraud is new to the Russian financial market and it affects not owners of salary and credit cards, but ATMs. The essence of the fraudulent scheme is that money dispensing devices are infected with a special Trojan virus, which gives attackers the opportunity to withdraw cash from an ATM by entering a special code on the keyboard. This phenomenon was encountered for the first time in the spring of 2017.

Contactless readers with Paypass technology

Using a payment card with PayPass contactless payment technology allows you to make payments in an amount of no more than 1000 rubles without entering a PIN code. Criminals take advantage of this opportunity because to carry out the transaction, they only need to touch the portable terminal to the bag or clothing where the credit card is located. It is not difficult to carry out such a fraud, especially in places with large crowds of people.

Common Fraud Schemes

Every year the number of so-called “lotions” increases. Criminals use both technical tricks in their scams, in the form of special overlays, inserts, cameras, and intangible means. The methods of fraud with bank cards and the methods used can be so simple that at first the owners of the plastic card do not even understand that they are trying to deceive them.

Skimming personal data from a card

A method of theft that is gradually becoming a thing of the past due to the introduction of chip cards, but nevertheless has not lost its relevance. It consists of installing a special skimmer device in place of the ATM card reader, from which it is very difficult to distinguish it externally. The bank client inserts the plastic card, and the attackers copy all the necessary information from the magnetic stripe of the card to make a duplicate. The PIN code is obtained in two ways - by installing a special overlay on the ATM keyboard or by installing a miniature video camera.

One type of skimming is skimming. This is an improved option, since instead of an overhead device, a thin board is placed in the card reader. Subsequently, she reads all the necessary information from the card. Criminals use skimming not only in ATMs, but also in stores or cafes. In this case, a portable device is used - a manual skimmer.

Subsequently, thieves produce copies of bank credit cards, on which information from the stolen plastic is applied. After fraudsters have counterfeited bank cards, withdrawing money from them or paying in a store will not be difficult, since the confirmation codes are known. In order to avoid becoming a victim of skimming, you should try not to withdraw money from ATMs located in remote and dimly lit places, because such devices are easiest to equip with readers. At retail outlets, it is advisable to pay by credit card yourself, and not hand it over to someone else.

Email and non-electronic phishing

“Catching with a bait” - this is how you can translate this type of theft. Its essence lies in the fact that a message is sent to the victim’s email from fraudulent sites or phone number asking for credit card details. This could be a promotion from a payment system or bank, but you should understand that all this is a scam, since not a single banking organization will send out such offers in order to “fish out” the client’s personal data.

Vishing

The type of fraud is similar to the above phishing with the only difference that in order to obtain the data of the owner of the plastic card, telephone communication is used, and the conversation can take place either in an automated mode - using an answering machine, or directly with the so-called operator of a banking institution. Attackers, under any pretext, try to find out information about a credit card, secret code and client data.

A buyer may call if the owner of the credit card posted information about the sale of an expensive item on a popular classifieds website. Under the pretext that the transport company that will pick up the goods requires the seller’s full personal data, and he himself needs information from the card in order to transfer money, he lures out all the necessary information, after which he disappears, and with him the funds from the account.

Creating a fake online store

Thieves have long moved into the virtual space just to steal the money of gullible buyers. For this purpose, online stores are being created that offer goods at bargain prices so that as many buyers as possible would want to purchase them. Payment for the purchase is proposed to be made using bank plastic. The goal of the scammers is to obtain data from customers’ cards, including the cvv code, and then use it to independently pay on the Internet.

Double debiting from the account

This type can most likely be attributed not to malicious intent, but to technical errors that arose on the part of the processing center, which processes all payment transactions on bank cards, or the issuing bank. In addition, double debiting of funds can be attributed to the inexperience of the seller or problems with the payment terminal at the point of sale itself. It is impossible to avoid such actions, but it is easy to notice them in time - to do this you need to activate the SMS notification service. If you discover an incident, you must immediately notify the bank that issued the credit card.

