The PrivatBank security service exposed a fraudulent scheme, as a result of which the employees of the Cybercrime Counteraction Department of the Cherkasy region, together with the investigative department of the police of the Cherkasy region, detained a group of malefactors who made payments in POS-terminals using compromised bank card data of citizens.
The illegal activity was organized by a 30-year-old resident of the city of Smela, who bought databases with compromised bank card data of citizens through instant messengers. Involving four more citizens in illegal activities, the attacker “linked” the bank data of the victims to payment systems and, using NFC technology, paid with them at POS terminals.
Thus, the attackers bought equipment, which they then resold. Also, in order to embezzle money from citizens, the group registered sole proprietorship for nominees, to obtain their own POS-terminals and make settlements using them. Thus, the attackers deceived citizens by more than 2 million hryvnia.
In the course of operational measures, the cyber police found that the “sellers” of compromised banking data received information through phishing. Fake links copied delivery services from ad sites. Currently, the identities of the attackers who distributed phishing links are being established by law enforcement officers.
Criminal proceedings have been opened under Part 3 of Art. 190 (Fraud), Part 2 of Art. 361 (Unauthorized intervention in the work of information (automated), electronic communication, information and communication systems, electronic communication networks) of the Criminal Code of Ukraine. Defendants can face up to eight years in prison.
PrivatBank recalled that the transfer of personal data to third parties, especially through open sources and unknown sites, poses a potential threat of using this data by fraudsters. Fraudsters steal money, passwords, secret card details and personal data through phishing sites. Therefore, you should use only official sites and channels for obtaining information, check the correctness of the names of the sites that you go to and enter your personal data.