- Don't share your username and password with a stranger
- Don't open files from unverified sources
- Don't go to sites that your computer's security considers suspicious
Informational materials on current methods of cybercrime and fraud committed with the use of ICTs for speech in the framework of educational and preventive work with citizens
Phishing (selling products on online platforms)
Phishing is a type of Internet fraud that aims to gain access to confidential user data — logins, passwords, and other personal information.
You place an ad for the sale of goods on the trading platform, after which the fraudster in the messenger introduces himself as a potential buyer of the goods and offers to make payment by transferring funds to your bank payment card, as well as offers to use delivery services.
When communicating, the fraudster may explain that in order to make a money transfer, your bank payment card must contain an amount equal to the transfer.If this amount is not available on your bank payment card, the fraudster will offer you to top up your balance. All this is done in order to steal as much money as possible.
If you agree to this payment method, the fraudster provides you with a link that prompts you to enter your bank payment card details (full card number, expiration date, CVV or CVCCODE). If you enter these details, you will receive an SMS notification with a confirmation code on your mobile phone, and then you will be sent to the following address: You will be asked to enter the received confirmation code on the site, thereby confirming the transfer of funds from your bank payment card to bank accounts controlled by fraudsters.
In order to avoid becoming a victim of cybercriminals, when making transactions on the Internet, you should:
- communicate with potential buyers or sellers only in the internal chat of the trading platform (often trading platforms block the possibility of switching to fake resources);
- when communicating with the user, you should go to their profile and pay attention to the creation date (if it was created several days ago, this should cause additional caution).
- you should refrain from making online payments related to prepayment and transfer of deposits for goods and services in favor of organizations and individuals in the absence of reliable data that these entities are the ones they claim to be;
- avoid clicking on unknown Internet links that are provided in the course of correspondence ostensibly to receive prepayment or arrange delivery. If you were sent such a link, then, regardless of who sent it, you should carefully check the domain name (resource address) before clicking on it. You can do this by searching the official website on the Internet and checking the spelling of the domain name. A single letter or character difference indicates that this is a link to a fake resource.
Remember! To receive a money transfer, you don't need to enter the card's expiration date and CVV code.
Phishing (payment for utilities)
In the Internet browser, you enter "payment for utilities" in the search bar, after which you are offered options for links, clicking on the first suggested link takes you to a site that looks similar to an Internet banking site. To log in to your personal account, you are asked to enter your username and password. After entering the specified data, you will receive a session key on your mobile phone, which you will also be prompted to enter on the site. After entering the session key, the site page freezes. At this point, scammers have already gained access to your personal account and are committing theft of funds available in your bank account.
Tips on how to avoid becoming a victim of phishing.
In order to avoid becoming a victim of cybercriminals, when making transactions on the Internet, you should:
- it is very attentive to any case when you need to enter your card details or information provided by the bank (sms code, login or password from Internet banking). The most reliable way to save your money is to not tell anyone your bank card details.
- to make online payments, you need to use only reliable payment services, making sure to check the resource's domain name in the browser's address bar.
Remember! To receive a money transfer, you don't need to enter the card's expiration date and CVV code.
Phishing (buying theater or movie tickets)
A young man meets a girl on the Internet. After chatting for some time in the messenger, the girl offers him to meet in reality, choosing a trip to the theater for the first date. The young man is not surprised that the girl offers to buy tickets not in the theater or through popular online booking services, but on the site to which she drops the link.
The guy follows a link to a site that looks similar to the official site of the theater of the city where the young man lives, then fills out a payment form, where he indicates the details of his bank payment card, as well as the confirmation code received by him on his mobile phone, and then money is stolen from him.
In order to avoid becoming a victim of cybercriminals, when making transactions on the Internet, you should:
Pay close attention to any case when you need to enter your card details or information provided by the bank. The most reliable way to save your money is to not tell anyone your bank card details.
- Use a separate bank card to make purchases on the Internet, which does not store funds and does not receive regular income in the form of wages, scholarships or pensions.
- Avoid clicking on unknown Internet links that are provided in the course of correspondence ostensibly to receive prepayment or arrange delivery. If you were sent such a link before clicking on it, carefully check the domain name (resource address). You can do this by searching the official website on the Internet and checking the spelling of the domain name.
- A single letter or character difference indicates that you are looking at a link to a fake resource.
Remember! To receive a money transfer, you don't need to enter the card's expiration date and CVV code.
Vishing
A stranger is calling you. The caller introduces himself / herself as an employee of the bank's contact center or security service, and may also introduce himself / herself as an employee of the Ministry of Internal Affairs of the Republic of Belarus.