How to protect your card from fraudsters

Before inserting plastic into the ATM, you need to make sure that there are no suspicious linings on the surface - as a rule, they differ in color and type. For owners of credit cards with contactless payment methods, it is recommended to set a minimum credit limit when paying without a PIN code or cancel it altogether. Additionally, you can minimize risks by placing the card in a radio-shielded wallet (to do this you just need to put foil inside), a metal box or a foil bag.

Under no circumstances should you give your credit card into the hands of third parties, much less provide your PIN code, because this is secret information that is available only to the card owner, even bank employees do not know it, because it is generated automatically. You should not make payments in response to SMS messages and emails coming from unknown sources. In case of any suspicion or unauthorized debiting of funds from the balance, you need to call the bank and block it.

Where to go if money is stolen from your card

The first thing to do if money is written off without the owner’s knowledge is to call the banking institution at the number indicated on the back of the plastic. They should report the disappearance of funds from the card account and follow all instructions. After this, you need to come to the nearest police station and write a statement.

Is it possible to get my money back?

If the client is completely sure that he did not make any unauthorized transactions using the card (you need to make sure that relatives are not involved in this), you need to write an application to the bank for a refund. If the bank refuses, you can safely go to court. It is extremely difficult to return missing funds, especially if transactions require entering a PIN code, but such cases are known. It is easier to return money if there is a hacker attack on the bank or a large number of citizens have been affected.

Legal liability for fraud

The Criminal Code (Article 159.3) recognizes fraud with bank cards as a crime for which the perpetrators are held accountable in accordance with the law. According to the code, the crime is punishable by a fine, arrest, correctional labor or restriction of freedom. Monetary compensation, the number of hours of forced labor or the time of arrest directly depend on the amount stolen, whether the crime was committed independently or by an organized group.

A new type of bank card fraud

Every year there are more and more owners of plastic media. Clients receive salaries, open accounts, take out loans. For more convenient use of the account, a bank card is opened. With its help, you can quickly withdraw money, complete a transaction, or receive a transfer. However, a new type of fraud is forcing bank card users to be more vigilant.

New types of fraud

The security system of financial institutions is at a high level. Most fraudulent transactions are successful due to the inattention or gullibility of clients. You need to know the card account security rules and take the funds stored in the bank seriously.

A new type of fraud with bank cards is aimed primarily at inattentive customers.

Attackers are actively using the power of the Internet to deceive citizens. Not falling into their hands and returning the stolen money is the main problem of many users of plastic media. Even in the event of financial theft, the client has the opportunity to return it.

With bank cards via mobile banking

One of the most common options today. When installing another application from the Internet (from an unverified manufacturer), the user can infect the phone system with a virus.

A new type of fraud with Sberbank bank cards is dangerous for another reason. Through the mobile bank, the malicious program will gain full access to the client’s SMS notifications. It is capable of showing a one-time code to scammers to ensure they log in as a client. In addition, the virus blocks notifications to your phone about withdrawals or transfers of money. The client may find out about this too late.

What do we have to do:

• Do not install suspicious applications on a phone that is linked to a bank card from Sberbank or another bank. This simple recommendation can save you from theft of funds;
• Use a licensed antivirus. If you try to introduce a Trojan into the system, this program will be able to block it;
• Check your account more often. A client who sees that money has been withdrawn without his knowledge can contact the bank. There is a chance to get your money back within two weeks after the operation. The new type of fraud is quite dangerous. You need to take the security of your bank card more seriously. The bank is doing everything possible, and it is almost impossible to hack their servers. That's why scammers engage in this type of money theft.

A virus on your phone can block Mobile Bank messages about withdrawing or transferring funds from a card

However, that's not all. Attackers have several other tricks in their arsenal. A similar scheme can be implemented not only through a mobile bank, but also through a personal computer.

