MOSCOW, February 23 – RIA Novosti. Attackers use many ways to find out the personal data of potential victims: most often they get the names and phone numbers of Russians from security holes in companies or from their informants, from social networks of citizens, as well as through fraudulent sites, experts told RIA Novosti.
“Often a person can simply share their name and phone number, for example, on social networks. Such data can also be collected from data leaks,” says Sergey Golovanov, a leading expert at Kaspersky Lab.
Large companies take their cybersecurity seriously and rarely allow leaks, but they may have many contractors who do not always have the necessary resources to ensure security in the processing of personal data, the expert explains. “Moreover, leaks can come from small online stores or other services that ask customers for such information,” he added.
Fraudsters can get access to the personal data of the company's clients in another way – through “their person” inside. “Attackers are actively looking for insiders, including in banks, financial institutions, insurance companies, because their fraudulent schemes using personal data are now successful and effective. Criminal groups, including fraudulent call centers, can monetize this data using the opportunities on the theft and withdrawal of funds, “says Anastasia Barinova, deputy head of the Group-IB computer forensics laboratory.
Russians can also disclose their personal data by filling out a form on a phishing site, posting photographs of documents and bank cards on Internet resources.
Fraudsters often combine information about potential victims from several sources and use it to gain trust in people. However, personal information alone is not enough to conduct financial transactions on behalf of the victim. Therefore, under no circumstances should you disclose your bank card details or other confidential information to anyone, Golovanov concluded.