Masters of the divorce genre
“Breaking through” potential victims, conversation scenarios and tricks of telephone crooks from Ukrainian call centers
The original of this material
© moskvichmag.ru06/04/2023, How fraudulent call centers work, gutting the accounts of naive Muscovites
Luxurious blonde Katya did not answer immediately. Her Tinder profile immediately stated that the authors of stupid and empty messages, citizens who are not weighed down by intellect, and lovers of sending nudes with dikpics can not count on an answer. But 37-year-old Muscovite Nikolai carefully sidestepped these threats. He wrote softly, tactfully, with humor. A couple of days passed, and he, having sighed, began to correspond in other chats, when an optimistic message came from the beauty’s account: “And you are funny.”
The conversation ensued briskly. Despite the difference in age, they had common interests. Culture, art, literature. We quickly switched to telegram. We exchanged several photos. Nikolay felt euphoria: such a beauty and they have so much in common. By midnight, saying goodbye, Katya suddenly offered to go to the theater together. “I’m going this Saturday, I already bought a ticket. If you want, join, ”she wrote and threw off the link.
Nikolai followed the link: he had never heard the name of this theater. But it sounded solid. Something there “Academic” and “State”. I read the announcement of the performance obliquely, the main thing was not in the production. There were tickets, even in the same row where Katya would sit. Five thousand rubles. But you only need to buy one. He entered the card details without hesitation. But instead of a ticket, the system gave an error message. Nicholas repeated the operation. Again a mistake. He shrugged his shoulders and decided to postpone the purchase until the morning, when he saw two messages on the phone: the money from the account was safely debited both times. Nikolai suppressed an unpleasant feeling, so as not to spoil the mood before the date, and wrote in support. In the morning he was awakened by a call. The theater administrator apologized for the technical failure and offered to fill out a refund form. Yawning, Nikolay did it, filling in some fields on the screen and not hanging up. The phone vibrated – SMS came. Nicholas glanced at his smartphone. A push notification from the bank said that another 10 thousand were debited from the account. The “administrator” was saying something else, offering to perform the operation again. But Kolya understood everything. With bated breath, he opened a correspondence with a new lover: the flirting lines disappeared right before his eyes. “Katya, what about love?” Nikolai managed to write after him. “Account had been deleted” – neutrally told him the dialog box.
Nikolai managed to fall victim to an almost old-fashioned scam. His scenario was at the peak of popularity several years ago, when still naive and inexperienced cardholders of Russian banks were bred by their own compatriots from places not so remote. Fraudsters called directly from the cells of the pre-trial detention center or camp barracks. Sim cards were carried in their mouths by lawyers and visitors. The prison authorities turned a blind eye, and sometimes received a percentage of the business. But those blessed days are over. Shmons and checks, and most importantly, a chronic lack of normal conditions for office work, have left fraudulent prison call centers vulnerable to truly “toothy” competitors who have raised this business to unprecedented corporate heights.
The geopolitics of fraud
Phone fraud, which is carried out using social engineering methods, has become the fastest growing type of crime in Russia in recent years. For the second quarter of 2022 only, the Bank of Russia fixed 211,000 cases of money transfers made under the influence of fraudsters, totaling RUB 2.8 billion. However, the real picture of the financial losses of citizens as a result of the actions of fraudsters is many times larger. Ministry of Internal Affairs evaluates its 55 billion rubles a year, and independent experts – 150 billion a year. 90% of all cybercrime is social engineering, 94% of which is phone calls.
According to Sberbank, in 2022, fraudsters made 1.5 billion attempts to call bank customers in order to steal money. Over the past six months, only in Sberbank, such attempts have affected more than 65% of customers. Approximately 5 million calls are made per day report of Sber’s cybersecurity department. Phone fraud is almost exclusively a Russian disease. Of the 37 million calls analyzed by Sberbank experts, Russians accounted for almost 99%. The second-placed residents of Poland received only 380,000 calls, while Kazakhs received an order of magnitude fewer calls — 36,000 calls. German citizens, who previously ranked third in the vulnerability rating, have almost stopped complaining about phone fraud since July 2022. But if the epidemic of social engineering is raging in Russia, then its epicenter is in Moscow and the region, which account for about 40% of all registered cybercrime.
