Sber Bankone of the main banks in Russia and Eastern Europehas warned of a new type of scam that includes the use of a well-known feature of messaging applications to perpetrate the deceptionthe option to share screen with another account, so that from this account you can see everything that happens on the victim's device. This is an elaborate scam that includes the participation of two cybercriminals who contact her at different times, in this case, impersonating the Russian banking entity that has reported her.
The deception begins with creating an account in a messaging application, the media News.am that has echoed the news does not specify which ones have been used to impersonate the bank, with which the first scammer poses as a representative of the bank. To give more credibility to the deception, The account profile uses the bank's customer service number and its logo as an image.
In this call, the victim is asked if you have recently updated your bank app. If the answer is negative, the alleged employee tells you that a specialist will contact you to assist you in the update process.
That's when the second scammer contacts the victim from a different account which may even correspond to a different application than the one used in the first case, if that one does not have the screen sharing option. The purpose of receiving calls from different supposed employees is to convey the image that the bank is behind it and keep the victim disoriented, so that they are more likely to agree to follow the instructions given to them.
In this second call, you are informed that you must make a videocall to proceed with the biometric identification of the client and is asked to turn on screen sharing to connect to a course “robotic system for account diagnosis“.
Once the scammer is seeing what is happening on the victim's screen, they are asked that you enter in your bank application to proceed with the supposed update, assuring you that it is completely safe and that only the system sees what is on your screen.
It's a lie, of course, and in this way the scammer can see your access credentials, the victim's card numbers, your balance and the SMS codes you receive from the bank. With this information, the scammers can now fleece the victim, although they can also continue the scam by persuading the victim to transfer the money from her to a supposed “secure account“from which he will not return.
The Russian banking entity recommends that its clients never share the screen of your devices with a stranger through a video call and reminds them that the supposed robotic system for account diagnosis does not exist and is an invention of scammers.