Focus cards: fraudsters have come up with a scheme to cheat on tax deductions

A new fraud scheme with fictitious tax deductions has appeared in Russia, Izvestia has learned. On behalf of the Federal Tax Service, the victim is offered to open a new bank card to transfer refunds for taxes paid to it and provide its details. Subsequently, the card is offered to be replenished under various pretexts, after which funds are withdrawn from it. This is a fundamentally new technique on the part of scammers — trivial schemes stop working, and users are less likely to respond to direct calls to transfer money to "secure accounts," information security experts say.

Why are scammers asking for a bank card?

Scammers are complicating social engineering algorithms in order to disorient victims more, information security experts told Izvestia. Now, instead of immediately demanding to pay for something or transfer money to "secure accounts," they offer the potential victim to get a clean bank card, explained the Solar AURA digital threat center of the Solar company, part of Rostelecom. As an example, they cited one of the discovered and studied phishing sites offering to apply for a tax deduction.

— In order to receive it, victims are offered to fill out an application and submit it allegedly to the Federal Tax Service. If you click on the checkout button, the user is redirected to the website of one of the banks to order a separate bank card. Next, social engineering is used, and the development of the event may vary depending on the goals of the attackers. For example, the victim may be asked to pay a commission for the provision of a service," Solar notes.

Another option is that fraudsters can claim that the user has accounts that the attackers have access to, convince him to transfer all his funds to the new card and provide its details. After that, the criminals disappear with the money they receive, the company says. Ordering a card can be a distraction to dull the victim's vigilance, they believe.

Igor Bederov, Director of the T.Hunter Investigations Department, knows about such fraudsters' tricks. The attackers specifically complicate the scheme so that it does not resemble the already studied and monotonous methods of instant withdrawal of money.

— A person is asked to open an empty card, give its details and wait for money — everything seems to be safe. When they ask to transfer something to her later, the victim may simply not realize that she has already transferred the data necessary for theft, or even forget about it," he explains.

In one touch: theft of money due to attaching a card to a smartphone has become widespread

How do scammers write them off from "plastic" and how not to fall for deception

Another possible "plot twist" on the part of scammers pretending to be civil servants is a request to open a credit card for transferring deductions and other funds, Igor Bederov adds.

Users mostly get to phishing sites after seeing information on the Internet about supposedly mandatory tax deductions (in fact, fraudsters' ads) from mailing lists. Fraudsters broadcast a lot of such information on social networks and Telegram channels, Igor Bederov adds.

Information security experts note that scammers have begun to change their cover more and more often. They shuffle website themes literally every few days on the same domain, which is already a trend, Solar says. So, the website of the fake Federal Tax Service changed the "shell" a few days later and offered to receive not a tax deduction, but an additional payment from the Employment Center in the amount of up to 37,276 rubles. In this case, the victim is also asked to issue a Mir card and make any purchase at the outlet to activate it.

Izvestia sent requests to the Ministry of Internal Affairs, the Federal Tax Service, the Central Bank and the Ministry of Finance with a request to comment on information about new methods of fraud.

Why do attackers complicate schemes?

With the advent of self-imposed restrictions on loans and microloans, fraudsters are forced to look for workarounds to steal money, said Timofey Voronin, deputy director of the NTI Competence Center for Big Data Storage and Analysis at Moscow State University. The vector of fraudulent attacks has shifted to bank cards again, but the theft mechanism has been updated — now you need to create a new card, he argues.

— Making an additional card is one of the elements of the fraudulent scheme, which is necessary to lull vigilance. Such a deception scheme is designed to ensure that inattentive people will agree to make a card to receive cashback, tax deduction, etc., — Timofey Voronin points out.

This is really a new form of social engineering, in which attackers use more complex and thoughtful scenarios. Creating a "clean" card is a way to deceive the victim into a trusting relationship and force her to independently transfer tools to the attackers for further embezzlement of funds, said Ruslan Permyakov, deputy director of the NTI Competence Center "Technologies of Trusted Interaction".

— Judging by the growing number of complaints on social media, the scheme is being used more and more often. However, there are no official statistics directly highlighting this particular scheme yet — it falls into the broader category of "bank card fraud," the expert points out. "Trivial schemes stop working, a long—term information campaign to inform citizens is affecting.

Reverse token: Banks have started freezing transfers to virtual cards

Which transfers are blocked and will it help protect Russians from fraudsters?

Previously, scammers operated according to a primitive pattern — "transfer money urgently." Today, they build trust, imitate bureaucracy, and allegedly help arrange tax deductions, social benefits, or close "fake accounts." Creating a separate card becomes part of a ritual that makes what is happening "more real" and reduces the victim's vigilance, adds Ruslan Permyakov.

The scheme is overcomplicated and its individual elements are even more suspicious than elements of the most popular fraudulent algorithms, such as, for example, the algorithm with a "secure account," says Pavel Kuznetsov, Director of Strategic Alliances and Government Relations at the Garda Group of companies. The complication may be due to the attackers going through any options that have not yet managed to "become familiar" to a wide range of possible victims, he believes.

— The government and telecom operators are actively developing anti-fraud systems: both automated and "organizational" ones that allow for the rapid exchange of information between operators, banks and law enforcement agencies. There is hope that the phenomenon will be largely eradicated," Pavel Kuznetsov hopes.

Market participants remind that the government is taking a range of measures to combat online and telephone fraud.

— Firstly, information about the emergence of new criminal schemes and ways to combat them is published almost daily in the media, which helps to raise awareness among citizens. Secondly, banks will continue to develop algorithms to detect suspicious transactions. This measure makes it possible to stop the described fraudulent scheme. Thirdly, as part of the discussion of measures to combat dropers, a measure is being considered to limit the number of cards held by one person — in this case, such a measure could help," Timofey Voronin believes.

Moreover, the "trusted person" function, available in a number of banks, is an effective measure to counter fraud. It allows the user to add their trusted representative, for example, from among close relatives, who can block certain operations, the expert concludes.