With false negative reviews
The press service of Tinkoff Bank reported that fraudsters began to apply social engineering methods not only to bank customers, but also to employees. They leave negative feedback to the bank in order to put pressure on employees and unblock funds transfers.
First, fraudsters use social engineering methods to convince bank customers to transfer their money to them, or gain access to their personal account to conduct the operation on their own. However, such money transfers have special characteristics, according to which the fraud monitoring service detects and blocks them to verify the legitimacy of the transaction. As a result, attackers cannot get money. To try to unlock the transfers, scammers have begun exploiting loopholes in site moderation that allow a review to be posted without verifying the identity of the author and where bank support teams actively communicate with customers. Fraudsters publish posts on VC.ru and Banki.ru on behalf of the clients themselves, and also convince the clients themselves to write reviews.
“Tinkoff” saved millions of rubles of clients and revealed the scheme
Fraudsters press on pity, insult the bank and mislead website readers in order to confuse the bank’s security service and support and convince them to quickly unblock the operation in order to steal the client’s money.
Security staff contacted real customers, who often confirmed that they did not write reviews. This made it possible to cancel the fraudulent transaction and save clients’ funds. In February-March, the volume of blocked transactions amounted to more than 3 million rubles.