The criminals use the same phone numbers for various attacks on Russian citizens and infrastructure. Traces lead to Ukraine. Last weekend, a telephone terrorist “mined” the capital’s shopping and entertainment center using the number of a Russian legal entity, around the same days, hundreds of fraudulent calls with different legends were made from his number. What technical means are used by Ukrainian call centers and why it is not possible to quickly block the threat – Izvestia found out.
Code in boots
Russian police have become accustomed to numerous false reports about the threat of a terrorist attack – one of the shopping centers in the south of Moscow has undergone another “mining”. After checking and confirming the falsity of the signal, law enforcement officers established the number used by the attackers. It turned out that this code has been on the black list for several months already – they call citizens from it in order to steal funds. Izvestia studied the legends used by the callers.
Most often, the interlocutor introduced himself as a police officer or security officer of various banks. In one case, the caller is called Lieutenant Litvinenko or Sokolov, in another – a representative of the Central Bank, in the third – the security service of well-known financial institutions in Russia, in the fourth – the technical support of Gosuslug. As a rule, a criminal tries to mislead a person: allegedly they tried to withdraw money from his account or they are trying to get a loan in his name.
Another scenario is an extortion attempt under the pretext “you made a transfer to Ukraine.” The least common scheme of deception is associated with “State Services”: a potential victim is called on a messenger, and the logo of the official service is on the avatar. They try to convince a person that the attackers are trying to block his account with passport data (TIN, SNILS, etc.) or change the mobile phone number linked to the page. To prevent the operation, you need to provide the code from the SMS as confirmation.
The number of numbers from which scammers call Russians is steadily growing. According to the data of the Bank of Russia for the third quarter of 2022, their number has increased by more than 30 times.
And according to VTB, in 2022 alone, there were 7.8 million cases of fraud faced by bank customers, which is almost four times higher than in 2021.
Information – from the report of the Foundation for the Support of Victims of Crime for 2022.
How it works
In the process of such calls, attackers use number spoofing – Caller ID spoofing, explains Alexander Vurasko, an expert in the direction of Solar JSOC special services at RTK-Solar.
“The problem is that, due to the technical limitations of communication networks, there are simply no truly effective methods to counter number spoofing,” says the Izvestia interlocutor.
Despite the fact that Russian telecom operators have implemented anti-fraud systems that make it almost impossible to spoof numbers in their networks, if the number was spoofed before the call arrived on the Russian operator’s network, it becomes much more difficult to trace such a substitution, Alexander Vurasko explains.
– Attackers often choose arbitrary numbers for substitution, but sometimes they gravitate towards any specific phones. Most likely, this is simply due to the reluctance to change the replacement number after each call, the expert clarifies.
Not a number, but a decoration
Situations often arise when the victims call the owners of the numbers, addressing them with claims. But real subscribers most often are not related to any criminal schemes, they themselves suffer reputational risks due to scammers who discredit their contact information.
In March, the Lipetsk police warned citizens that scammers could be calling from spoof numbers and described a feature of the deception scheme that is actively gaining popularity. First, they call on behalf of bank employees, but if a person suspects something is wrong and hangs up, they call him back on behalf of the security forces, and the real number of the local unit is displayed. The pseudo-police officer confirms the veracity of the words of a bank employee or intimidates with criminal prosecution “for disrupting the operation to catch fraudsters.”
According to Izvestia’s source, call-centers from where calls to Russia are made are located mostly in Ukraine. More and more attacks are carried out from the territory of Poland.
– Behind such actions are the special services, the same TsIPSO and their colleagues from unfriendly countries that do not cooperate with Russia in the fight against crime. Such technologically serious structures and numerous operators cannot exist on their own. These are full-fledged criminal enterprises,” the specialist says.
Boxing with them
Meanwhile, large centers have numerous imitators in Ukraine who work “for their own pocket”.
- If we take another kind of fraud, in particular, the deception according to the legend “your grandson made an accident”, then coordination was carried out from the territory of the Zaporozhye region, which is currently controlled by Kyiv. We encountered such a fact after the detention of an underage courier who was supposed to take cash from the victim. The criminals are looking for accomplices in social networks,” the source said.
Small criminal groups, as a rule, do not have the technical capabilities to change the number (this requires investment and special knowledge), so they use disposable SIM cards or ip-telephony.
- Fraudsters not only from Ukraine, but also Russian ones are actively using the so-called SIM-boxes (or SIM-banks), which help criminal call centers mislead people. They mask international calls, turning them into local ones. This, by the way, is detrimental to telecom operators. Unfortunately, such equipment is relatively freely sold even on official trading floors,” the expert added.
One of the latest trends is the use of Georgian numbers with the code 995, as lawyer Ivan Solovyov spoke about. This combination of numbers is similar to Russian ones.
Security Skills
Svetlana Aleksakhina, Senior Lecturer at the Faculty of Information Technology at Synergy University, notes that today fraudsters widely use communication technologies such as chatbots, fake a person’s voice and use deepfake technology (that is, they carefully think through a trap for a specific person).
If you received a call and were told that your relative, friend or acquaintance had an accident, was in the hospital, supposedly something bad happened to him, you need to call the person in question. Perhaps this is really an accident or a person just got into an unpleasant situation. In any case, you should not panic, the interlocutor recommended.