With a Sberbank card via phone

There are several options for implementing such a scam. In some cases, this is much more dangerous than fraud with bank cards through mobile banking. The most common schemes:

• The easiest way. The client receives an SMS message stating that the plastic card is blocked. To unlock, the user is asked to call the specified number. The person on the other side introduces himself as a bank employee and requires personal information: word code, card number, secret code. Having provided the fraudster with this information, the citizen will be surprised at how quickly the money will disappear from the account. Under no circumstances should such information be given;
• Phone/SIM card theft. A common method. This is enough for attackers to steal money. A client whose phone or SIM card has disappeared needs to block the card as quickly as possible. Phone fraud allows thieves to act quickly. It is also worth remembering that a number that a person does not use for a long time/stops using at all will, over time, be handed over by the operator to another citizen;
• One of the most difficult scenarios to implement: fraudsters hack a user on a mobile operator’s website. This is much easier than performing a similar procedure with the bank’s website. Having received personal data through redirection, attackers can withdraw all funds to another account and later cash them out at an ATM.

If fraudsters have stolen funds from your Sberbank card, it is important not to miss the moment and take action

Based on all of the above, it is worth noting an important thing: the new type of fraud with bank cards via telephone does not give the client the opportunity to obtain information about what is happening with his account. The money can be returned, the plastic can be blocked. But if the user does not know anything about withdrawing funds and understands this only after some time, then it will be much more difficult to return them.

How to fight and what to do

• Do not download/install questionable content (pirated);
• Do not disclose confidential information even to bank employees;
• It is strongly recommended not to click on suspicious links that may be sent from an unknown person via SMS/email;
• Immediately block the plastic in any convenient way if fraud is suspected;
• Check your account more often.

Conclusion

This approach will significantly protect money stored in a financial institution. A new type of bank card fraud is dangerous. You always need to remain vigilant.

1000 and 1 way to steal money from a Sberbank card: what bank clients need to know

Keeping money in Sberbank seems to be the most reliable option, while the Central Bank closes several banks every day. The Green Elephant will certainly not be deprived of its license. But often the Green Elephant turns out to be more dangerous than the Green Snake, and his clients are left with zeroed accounts. If a bank’s license is revoked, you receive up to 1.4 million from the DIA; if fraudsters withdraw money from your Sberbank accounts, the chances are 50 to 50.

My grandfather’s pension was withdrawn even before he received a debit card, and a young mother who was selling a stroller on Avito had all her money withdrawn from her deposit. In times of crisis, the theft of money from Sberbank accounts becomes widespread. Let's see how money is most often withdrawn, who is to blame for this - Sberbank, clients or cunning scammers. What you need to do to avoid becoming a victim of criminals, and also where to run if money is rapidly flying out of your account.

Skimming - more and more sophisticated

Skimmers are reading devices that fraudsters install on ATMs to then create a duplicate card and withdraw money from it. In addition to a duplicate magnetic stripe, scammers seek to obtain a PIN code, most often using a microscopic camera. However, even without a PIN code, card data can be used to withdraw funds from it.

“I was at work when I received a message that my Visa card was blocked. I immediately called Sberbank and they told me that the card was blocked due to possible fraudulent activities. Of course, I went to the bank, wrote an application for reissue and calmed down. I learned about the disappearance of funds 2 days later, when I discovered that a significant amount of 149,000 rubles had appeared on the Momentum card, which I managed to withdraw, the scammers closed the deposit on the savings book, and Sberbank withdrew its commission of 9434.62 for early termination of the deposit agreement " Manage" and transferred 413,286.44 to the Momentum card, the scammers withdrew 3,000 rubles 5 times, then 100,000 rubles, 150,000 rubles - a total of 265,000 rubles were withdrawn. "

Why are more stolen from Sberbank clients?

A large number of ATMs and clients leads to them becoming victims of fraud more often, but there are other objective reasons.

