Fraud in Telebank and Alfa-Click systems
Already about 2 months, customers of the online systems Telebank (VTB24 Bank) and Alfa-Click (Alfa Bank) are at risk of becoming (and are) victims of fraud. Unfortunately, we have become one.
In short, the virus (or the trojan, I don’t know) modifies the hosts file by adding the following lines to it:
The user, trying to log into the Telebank system, gets to the site of the attackers. There he is shown a page with the entrance to the site, very similar to the main one (almost identical). The user enters a username and password, as well as a variable code from the card. He is shown an error message on the server, and please try again in a few minutes. Thus, fraudsters recognize the username and password, as well as several variable codes, with their help they log into the system, transfer money to another account and then to a plastic card, then quickly cash out at the ATM. If a person doubts whether to re-enter the password, then after a while a “bank employee” calls him and says that the problem with the system is resolved and you can try to log in again. Also sms come that the system has been restored, try again.
On the computer from which they tried to log in, there was a licensed DrWeb antivirus, it was automatically updated whenever necessary.
This story in the end with a happy ending - the bank returned the money.
Although it is strange, there are already many cases of this kind of fraud, and the bank has not done anything in the security system.
1. Be careful, it’s better to check the hosts yourself if you see such symptoms - “system failure, try again”. Do not do this, even if the support says you can try again.
2. Log in only from trusted computers and over the https protocol.
3. Close the overdraft on the card. And then if all the same, money is somehow stolen from you and the bank still decides not to return it, then you can get into such minuses that after the theft they will still have to return the overdraft to the bank, and for a limited time.
That's all. Forewarned is forearmed. Who wants to read the fraud history in more detail: www.banki.ru/services/responses/bank/?responseID=2410229
In short, the virus (or the trojan, I don’t know) modifies the hosts file by adding the following lines to it:
77.78.239.138 www.telebank.ru
77.78.239.138 telebank.ru
77.78.239.138 www.alfabank.ru
77.78.239.138 alfabank.ru
77.78.239.138 click.alfabank.ru
77.78.239.138 www.click.alfabank.ruThe user, trying to log into the Telebank system, gets to the site of the attackers. There he is shown a page with the entrance to the site, very similar to the main one (almost identical). The user enters a username and password, as well as a variable code from the card. He is shown an error message on the server, and please try again in a few minutes. Thus, fraudsters recognize the username and password, as well as several variable codes, with their help they log into the system, transfer money to another account and then to a plastic card, then quickly cash out at the ATM. If a person doubts whether to re-enter the password, then after a while a “bank employee” calls him and says that the problem with the system is resolved and you can try to log in again. Also sms come that the system has been restored, try again.
On the computer from which they tried to log in, there was a licensed DrWeb antivirus, it was automatically updated whenever necessary.
This story in the end with a happy ending - the bank returned the money.
Although it is strange, there are already many cases of this kind of fraud, and the bank has not done anything in the security system.
Morality
1. Be careful, it’s better to check the hosts yourself if you see such symptoms - “system failure, try again”. Do not do this, even if the support says you can try again.
2. Log in only from trusted computers and over the https protocol.
3. Close the overdraft on the card. And then if all the same, money is somehow stolen from you and the bank still decides not to return it, then you can get into such minuses that after the theft they will still have to return the overdraft to the bank, and for a limited time.
That's all. Forewarned is forearmed. Who wants to read the fraud history in more detail: www.banki.ru/services/responses/bank/?responseID=2410229