Russia’s national exclusivity has its reasons. According to the expert assessment of Sberbank specialists, up to 90% of call centers working against Russian citizens are located on the territory of Ukraine. Russia and all other countries account for no more than 10%. If Russia became an ideal victim of cyber scammers, then Ukraine has become their capital for obvious reasons. The difficult economic situation has created social prerequisites for this. Cultural closeness has also done its job: almost all Ukrainians speak Russian, especially in the south and east. The high level of crime and corruption has allowed groups of fraudsters to form into huge monopoly holdings that operate like an industrially organized assembly line. Finally, after the events of 2014, the law enforcement agencies of Russia and Ukraine practically broke off cooperation. This made cyber fraudsters practically unpunished: according to Ukrainian legislation, to initiate a criminal case under Art. 190 of the Criminal Code of Ukraine (“fraud”) without a statement from the victim is impossible, and the Russians simply cannot file it. According to an unspoken rule, scammers practically do not work against citizens of Ukraine, so as not to complicate relations with authorities on their territory. Citizens of countries other than Russia also enjoy relative immunity, not only because of the language barrier, but also because of the fear of Interpol.
Job search in Ukrainian cities via telegram instantly leads to such announcements. The conflict between countries serves not only as a moral alibi for call center employees, but also allows them to be used as one of the tools in subversive work, involving the interests of the army and special services in this industry. Selfish motives become inseparable from political ones. So, when trying to get such a “job” through telegrams, call center administrators directly and confidently write: “In any case, there will be no problems with our cops, 100%.” They invite you for an interview at the office.
Work days
February 7, 48-year-old Alexei from Ruza near Moscow called bank security officer. He convinced the man that his savings were at risk and needed to be protected by taking out a loan. Alexei went to the branch, where he issued a loan for 1.357 million rubles, after which he sent the amount to the scammer. However, the “bank employee” did not lag behind. He explained to Aleksey that in order to catch the scammers, you need to set fire to the Sberbank office, and even sent instructions on how to make a Molotov cocktail. A few hours later, Alexey went to the bank branch in Ruza and, having made sure that there were no people there, opened the door and threw the bottle into the corner. The fire was put out by real employees of the bank, and the victim of the fraudsters was taken away by the police.
In order to achieve such effectiveness of manipulation and force their victims not only to give away all their savings, but also to take loans, and sometimes even perform obviously criminal manipulations, fraudsters need a deep division of labor involving many specialists, from qualified programmers to professional psychologists. This is not an easy management task.
In the spring of 2022, one of the typical fraudulent call centers specializing in social engineering technologies was discovered in Berdyansk, occupied by Russian troops. When the employees of the Russian Guard realized what kind of office they were searching, they attracted Sberbank specialists. They managed to crack passwords on computers and analyzed 14 TB of information. This made it possible to restore the picture of the call center: its organized structure, channels for obtaining data on citizens of the Russian Federation, conversation scenarios, technologies used, etc.
Berdyansk call center worked for two years. But the development of the “business process”, the installation of the necessary software and the search for personnel made it possible to reach the design capacity only six months before the start of the NWO. Nevertheless, the total amount of only proven damage exceeds 300 million rubles. An inconspicuous one-story brick building without signs, with closed windows, bars, equipped with two video surveillance cameras, was located in the city center next to the building of the State Security Service at the Main Department of the Interior of Ukraine. For 100 sq. m of usable office space accommodated about 70 jobs: personal computers with a headset, bill counters, a safe for storing cash, a shredder for shredding documents. The neighboring building housed a hostel for out-of-town employees. Considering that people worked in shifts, the total number of employees reached 300 people who made about 5 thousand calls per day. The average salary of employees fluctuated in the range of 10-40 thousand hryvnia (25-100 thousand rubles). Some “specialists” could receive up to 2 thousand dollars.
