A working scheme for withdrawing money from Sberbank credit cards through Beeline. Fraud.
I encountered an unpleasant situation this week. My wife's credit card was stolen. I figured out how to do it. I am writing to warn you about holes in Sberbank and Beeline . Whether these holes are random for diverting clients’ money or not, it’s up to you to decide.
So, the fraud scheme that still works:
1.Fraudsters collect ads on Avito with Beeline numbers (why Beeline specifically will be written later). Then they send a massive SMS to the victims with a text where they address them by the name taken on Avito and the words “I offer an exchange with an additional payment. Here is the photo: netint.ru/ru3.” Among the users of smart smartphones, there are a lot of not smart users at all, so a lot of people will click on the link without blinking. Of course, he posted an ad on Avito, and someone knows his name and is offering an exchange. After which the screen goes blank and a virus program is installed on the phone, which gains access to secret SMS sending and hides SMS from certain numbers, in particular from Sberbank and Beeline. You do not need to have the Mobile Banking program on your phone. That's it, the victim's phone is charged. Now comes the stage of settings in your Sberbank personal account.
2.Mobile banking is a connected service of Sberbank, which allows clients to make settings in their personal account. For example, such as: connecting automatic payment to a mobile phone, transferring money, paying for a phone, etc. Attention, to do this, scammers do not need “mobile banking” installed on your phone. You don't need to know your login, password, or temporary codes. None of this is needed! The Green Bank has already taken care of this. Moreover, the client may not even activate this service and may not even know about its existence! It is connected to a credit card by default. Maybe even write a statement to disconnect from the card. Sberbank, having disconnected the service from a debit card, will leave it connected to a credit card (not a debit card, for example, a salary card, but a personal credit card, with a set limit on a certain amount that it can borrow and spend). All that remains is to send an SMS with the text “AUTO 1000” to Sberbank number 900 from the infected phone. After that, in your account, for a credit card (specifically a credit card, not a debit card), Autopayment to a cell number will be installed, with the setting to top up the phone balance by 1000 rubles, when the balance drops below 600 rubles. That's it, the bank is charged. In turn, the bank will then respond to the client, we received an SMS command from you, we executed it. Moreover, the scammers may be lucky, and the automatic payment will debit money from the card in excess of the established limit for several days in a row. Well, you can get by with a limit of 3,000 rubles (proof https://data.sberbank.ru/bashkortostan/ru/person/dist_services/inner_mbank/?base=beta). and withdraw money until the loshok goes away. Security guards will not see anything suspicious with credit card transactions. Even if the amount written off will attract criminal charges under Article 158.
3.The third stage is the simplest. SMS messages are sent from a Beeline phone to short numbers free8464, 7878, 3116, bee900, etc. In detail, they are referred to as “Payment for mobile commerce services.” This is actually a paradise for scammers. You can get up to 15,000 rubles per day. conduct. Then the client will also be told: “Well, you are a loser, scammers stole your money!” A few years ago you connected, well, you’re a loser, this service has not been working for a long time.”
4The application to the Ministry of Internal Affairs is accepted, but, according to them, the case is closed after 30 days. Profit! Although no. I doubt that this will work for those who want to repeat this scheme by dissecting the virus apk file, changing the settings in order to gain access to the virus themselves, for one simple reason. It is unlikely that the professional security service of Sberbank will not notice suspicious movements on the card and will not react in any way, and the system settings will be so favorable to them that they will allow them to exceed the established daily limits for auto payments. Also, the Beeline security service will immediately detect new figures in its clearing.
Why is this scheme applicable specifically to the Sberbank-Beeline link: “The ability to connect automatic payment for an invoice issued by a telecom operator requires the presence of appropriate conditions in the agreement between the client and the telecom operator. Currently, activation of auto payment under the postpaid scheme is available only to Beeline subscribers.” proof: https://sberbank.ru/common/img/uploaded/files/pdf/mob_ruk2.pdf In the same place: “After some time, a message from the telecom operator will be sent to the connected subscriber number. If the application from the Bank to connect the service is successfully processed, an SMS message will be sent from the operator that the service has been successfully connected (Beeline, Tele2 and NSS); or a notification that the service will be connected after the refusal waiting period has expired (MTS, Megafon, BaikalWestcom)" This Sberbank-Beeline connection even runs a promotion "Bonus for auto payment" (proof https://www.sberbank.ru/common/img/uploaded/ promo/Bonus_za_avtoplatezh_Beeline.pdf). Well, isn't it cynicism?