The fraudster reports that "the bank has detected a suspicious transaction on your card" or "a request has been received for online loan processing in your name." At the same time, the fraudster may know your name, as well as the first or last 6 digits of your bank payment card. After that, the fraudster tries in every possible way to find out the full details of your bank payment card, your passport data, and the fraudster may also ask you to install applications such as"AnyDesk"or"RustDesk" (these applications allow fraudsters to remotely control your mobile device), allegedly to protect the mobile application of the bank that you use.
The caller informs you that the conversation is being recorded and no one should know about this conversation, otherwise you will be brought to criminal responsibility.
All this is done in order to intimidate a person and prevent them from performing actions outside the instructions of the fraudster.
Don't share your personal data, card details, security codes, or SMS codes with anyone! If fraudulent transactions actually occur with the card, the Bank itself can block it!
Employees of banking institutions, as well as police officers do not make calls via instant messengers.
Vishing
(Fraud when calling your home phone)
Special attention should be paid to cases of fraud under the pretext of providing assistance to relatives who allegedly became the perpetrators of a road traffic accident, and in order to compensate for damage or not bring them to justice, it is necessary to transfer a large amount of money.
In the course of communication, a person is convinced that he is talking to his close relative. After that, a "law enforcement representative" is connected, usually an "investigator", who specifies the victim's data and address, mobile phone number, and asks not to interrupt the phone call. During the conversation, the victim is persuaded to transfer money to the "assistant investigator", "lawyer". The courier receives the updated address and goes to collect the money. All this time, up to receiving confirmation from the courier about receiving money, the victim remains in touch with the criminals.
In most cases, the victims are elderly citizens.
Young people are involved in the criminal scheme as couriers. They find a dubious part-time job in one of the messengers.
Malefactors offer young men and women to take money from one person and transfer it to another, and for this they receive 5-15% of the amount of money that was transferred.
All couriers are the most vulnerable point of a criminal organization, while other participants are as anonymous as possible. After being detained, they usually provide assistance to law enforcement officers, and their awareness does not extend beyond the name (nickname) of the recruiter and curator in the messenger.
The youngest of the identified couriers was 15 years old, and the oldest was 56. On average, each person provides no more than 3-4 transmissions before being detained.
If you receive a call on behalf of a law enforcement official that a close relative or acquaintance has been involved in a traffic accident and they need to transfer any money to resolve the issue of not being held accountable and providing assistance, you must immediately stop the conversation and contact this relative. Law enforcement officers never call and ask for money to be transferred to help in such situations.
Don't panic, be vigilant. In order to protect yourself, your family and friends from such illegal actions, inform them about the methods of deception that have become known to you.
Remember that older people are most vulnerable to intruders, so to protect them from harm, take large amounts of money for a while, and also remind them of the danger every day.
Illegal turnover of payment methods
A large number of citizens, at the request of friends or for a monetary reward, open bank accounts in their name. When issuing bank payment cards that they are not going to use, and in violation of the terms of the agreement with the bank, they transfer their banking details to third parties. Malefactors use the cards transferred to their use to transfer, legalize and cash out funds that they received as a result of criminal activity. Thus, a person who opened a bank payment card in his name becomes an accomplice to a crime.
To open a bank account, you often don't even need to come to the bank — you can do everything online. Of particular concern is the fact that teenagers between the ages of 16 and 18 are involved in this criminal scheme, who are not even aware of the illegality of their actions. Using mobile applications of various banks, they open accounts, register electronic wallets, and then inform the attackers of all their data and banking details.
Often, teenagers, having received a reward, at the request of scammers, look for those among their friends who will agree to provide the same "service", receiving an additional fee for this.
For the production or sale of bank payment cards for the purpose of marketing, as well as for the illegal distribution of card details or authentication data committed out of mercenary motives, by deprivation of liberty for a term of up to six years.
The same actions committed repeatedly, either by an organized group or on a particularly large scale, are punishable by up to ten years ' imprisonment.
Fraud on crypto exchanges
With the massive introduction of cryptocurrencies into the financial system, the number of scams related to crypto exchanges has increased. Cybercriminals have become increasingly sophisticated in using new technologies to identify vulnerabilities and fraudulent schemes.
In social networks, you can increasingly notice ads for super-profitable investment projects.
As soon as a novice investor takes the bait, they are directed to a survey site from a" well-known bank " or to colorful one-page investment project sites. Most often, scammers offer those who want to get rich quickly to invest in cryptocurrencies or buy shares of well-known companies. Almost every project promises fantastic earnings - from 4000 to 100 thousand dollars a month. The task of the fraudster is to make the victim believe in the investment project, so that she left her contact details to contact the curator. After filling out the questionnaire, where the victim indicates their contact details, they are often contacted in the Telegram messenger by the same curator who will guide them throughout the entire project.