It would seem that the chip on the card should protect against skimmers, because it is more difficult to copy. All cards in Russia are equipped with chips, but not all ATMs read them. In most Sberbank ATMs, you can withdraw money from a duplicate card without a chip. Even if it is not possible to withdraw money, using a duplicate card, fraudsters can connect their phone number to a mobile bank, gain access to Internet banking and one-time passwords to confirm transactions.

Cases of skimming have become more frequent recently and clients of all banks are becoming victims. However, access to the Sberbnka card gives access to all client accounts and allows you not only to reset the card, but also to withdraw money from the deposit, savings book and credit card.

How to protect yourself from skimming?

• Choose ATMs at a bank branch, rather than in a dark corner of a store or on the street.
• Inspect the card reader and keyboard and refuse the operation if something is loose, traces of glue are visible, or the appearance of the ATM is suspicious.
• Cover the keyboard with your hand when entering your PIN code.
• Read the article on how to identify an ATM with a skimmer.
• At the first suspicion that the card is compromised, call the bank and block the card.

What to do if your money is stolen?

If the money has already been stolen, after blocking the card, it’s quicker to run to the bank and write a statement.

Will the money be returned?

In most cases, Sberbank returns money if you become a victim of skimmers, and you still have the original card. The main thing is to submit a request for a refund immediately. But keep in mind that the actual return period may take from 45 days to six months.

Phishing and social engineering

A classic example of phishing is when you receive an email from a bank, click on a link and end up on a completely different website that is very similar to the bank’s website. The login and password are immediately transferred to the attackers, and the money flows into their pockets. Substitution of the Internet banking login page can occur if your computer or smartphone is infected with viruses.

However, today's Sberbank clients suffer more not from hackers who create fake pages, but from those who cunningly lure out data to access the Internet bank. For example, you may receive an SMS about your card being blocked. You call via SMS, and a scammer picks up the phone and asks you to enter a one-time password to confirm your identity.

Another common situation: a buyer from Avito wants to send you an advance payment to a Sberbank card. You provide the card number and its expiration date, after a while the buyer calls back and asks for the code from SMS, citing various reasons - the money went to the wrong place, he withdrew instead of sending it and wants to return it...

"I decided to log into Sberbank Online, but I couldn’t log in, because Sberbank apologized for the technical work and promised to resume work in the near future. At 13.30 I logged into Sberbank Online again. This time everything was fine, I received I entered an SMS about successful login, but a window opened asking for my personal data (due to a failure in the bank’s security system), because everything happened on the official website of Sberbank. And then something started. A window with a request opened cancel the operation (I was sent an SMS with a password to cancel). I wanted to call Sberbank, but a man called me, introduced himself as an employee of Sberbank and said that there was a failure and I needed to follow the instructions appearing on the screen and in the SMS messages. Since one corresponded to the other , I entered the password to cancel the operation. The window fell out again, an SMS came again, this was repeated three more times. Unable to bear it, I left Sberbank Online, tried to log in again, but could not. Then I called the bank employee who called me, but he the phone was locked. I checked the phone number with the Sberbank phone number, and it turned out that it differs from the Sberbank phone number in one digit. Sberbank has a zero after six fives, but here at the beginning. I got through to Sberbank and then they killed me on the spot. ABOUT 700 THOUSAND RUBLES LEFT FROM MY CARD!”

Why does this happen more often at Sberbank?

A large number of clients who did not choose the bank themselves are pensioners, salary clients. Often these people are not very technically savvy, which means they are easier to confuse in order to get the information they need. But there is another reason.

Knowing the card number and the phone number to which it is linked, you can register with Sberbank Online again - the fraudster can only receive the codes from SMS. You can create a payment template and withdraw money using it without SMS confirmation. What is especially dangerous is that through Sberbank online, scammers gain access to all accounts, not just card ones.

How to avoid getting scammed?