More details. The virus hides incoming SMS from Beeline and Sberbank. But what’s interesting is that Beeline does not reflect incoming SMS from Sberbank about card transactions in detail. Although the Bank makes such SMS mandatory when debiting from a credit (not debit) card. In Beeline details, incoming SMS with a virus is not reflected.
This scheme has been operating successfully since at least last fall. According to information from friends who work at the bank, no one got their money back.
Well, I warned you. Now protect your wallets and phones as best you can.
Now the details of my case .
My wife is on maternity leave and has no money on her card, which is why she doesn’t check her balance. I went to Sberbank online to pay for my mobile phone and saw that it was from a credit card with a limit of 40 thousand rubles. a significant amount has disappeared. The money was withdrawn over 4 days. Stopped when antivirus was installed on the phone. An application has been submitted to the police department. Sberbank too. An answer came from Sberbank in which it reports that on the first day 2,946 rubles were debited to a cell phone account and autopayment was activated. And that in a period of four days, a total of 10,000 rubles were written off for auto payment. In fact, on the first day, 7,946 rubles were written off. on the second day 4000 rub. (with the official limit on transactions being 3,000 rubles. Thus, in the first two days there were debits from the card that exceeded the daily limits. In total, in 4 days, 16,946.00 rubles were written off (about which we have a card statement signed by Sberbank), and not 12946 rubles as written in Sberbank's response. That is, in its official response, with the assigned number, signature and blue seal, Sberbank is already deceiving with the numbers. There is an application in hand that was drawn up in the fall at the Sberbank office for disconnection, where the link to contract phone number and debit salary card number.But as I wrote above, the “default mobile bank” is forced to be linked to the credit card.
How to disable SMS from number 7878
For users of cellular communications from Beeline, the payment card provides the opportunity to transfer money from the balance of one mobile phone to another. The operation is performed by sending SMS messages to the number “7878”. This quick money transfer service is convenient, but can be used by scammers to steal money from subscribers. You can learn about the rules for using the number “7878” and how to protect against theft with its help in the presented article.
Danger level:
Interest in the number:
How to get money back from number 8464
If it does happen that an inexplicable loss of money from a mobile account is discovered, you need to try to remember if you received any annoying SMS message from number 8464, for example, with an offer to find out the most accurate weather forecast or check your watch with the London Observatory?
Wasn't the answer "yes" sent to him?
Or maybe, in the heat of Internet surfing, a phone number was entered to obtain a registration code on some little-known but attractive resource?
Services for checking the availability of paid services on the number 8464
In order not to speculate, you need to use the service (and every operator has one) to inform you about the availability of paid services tied to your number, including subscriptions to the number 8464
The most informative is access through the web interface of your personal account, and in the absence of the Internet or the desire to use it, the good old USSD request will help.
Megafon - *583#, Beeline - *110*09#, MTS will inform you about this by command *111*919#, TELE2 - *189#
If the acquired knowledge shows that there are subscriptions, and money is quickly debited from the account because of this, you should not hesitate. Using the same tools, you need to disable the subscription, and the debiting of money will stop.
This is done using your personal account and personal assistance services by calling the support service. The USSD commands indicated here will also allow you to select the desired command - “disable”.
Also, a quick cure for a paid subscription, when the user receives an SMS about activating this service, will be a response message consisting of the word stop (or STOP).
Refund of spent funds
Losing money on an unnecessary paid subscription, by accident, through negligence or ignorance, and even more so due to someone’s selfish intent, will certainly prompt the restoration of justice. I want to get back what I lost because of number 8464, but that’s the difficulty. As already mentioned, from the point of view of the operator, namely, we pay him, and it is to him we will go with a claim, the user himself, voluntarily, even if not consciously, but voluntarily committed actions that led to the activation of a paid subscription, and, as a result, to write off funds.
