Cyber attacks coming from everywhere. A series on the scams that are now driving society
Pandemics, energy crises, war. Societal problems that affect everyone's lives often inspire hackers. Organised groups often use them to come up with ever more convincing narratives of their scams, targeting vulnerable populations. What do current attacks look like? Here is a multi-part series on the most common types of scams you may encounter.
Episode 1
The Fake Banker
Scenario
Your phone rings. The caller first introduces himself as a bank employee and starts claiming that he is registering a loan application in your name in the bank's system. Before doing so, he makes sure he is really calling a person with your name, reinforcing the impression that he has actually looked up the phone number and contact in the company database.
At this point, most potential victims of fraud inform the caller that they have not applied for any loan. The would-be banker will then ask you which bank company you have an account with, and that they will pass on information about your application to both your bank and the police. He will then terminate the call. A short while later, you will hear from another person calling from a different telephone number, who will introduce himself as an employee of the bank you are actually with. He will say that the call is secret, recorded and tries to give the impression that you are in a serious situation.
He then informs you that the Czech Police have already been contacted and that your personal account may have been hacked. And since the suspicion at that moment falls on someone directly from your bank, this eliminates the possibility of talking to another employee of your bank. The reasoning is that he or she has been tasked with communicating with you about the problem. To rebuild trust in you, he will probably confirm with you the real address where you actually live now or have lived in the past. As with the initial approach on your behalf, this again gives the impression that the fraudster has access to your data.
[.infobox][.infobox-heading]How is it possible for a fake banker to know your name and address?[.infobox-heading]Hackers can get access to this information either by cracking weak account passwords on social media, e-commerce or other web platforms, or as a result of leaked databases due to a lack of security at the company that stores it about you. Lists of names with email and home address can then even appear for download online.[.infobox]
At this stage, the second call usually ends and a third person calls you back. The person introduces themselves as a police officer and tries to arrange a meeting with you at the station, saying that you need to choose a date 14 days in advance. Again, he will tell you the address of the actual police station to attend.
During this communication, the fake bank advisor will advise you to send your funds to a secure anti-abuse account, which they will direct you straight to via a QR code. Or, they will advise you to take out the highest possible loan from your bank to prevent the fraudster from withdrawing money from your account or applying for another loan approval on your behalf.
Finally, the attacker prompts the victim to transfer all of their funds and deposit them in increments into a cryptocurrency wallet up to a limit of 24,000, which is the maximum amount that can be deposited into a Bitcoinm (cryptocurrency ATM) in one lump sum.
[.infobox][.infobox-heading]Spoofing[.infobox-heading]How is it possible that you see a number on your phone screen that the person is not actually calling from? The cause is called spoofing, where scammers use masking services to make it look like the person they are calling or texting is the person they are claiming to be. Spoofing often occurs in combination with vishing - telephone scams, and phishing - scams through emails and other messages. However, if you call the spoofed number back, you'll usually get through to the real owner, and you'll quickly find out whether or not they really called you.[.infobox]
Tip: If you get an urgent call from your bank asking you to perform a transaction or give them your account passwords, chances are it's a scam. Banks do not communicate with their customers in this way and have an official and secure process for dealing with requests. Therefore, we recommend that you end the call if you receive such a call and first check that the caller is genuine - for example, by calling your bank's information line to find out if it was a member of staff who actually called you.
What can banks do to prevent these frauds?
In addition to internal monitoring, working with the police could be one way to increase banks' ability to detect these types of attacks early and prevent reputational damage.
In terms of preventive measures, we recommend that banks continuously communicate to their employees and clients the current threats in the area of cyber security. To do this, it is advisable to create a knowledge-base internally regarding all cyber-attacks known to exist. Such a knowledge-base should include the typical course of an attack, what specifically happened, who the fraudsters targeted and how. In fact, the principles of cyber-attacks remain very similar in principle.
However, part of building awareness of current threats should also include vigilance training, for example in the form of online campaigns, TV spots that inform about new attacks. At present, however, the number of prevention campaigns is such that there is a risk that both employees and bank customers will pass on emails with information about current risks and not pay enough attention to them. This is why we need to share effectively and quickly.