To avoid becoming a victim of scammers, you need to be very careful and suspicious:

• When logging into the Internet bank, pay attention to the correct spelling of the site address and a secure connection - https://online.sberbank.ru/
• If, when logging into the Internet bank, you are required to enter something other than a login and password/one-time password, this is not the Sberbank website.
• Do not share SMS codes with anyone, no matter what they say on the other end of the line. Sberbank never requires codes to cancel or annul a transaction - there is simply no such option.
• Do not share your card number with strangers, and never tell anyone the expiration date - to send a transfer from card to card, you do not need its expiration date.
• If you receive a call from Sberbank, tense up - it is your “privilege” to call the call center and wait on the line. Sberbank calls only if it wants to sell you something.

What to do?

Block the card, write a statement to the bank and the police.

Will the money be returned?

If you yourself provided the code from SMS to the attackers, then you gave them your consent to write it off. In this case, Sberbank will not return the money.

It is enough to know the card number

The card number, its expiration date and CVV code allow you to pay for purchases online and make money transfers through special services. The card number can be compromised, for example, when paying in a cafe, when the waiter took your card behind the bar to make a payment. People easily communicate Sberbank card numbers to each other to send transfers from card to card, for example, when making purchases on Avito, Hand to Hand or on forums. If you use an ATM with a skimmer installed (see the first point), your card data will also fall into the hands of criminals.

Knowing only the card number, attackers can determine its expiration date and make a purchase on some sites that do not require a CVV code (for example, Amazon.com); in addition, the code on the back of the card is not required to make small payments, for example, to pay for mobile phones communications. Quite a lot of money is spent on the telephone numbers of Beeline subscribers from Sberbank cards.

Most online stores accept payments via the 3D-secure protocol. In this case, the operation must be confirmed with a one-time password from SMS. But firstly, this is not required everywhere. Secondly, there have been a number of cases where attackers somehow obtained one-time passwords. Either the leak is on the bank's side or on the operator's side...

“My story is this: I wrote an advertisement for the sale of a baby stroller on a free website. Today a young man called and said that he was ready to buy this product, but would pay by transfer to a Sber card. He asked me to dictate my card number, luckily she gave me my husband’s card number , there was about 500 rubles. So they just said the card number, when an SMS came to my husband’s phone saying that the amount of 7 rubles 50 kopecks was withdrawn through RUS MOSCOW BEELINE MTOPUP. Naturally, I immediately guessed what was the matter, but after 15 seconds 100 rubles were gone, then again 200 and again 100. So we were left with 75 rubles on the card!”

Why is Sberbank more dangerous?

Sberbank clients suffer more often due to the fact that it is very convenient to transfer payments from card to Sberbank card without a commission using the card number. Via internet banking or ATM. Therefore, the card number is disclosed to each potential buyer.

How to keep card details private?

• Do not disclose your card number to third parties.
• Do not make purchases in suspicious online stores, so as not to compromise your number.
• Block the card if it is lost.
• Set limits on spending transactions on the Internet and a ban on payments abroad.

If the money was stolen

Write a statement to the bank and to the police.

Chances of return

If there was a transaction with 3D-secure, the bank will not voluntarily return the money. If not, most likely the decision will be in your favor.

Mobile banking is a black hole

Here we will talk only about Sberbank.

Sberbank's mobile banking package includes SMS notifications about all transactions plus the ability to send short commands to special numbers for making payments (for telephone payments, transfers from card to card, etc.). The Economy package only informs you about logging into Sberbank online, sends one-time passwords and also makes it possible to make payments via SMS, but with a higher commission. Connecting a mobile bank is a prerequisite for accessing remote banking services (to Internet banking, in other words). Another prerequisite is the presence of a card and the conclusion of a UDBO (universal banking service agreement), which links all your accounts and links them to a mobile phone number. This is where miracles begin.

Option 1

A different number may be associated with the mobile bank - completely different from the one indicated in the written application or differing from it by one digit. As a rule, here the employee’s mistake is accidental or intentional.

