Posted 15 февраля 2021,, 13:27

Published 15 февраля 2021,, 13:27

Modified 24 декабря 2022,, 22:38

Updated 24 декабря 2022,, 22:38

Central Bank announced a new fraudulent scheme

Central Bank announced a new fraudulent scheme

15 февраля 2021, 13:27
Фото: Медиахолдинг 1Mi
The Central Bank sent a letter to Russian banks warning about a fraud scheme, with the help of which cybercriminals can steal money from the accounts of legal entities through a mobile application.

The letter from the Central Bank states that the hacker attacks were prepared at a very high level, and those who committed them are well versed in the remote banking system and the peculiarities of processing payments, RIA Novosti agency notes.

In particular, the letter mentions a case when a fraudster managed to log into the bank's mobile application using a legal username and password, and then put it into debug mode to study the order and structure of calls to the remote banking software interface.

“Knowing all the necessary parameters of API requests, the attacker generates an order for the transfer of funds, indicating the victim's account in the field “Sender's account number”, - the letter from the Central Bank says. Banks were recommended to conduct appropriate checks of the applied remote banking systems and establish increased control over them.

Back in 2019, the Central Bank created a working group, which included representatives of retail banks, to prepare materials informing Russians about ways to counter fraudsters who are increasingly using social engineering methods in the financial sector.

"