The “business process” began with the purchase of a database of potential victims on the dark web. This was done by a specially trained employee. As a rule, databases of mobile operators, banks, online stores, etc. were bought. The cost of such databases is from 100 to 500 US dollars per 1000 lines. The information was a compilation from various leaks: CDEK, the Krasnoe&Beloe retail chain, Yandex Food, etc. The scammers collected most of the information about the clients of Alfa-Bank and VTB, a little less about the clients of Sberbank. Having systematized the data, the scam programmers formed a dossier on hundreds of people and passed it on to the next level – “breakthrough groups”, which collected additional information about each potential victim. Through social networks and specialized telegram bots, the “breakthrough group” tried to find out as much as possible about a person: the history of major purchases, the make and number of a car, the names of close relatives, place of work, diseases, etc.
After that, the dossier was sent to the ringers. Those were also divided into two categories according to the degree of qualification. First came the turn of the “cold call”, which was carried out by the least trained scammers. Their task was to establish contact with the “client” and find out data about his accounts and operations. Most often, cold-callers frightened people in standard ways: they told that fraudulent activities were taking place with their accounts or that their relatives (or themselves) were at risk of becoming defendants in criminal cases. Then the subscriber was handed over to the hands of “closers”, who presented themselves as employees of the bank’s Security Service or officers of the FSB or the police and convinced the client to make a transfer to a fraudulent account.
At the end of the cycle, the cashing service was turned on. Fraudsters used special dropper services, which cashed out the funds of the deceived Russians for 15–20% commission.
In a little over six months since July 2021, the Berdyansk office of scammers made 365,000 calls to 281,000 Russian phone numbers. Only in 49 thousand cases the conversation lasted more than one minute. 3.8 thousand conversations lasted more than 10 minutes. This figure roughly corresponds to the number of successful fraudulent transactions. That is, the efficiency of the call center was approximately 1% of the calls made. Most often, the victims of manipulation were women aged 30 to 39 years.
The fraudulent call center was a super lucrative venture. Its owners got 65% of the funds stolen from the victims: 20% went to commissions for cashing out and only 15% went to the salaries of ordinary employees. Renting a room, buying databases and training staff on the general background look like negligible expenses. For six months of full-fledged “work”, the organizers of the Berdyansk call center received at least $ 2-3 million in net profit. According to Sber experts, there are about 3 thousand such call centers throughout Ukraine (although Berdyansk was one of the largest). Together, they pump out of the Russians up to 1.5-2 billion dollars a year.
Scripts
First time scammers called 75-year-old Galina Mikhailovna in early December. The caller introduced himself first as an investigator, and then as a security officer of the Central Bank: “Galina Mikhailovna, they want to steal your money, so they need to be sent to a reserve account.” After several trips to the branches of different banks, the woman transferred about 2 million rubles to the scammers. However, the criminals did not lag behind. They were interested in the two-room apartment of Galina Mikhailovna. They convinced the woman that the scammers had pledged housing, and in order to keep the apartment, she urgently needed to sell it. But first, the pensioner had to undergo a psychiatric examination so that the deal would not fall through. Galina Mikhailovna was not embarrassed by anything, and, following the instructions of the scammers, she went for an examination to the “psycho-neurological dispensary No. 4”, where she successfully passed the examination. The sale deal was completed very quickly, after which Galina Mikhailovna gave 2 million in cash to the courier who was sent by the scammers, and then another 4 million to different bank accounts. In total, the pensioner gave the scammers more than 8 million rubles. And only then the woman remembered that the district police officer came to her and warned about various methods of fraud.
In the computers of the Berdyansk call center, Sber specialists found about 150 conversation scripts that were used to deceive citizens. These scripts can be grouped into three or four more general categories. Fraudsters prepared manuals for their staff to work with “difficult clients” and practiced possible questions and objections.