Having become the “happy owner” of someone’s mobile bank, a person can little by little withdraw money to his phone. And the account owner will not even suspect this, because he does not receive SMS.

It is possible that when you received the card, you did not write an application to connect to a mobile bank. But it was still connected to a number unknown to you, not without the participation of bank employees.

If there is written confirmation that the number turned out to be different, the money will be returned to you, but you will have to prove it.

It often happens that text messages came and came, and then suddenly they stopped. Program failure or? In any case, there is a reason to be wary and go to the bank.

Option 2

A second number can be linked to the mobile bank. You can connect the second number through an ATM, for example, using a copy of the card (see the first point). In this case, messages will no longer be sent to the first - main number.

Option 3

You changed your phone number or the operator transferred it to another subscriber, but you did not write an application to disconnect the old number and connect a new number. Or the employee accepted the request to disconnect, but forgot to press the key.

Perhaps you closed all your cards and lost your phone, and a year later you got a Sberbank card again. This is where the old number that you had already forgotten about surfaced. Withdrawing money through old numbers linked to a mobile bank is quite common.

Please note that when changing your phone number you need to write 2 statements! To disconnect the old and connect the new. Otherwise, up to 8 phone numbers can be linked to the mobile bank!

The sad news is that the bank will not return your money withdrawn this way. The only option is if you can prove that there was indeed an application for disconnection, but the employees did not disconnect the number.

Why does this happen more often to Sberbank clients?

SMS notifications and mobile banking are structured differently in different banks, but Sberbank clients suffer more often for several reasons:

• It is very easy to make payments for large amounts through mobile banking. You don't even need to know your card details.
• It’s hard to resist the temptation to withdraw money from someone else’s card if you’re bombarded with SMS messages day and night, even if you didn’t initially plan to rob someone.
• Employees receive bonuses for connecting additional services, so they also connect mobile banking to those who did not ask.
• Mobile banking is available to everyone, although it is mainly used by scammers.

New trend - SIM card replacement

Your SIM stops working, money disappears from your accounts, and then it turns out that someone received a new SIM card in one of the offices of Beeline, MTS or another operator...

Sometimes the attackers already have your passport data (the leak could be in a phone shop), card number (skimming) and access to Sberbank online, sometimes they use a mobile bank to withdraw through it what they can, then connect the Internet bank and withdraw rest.

Money is very quickly withdrawn through services for transferring from a card to a card of a third-party bank (the fraudster just needs to know the card number and select the expiration date), to a prepaid Kukuruza card (you need to know all the card details), to a Sberbank card (you need to have or restore login data Sberbank Online).

Interestingly, Sberbank blocks the card only the next day. Of course, there is a huge hole here on the side of cellular operators - they re-issue cards using fake passports, powers of attorney, pension certificates without an application, without an attempt to contact the real owner of the SIM card. And employees are often involved. But Sberbank is not without holes.

“They stole money from his wife’s card. It’s just like the same poor fellows: someone comes to the mobile operator and changes the SIM card to himself. Then the person loses contact with the bank while the attackers transfer the money to Kukuruza (in my case, to Novosibirsk). the next (.) day Sberbank sends an SMS that the account is blocked. But there is no money in it anymore. The login password, according to Sberbank, the attackers knew."

Why Sberbank?

• When replacing a SIM card, the phone number remains the same, but the IMSI code of the SIM card changes. By law, banks must track it, but this process works very crookedly - they block access to Sberbank Online for those who have not changed the SIM card, or block it 3 months after the replacement, and the number of frauds associated with replacing a SIM card is rapidly growing. There is an opinion that IMSI code checking is simply disabled in Sberbank, while it works great in a number of other banks.
• For some reason, the rapid withdrawal of funds from all accounts in several transactions does not arouse suspicion from the bank and does not lead to timely blocking of the card. This suggests that the anti-fraud system is working very poorly.

What to do?

