The letter from the Central Bank states that the hacker attacks were prepared at a very high level, and those who committed them are well versed in the remote banking system and the peculiarities of processing payments, RIA Novosti agency notes.
In particular, the letter mentions a case when a fraudster managed to log into the bank's mobile application using a legal username and password, and then put it into debug mode to study the order and structure of calls to the remote banking software interface.
“Knowing all the necessary parameters of API requests, the attacker generates an order for the transfer of funds, indicating the victim's account in the field “Sender's account number”, - the letter from the Central Bank says. Banks were recommended to conduct appropriate checks of the applied remote banking systems and establish increased control over them.
Back in 2019, the Central Bank created a working group, which included representatives of retail banks, to prepare materials informing Russians about ways to counter fraudsters who are increasingly using social engineering methods in the financial sector.