Having told during the conversation about a unique project, where supposedly a special program helps to earn money at auctions, the curator offers the user to register in the system and make a deposit, mostly from $ 200 to $ 300. If the client is in doubt, they may be advised to book a place in the project by making an advance payment, for example, in the amount of $ 100 through a popular cryptocurrency exchange. When connecting to the system in the "personal account", the future investor is shown successful trading results, the growth of his savings, but behind the beautiful figures there is a void-all these investment projects do not involve the withdrawal of funds, only crediting.
In some cases, the manager asks for bank card details (including secret codes sent to the mobile phone), with which the potential "participant" plans to make investments, and allegedly sends a request to the bank for approval of making a deposit. In fact, the money is simply debited from the account.
When the first amount is credited to the exchange, the program supposedly starts its activity to earn money, but there is no program, and scammers simply draw beautiful numbers that their client wants to see. In this regard, in most cases, the victim does not stop with one transfer of funds to his personal account of the exchange. The victim can spend several months investing their hard-earned money in a non-existent project before realizing that they have fallen for the bait of scammers.
Do not lose your vigilance and trust the promises of easy earnings in the network. Criminal schemes are being improved every day and before agreeing to invest your savings, carefully check the information about the selected Internet resource.
Fraud involving free prize draws and cash withdrawals
In various messengers, mainly such as "Viber", unknown people began to send out links with an invitation to participate in various sweepstakes and get free prizes or even cash. For example, scammers offer to take part in sweepstakes held by Belpochta or any mobile operator.
Allegedly, on behalf of RUE "Belpochta", scammers send messages in messengers about the draw and offer to pass a survey, for which the user will allegedly receive a monetary amount of 1000 Belarusian rubles. Please note that RUE Belpochta does not send out such messages and does not conduct such sweepstakes. We remind you that in no case do you need to click on unknown links, even if they were provided by your close relatives and enter the details of your bank payment cards, personal data, including the subscriber numbers used.
Carefully study the addresses of the sites you go to. Scammers often register similar domains to those of well-known organizations. Replace, for example .by to. cn or just any letter in the address bar.
Fraud on the Instagram network
People know that many owners of Instagram accounts get more views and followers, create fake stories, but for some reason they forget that scammers can do this too.
Let's look at a specific example of an account that sells clothing. When viewing your account, it doesn't raise any suspicions. A good description, a large number of subscribers, up-to-date stories containing reviews and reviews of the product being sold.
Let's analyze the signs that indicate that this account is fraudulent.
If you pay attention to the description of the fraudulent account, we will not find any information about the offline store where you can physically come and touch the product. Also, every self-respecting store has its own website, which is also always listed in the description. The site often contains information about the organization's legal address and contact phone numbers.
You should pay attention to the first published post on your account. If the first post was posted a few weeks ago, but when viewing the account information by clicking on its name, we find that the account was created several years ago, then this fact should cause suspicion. Also, when viewing further information, you should pay attention to the account's location, which is usually absent on fraudulent accounts.
At the same time, you should pay attention to the "Tags" section, if it is completely empty, this fact indicates that real customers have never marked this store in their publications, despite the fact that the account has a large number of subscribers.
One of the more obvious factors that the store is fraudulent is that when viewing the store's publications, we will not find any comments, and also that comments to publications are completely limited.
In the course of communication, the account administrator informs you that payment is made only by means of a bank payment card, at the same time provides a link supposedly for payment for goods, where you will be asked to enter the details of the bank payment card. In this case, you must immediately complete the correspondence, because in the course of further communication, the administrator will try in every possible way to justify this payment method and find there are many reasons why payments are made only in this order.
You can also check whether the store has offline points where you can physically get acquainted with the product, ask the seller for contact details or the legal address of the organization. Often, after a list of these questions, the administrator who conducts correspondence with you stops responding to messages.
You should especially pay attention to the fact that the peak of activity of cyber scammers falls on the pre-holiday days. For them, this is the most profitable time: dozens of people browse websites in search of the right gifts.
Avoid offers on Instagram about the sale of goods at "the most attractive prices", do not believe the catchy statements that this is supposedly a "secret sale" or "exclusive deliveries directly from the manufacturer", do not enter confidential data on suspicious sites.
People are really always interested in low-priced products or special offers. But don't fall for this trick on Instagram, where scammers are trying to play on your feelings and desire to save money.