The victim's procedure is standard - blocking the card, filing an application with the bank, and then, most likely, filing a lawsuit against the mobile operator and the bank.

Will the money be returned?

They rarely return voluntarily; the practice through the courts is contradictory. If fraudsters used your username and password to access your online bank, then the money most likely will not be returned.

How to return money withdrawn from your card by scammers

Fraudsters are an inventive people. Today they have worked out a fair number of ways to steal money from the accounts of bank card holders. Since theft from cards has acquired an impressive scope, we decided to pay attention to this problem and tell you how to return money withdrawn by fraudsters from a bank card.

Money was stolen - what to do?

Is it possible to return stolen money? Can. If there is a suspicion that any transactions were made with your card without your participation and funds were withdrawn, we recommend that you immediately take the following measures to get your money back:

• Immediately contact the bank using the toll-free number indicated on the card and request that it be blocked. You need to do this because to withdraw funds or pay for purchases, it is not at all necessary to know the PIN code and have the card itself in hand. A bank employee will tell you by phone about the balance on your card account and the latest actions with the card.

• If it is impossible to resolve all the issues over the phone, it would be best to personally contact the nearest office of your bank, where you can not only block the card, but also receive all the necessary information about the movement of money in your account.

• If your fears are confirmed and money has been debited from your account by fraudsters, submit an application to the bank with a request to investigate the suspicious transactions with the account and return the money withdrawn from the card. Receive a statement of your card account and attach it to your application.

• Since this is a criminal offense, it is necessary to file a statement about fraudulent activities and demand the return of the withdrawn money to the police department. The application is drawn up in two copies; your copy indicates the number under which it is registered with the police.

By completing these steps, you can expect the stolen money to be returned.

What you need to know

Now we’ll tell you in more detail what to expect in the process of investigating the fact that money has gone missing from your account.

Application-complaint to the bank. Before drawing it up, study the responsibilities of the bank and the client, that is, you, specified in the contract for servicing the card account.

When making a statement, try to describe what happened in as much detail as possible, emphasizing your innocence in the loss of funds from the card. The bank that issued the card will contact the credit institution that received the payment with a request to return the money withdrawn by the fraudsters.

The payee has three months to review this request before deciding to transfer the funds. During this time, the relevant departments of banks check transactions on the client’s account, and also check the reputation of the applicant and the person who received the money.

During the investigation process, it is possible that bank security officers may interview the applicant’s colleagues at the place of work, talk with the local police officer at the place of residence and ask questions to family members of the card holder.

This is completely justified, since the bank must exclude the involvement of the victim himself in the fraudulent actions committed.

When fraud is proven, the receiving bank is obliged to return the funds received back to the cardholder's account.

As written above, the correct thing to do would be to file a police report. Wanting to preserve your business reputation, bank employees will certainly try to dissuade you from this step.

Law enforcement agencies, checking the application, will take measures aimed at finding the criminals. According to established practice, when investigating cases of fraud with bank cards, the police and the bank security service work closely together.

Having come to the conclusion that the card holder was not involved in the loss of money from the account, the requirement to the acquiring bank to return the money withdrawn by the fraudsters to the client’s account becomes absolutely legal and the stolen funds are returned.

If the bank that received the money does not want to return it, the solution to the issue is to go to court. In this case, the materials of the investigation will become a weighty argument in favor of the plaintiff.

That's how I got 3,000 rubles when I linked my Sberbank bank card to the AVITO website, when I put up my ad in the search, paid 79 rubles, linked the card template to my personal account! After 3 days, 3 thousand rubles were debited from me, a message from a mobile bank with the name of the AVITO website! I called the bank, they blocked the card and suggested that I file a report with the police. In general, I didn’t bother with nonsense, which takes a lot of time and isn’t worth the money, I just re-issued a new card and that’s it! Be vigilant, citizens!

