Theft of deposits from businesses and households via the Internet continues with undiminished intensity. Following the activation of additional security measures by the banks in the online card transactions, the circuits turned to e-banking to increase their turnovers. This is particularly favorable at a time when the number of users of e-banking services has risen sharply.
Bank sources speak of organized gangs, several of which are based abroad and use "boats" in Greece to extort large sums of money from unsuspecting citizens. The same circles emphasize that "the experts saw the 600.000 new registrations, mainly inexperienced in the online deposit procedures, in the first months after the outbreak of the pandemic, as a first-class opportunity to expand their activities".
It is indicative that within nine months in 2021 the cases of fraud through e-banking increased sharply, with the total booty amounting to 40 million euros. That is, on average, every day between January and September, they made wings of the order of 150.000 euros. In relation to the corresponding period of 2020, the annual increase exceeds 500%.
The techniques
In any case, in order to complete a fraud, the participation of the victim is required in all cases. This is because in order for a transfer to take place, the following are required: the data for entering the e-banking and the confirmation of the transaction either through a one-time password or through notifications on the account holder's mobile phone.
The classic method for this type of scam is phishing. The perpetrators send a deceptive e-mail or even an SMS, informing the recipient that he must log in to his account by clicking on a specific link, presupposing a problem, e.g. that the card was blocked or his account was frozen.
If the victim clicks on the link, he enters a website that looks like his bank e-banking. If he enters the data there, they come to the knowledge of the perpetrators. The latter then ask the victims to reveal the one-time password sent to their mobile phone, in order to perform the transfer they want or to confirm the transaction through the notification in m-banking.
On the other hand, SIM Swap fraud combines phishing and gaining control over the victim's mobile phone. Specifically, they state to the telecommunications provider, pretending to be the victim, that they have lost their mobile phone and a new SIM card with the same number is issued. Thus, they immediately receive the SMS sent by the bank to its customer.
The ads
However, there are cases where the depositor himself, knowingly, sends money to the perpetrator, who has previously persuaded him to make the transfer, citing various reasons.
A typical example are product sales ads. The robbers deceive the potential buyers, who send the money, but never afterwards receive what they bought. At other times, unsuspecting citizens, as sellers, are convinced by the perpetrators that:
- Either they have already paid for the product they sold, mainly by showing them a fake remittance certificate.
- Or that they have inadvertently deposited a larger amount of money and demand the return of the difference.
In the latter case, the experts claim that when entering the amount, they "accidentally clicked" a zero above. E.g. instead of 800 euros they deposited 8.000. And in this case, to prove their claim, they send a fake receipt of money. If the victim believes them, he sends them the above money that the perpetrators allegedly deposited in his account.
Business scams
On the other hand, in the field of business, fraudsters, impersonating suppliers or generally the beneficiaries of a payment, send via e-mail to companies and freelancers fake or falsified invoices / payment orders to transfer money to bank accounts belonging to them.
Alternatively, the fraudsters ask for the payment beneficiary's bank account to be modified by pretending to be the business supplier. However, the new proposed account belongs to the fraudsters.
These deceptive e-mails are sent either from the actual email address of the supplier / principal, but which has previously been illegally hacked by fraudsters, or from someone else who has maliciously created them, usually with the difference of one letter or one digit. If the trick works, instead of transferring the money to the company's supplier, they end up in the perpetrators' account.
SOURCE: in.gr