The two most common scenarios involve a call on behalf of the bank’s security team and on behalf of law enforcement. In the basic version, the “client” is told that his savings are at risk, and asked to be transferred to a “reserve account”. But options are possible. For example, sometimes “for security purposes” money is asked to be deposited through a payment terminal. Quite often, the victim is asked to take out a loan, for example, in order to “cancel” another one allegedly issued by scammers.
In recent months, criminals have begun to improve their methods in accordance with the spirit of the times. For example, people are frightened by the prospect of persecution for “aiding” an external enemy. EMERCOM officer from Moscow divorced by 1.5 million rubles, frightening that he and his wife are transferring money for Ukrainian troops. Artyom, 31, a senior inspector at the Russian Emergencies Ministry Academy, received a phone call in late January. The “Central Bank employee” at the other end of the phone stunned the emcheesnik by saying that several transactions allegedly went from his account, and the money went to Ukraine, to support the troops. Even worse, the same thing happened to his wife, and now the spouses face a criminal case and a long prison term. Then the matter remained small. After the “Central Bank officer” Artyom received a call from the “FSB officer” and persuaded the man to take out several loans and install a remote access program on his phone. In a few days, the inspector transferred 1.3 million rubles to the criminals. Only later, when the FSB and bankers began to persuade Artyom to take a new loan in order to avoid a criminal case, he guessed everything and went to the police.
Less commonly used are scenarios such as “trouble”, when the victim was frightened that one of her relatives had an accident or was arrested, and therefore urgently needs money to “resolve the issue”. In such cases, scammers even sometimes try to fake the voice of the person on whose behalf they are calling. This can be done using special programs if you have a voice sample.
Moscow pensioner Galina received an alarm call from an unknown number. At the other end was the son Dmitry, who said that he had an accident and now could become a defendant in a criminal case. Mom had to “throw money.” Galina scraped together 100 thousand rubles in the bins along with a thousand dollars, put them in a bag and, at the request of her “son”, threw him out of the window, where his friends were supposed to take the money. Fortunately, the package with money successfully caught on a tree branch at the level of the sixth floor, and meanwhile the pensioner called her son back, but at a normal number. Of course, everything was in order with Dmitry, no accident happened, and she was almost left without savings.
Fraud scripts can be singled out as a special genre, according to which the victim is offered to participate in a special operation of the special services or the police. A person feels like a super agent who helps to expose criminals. There are cases when such naive citizens lived a double life for months, skillfully hiding it from the closest people and enriching scammers. Recently, such scenarios have increasingly had a military-political flavor, when the victim is persuaded not so much to fight financial fraud as to save his homeland from enemy agents.
So, at the end of August 2022, Muscovite Elena Beglova became a participant in a “special operation” to catch Ukrainian spies. Fraudsters, who introduced themselves as counterintelligence officers, instructed her to take out a loan of 1 million rubles, as well as to “help the Russian military” by burning down the car of Deputy Chief of the General Staff Directorate Yevgeny Sekretarev, who works in the 8th Directorate of the General Staff and is responsible for military censorship. They explained to Elena that he was a resident of Ukrainian intelligence. A patriotic Muscovite doused the trunk of a car with gasoline and set it on fire. When the woman was detained, she spoke to her “curators” who asked her to shout pro-Ukrainian slogans. The misunderstanding was clarified only late at night at the police station, where Beglova was explained that she had committed arson in the interests of a completely different intelligence service. Meanwhile, the scammers called her daughter, claiming that her mother had been kidnapped and demanding a ransom of half a million rubles.
But Ukrainian scammers rarely use “love” scripts. Practice has shown that, unlike greed and adventure, love is financially inefficient. In addition, in order to hit the big jackpot in the love line, phone calls and correspondence, as a rule, are not enough. You need personal involvement. This is probably why love scenarios are left to the share of handicraft swindlers who pick up the crumbs from the table of an industrially organized machine of social engineering.