Friends! If you need to know about the loan, interest rates or what documents are needed, contact the bank. If you need to find out how to terminate a contract or how to return money withdrawn by scammers or what will happen if you don’t pay a loan, contact a lawyer. They definitely won’t give you such information here.

A very useful thing is messages on your phone when you receive any card transaction. This way you can react quickly.

You probably have to think with your head, the protection on the one hand is as simple as a Siberian felt boot, and on the other is impenetrable, the elementary 3d-secure (SMS confirmation), introduced now EVERYWHERE in my opinion, does not give scammers any chance, only human stupidity... only stupidity(

You yourself, Sergey, are a fool, today they stole three thousand of my Sberbank cards from Sberbank and SMS did not help!

Today they also stole 7680 rubles from my Sberbank card. I don’t know where to run.

First of all, you need to block the card so that tomorrow they won’t steal the same amount. Write a statement to the Bank, explaining everything and report it to the police. Wait, wait and wait! Maybe they will be caught..... Maybe the bank will have a conscience, giving our money to the crooks, and will return it to you and me...

I had this situation. Mobile banking was connected and RUB 5,000 was debited from the card. I contacted the bank, they found out that the payment was made all the way from Ecuador and after 10 days they returned the money to me.

I posted an ad on Avito. An SMS was sent to the phone number that they wanted to exchange my product for theirs with a link to the photo erakt.net I tried to follow it. Did not work out. The next day I discovered that money had been withdrawn from the card. I didn’t tell anyone the card number or any codes. No SMS from the mobile bank was received on the phone. Although it was withdrawn through mobile banking. And the details showed all these SMS. I always had my phone with me. Now how can I prove that I am not a camel?

And in the end did you get your money back?

So what's the bottom line? Did you get the money back from the bank?

Lyuba, I have exactly the same situation. I put the radio on Avito to sell. I receive an SMS. I offer an exchange with an additional payment. I decided to go to Avito, but I was asked to update the application. And on this day, 7890 rubles were withdrawn from the account. They turned off mobile banking. That day I blocked the card. I wrote a statement to the bank and the police. 4 days have passed. We found the place where Yoshkaral's money was transferred. I'm waiting for these scammers to be caught.

The most interesting thing is that the details were shown by SMS. Consequently, there are questions to the mobile operator, it turns out that the phone card was copied without your knowledge. So, if you are sure that it was not your loved ones who tried, unfortunately, such things happen, then go to the bank and write a statement about the theft. Just if you contact the police immediately. then the first question will be: did you contact the bank? And does not matter. what the bank will tell you. Nothing is new under the sun and you will surely find it when you are in the police. Surely it turns out that you are not the only victim of scammers. Agree, if the theft technology worked in one case, then it will certainly be repeated, which means the police will not be very surprised. They're probably already working on something like this.

I also have the same situation. SMS to phone, exchange with a surcharge from Avito with a link. And minus 4000 rubles

Wow, a couple of days ago I downloaded the bank’s mobile application on my phone - now I’m thinking about deleting it.

Do not tie the number to the card and live in peace!

I have the same situation - they took off 10 tr. via mobile banking. The details of the phone showed how codes were selected using SMS, but nothing was received on my phone. Probably the virus did its best. The bank refused to return the money, as well as contacting the police did nothing. They said that everything was done with my consent, i.e. confirmation from my cell phone. But I didn’t do that! So, I was robbed, there is no protection, no one cares!

They also took money from me. Have you been unable to return the money?

I’ll write but I don’t see any sense, the scammers took 10,000 from my Sberbank card, they told me that I need to contact the police, I know that I’ll get on my nerves and there will be no result. There are no rights in this country and nothing at all, only responsibilities

A similar thing happened today! if I may say so, only one thing saved me, there were only 1000 rubles on the card. but still an unpleasant aftertaste! I just wonder one thing, has anyone filed a police report? Of course, I understand that it was worked out so clearly that it won’t hurt your nose, but still!

Facebook

Twitter

In contact with

Classmates

Google+