Savvy users divert money from banks by rounding currency during conversion
Computer security specialists from the company Positive Technologies have revealed a scheme of fraud , which this year began to actively use to generate income, some users of the Internet bank and mobile bank.
Description, briefly (for Alfa-Bank, see comments ):
According to experts, especially persistent users earn up to 15,000 rubles per month in this way.
Positive Technologies explains that this fraud scheme is called “rounding attack” and has been known for a long time, since the advent of online games. In Russia, it was actively used in 2016, using the vulnerabilities of remote banking service systems.
According to the company, 25% of Internet banking and mobile banking systems of Russian banks (Internet and mobile banks) are subject to rounding attacks.
“If 10–50 thousand rubles are stolen from a bank within a month, then this fact most likely will not be disclosed,” said Timur Yunusov, a senior expert at the security systems department at Positive Technologies. “Banks will disclose information on embezzlement and leakage only when they steal money from customers or if the hacker attack“ bankrupts ”(this is about millions of thefts).”
Representatives of the banking industry, on condition of anonymity, shared information that there is a less labor-intensive fraud scheme when a client creates a request for an exchange, then waits for a change in the course to a profitable direction, and only after that confirms the old application with a password. Since the application was created at the old rate, it changes according to the old rate.
Description, briefly (for Alfa-Bank, see comments ):
1. The Internet Bank user transfers, relatively speaking, 29 kopecks into dollars. If the rate of this currency is 65 rubles, then the amount of 29 kopecks corresponds to $ 0.004461.
2. When converting, the bank rounds the amount to two decimal places, that is, to $ 0.01.
3. The fraudster transfers 1 US cent back into rubles. As a result of the transfer, he will receive 0.65 rubles (65 kopecks).
4. The net profit from the operation is 0.36 rubles (36 kopecks).
According to experts, especially persistent users earn up to 15,000 rubles per month in this way.
Positive Technologies explains that this fraud scheme is called “rounding attack” and has been known for a long time, since the advent of online games. In Russia, it was actively used in 2016, using the vulnerabilities of remote banking service systems.
According to the company, 25% of Internet banking and mobile banking systems of Russian banks (Internet and mobile banks) are subject to rounding attacks.
“If 10–50 thousand rubles are stolen from a bank within a month, then this fact most likely will not be disclosed,” said Timur Yunusov, a senior expert at the security systems department at Positive Technologies. “Banks will disclose information on embezzlement and leakage only when they steal money from customers or if the hacker attack“ bankrupts ”(this is about millions of thefts).”
Representatives of the banking industry, on condition of anonymity, shared information that there is a less labor-intensive fraud scheme when a client creates a request for an exchange, then waits for a change in the course to a profitable direction, and only after that confirms the old application with a password. Since the application was created at the old rate, it changes according to the old rate.