Beeline money transfer
The algorithm for using the number 7878 to top up the balance of another Beeline subscriber is simple, but requires care when entering data. It includes the following steps:
- Create a new SMS message.
- Enter in the SMS the text “bee”, a space “the phone number of the subscriber to whom you are sending funds”, a space “transfer amount”.
- Select 7878 as the recipient and send the message.
- Wait for the SMS confirmation to arrive.
- Send a message with a confirmation code.
In a similar way, you can top up the balance of subscribers of other cellular operators; you just need to indicate a different code at the beginning of the SMS:
- For Tele 2 – tele2;
- For MTS – mts;
- For Megafon - mgf.
To transfer funds from a telephone account to a MasterCard or Visa bank card, the algorithm of actions is similar, only the text of the SMS message differs. In it you need to indicate - “Master/Visa” space “card number” space “transfer amount”.
Number 7878 allows you to send money from a Beeline telephone account to a specified citizen of the Russian Federation using Unistream. The message must include the following information, separated by spaces:
- uni;
- Sender's full name;
- sender's passport details;
- Recipient's full name;
- transfer amount.
To make transfers to CIS countries, the “uni” code is changed to the entry of the corresponding state. You can find out the codes on the Beeline website.
Transactions using the number 7878 are not carried out free of charge; the amount of the commission can be clarified on the Beeline website.
How to protect yourself from scammers
There are several recommendations that, if followed, will help you avoid falling into the network of intruders:
- Do not dial any USSD commands on your phone at the request of people calling from unfamiliar numbers, even if they introduced themselves as employees of a cellular operator. To check the information, you should dial the official support service number of the provider and find out details about the imposed USSD request.
- In case of calls asking to return money transferred by mistake, suggest the victim to write a return application, since if the funds were actually transferred, the fraudster will submit it in any case.
- Do not click on links or call back the numbers contained in the SMS. Please note that scammers can use the numbers of your friends, since any phone can be hacked and infected with a virus. If you receive an SMS with questionable content from subscribers saved in your contacts list, call them and verify that the message was sent.
The number of methods of fraud using official services, including 7878, is constantly growing and it is almost impossible to keep abreast of them all, so you just need to follow the recommendations specified in the article. This will most likely protect your accounts from theft.
legislation
Is there any basis for such claims, strictly speaking? After all, at some point the user voluntarily performed some action that ensured his place as a victim in the chain (relative to the short number 8464). This is precisely the position that telecom operators adhere to when a subscriber, outraged by the loss of money, begins to search for the truth.
And this is called the federal law of July 23, 2013 N 229-FZ “On Amendments to the Federal Law “On Communications”.
In it, Article 2 of the Basic Law is supplemented with subclause 34.1, which defines what “content services” are.
The legislator made this definition as general as possible, practically fitting into it everything that is not the actual connection. Those. if the user using the phone and through the telecom operator’s channels receives, quote,
...reference, entertainment and (or) other additionally paid information...", gets the opportunity "... to participate in voting, games, competitions and similar events...,
Then he, the user, receives a content service. And it, in turn, being provided with the participation of third parties, falls under the addition of paragraph 5 of Article 44 of the Federal Law “On Communications”, which prescribes a mechanism for protecting the consumer by:
- firstly, the possibility of creating, at his request, a separate account to pay only for content services;
- secondly, the requirement to obtain explicit consent to receive such services;
- thirdly, about comprehensive information, including prices and names of suppliers, about these services before obtaining consent.
Another addition, established by 229-FZ, to paragraph 5 of Article 54 of the Basic Law, states that services provided in violation of any of the above are not subject to payment. And finally, Article 68 of the main communications law is supplemented by paragraph 8, which directly indicates the operator’s responsibility for the implementation of Article 44 (see above).
Let’s summarize the legislative information, projecting the rights and responsibilities spelled out in it onto the practical side of life.
If the user consciously wants to become a consumer of content services, then you can secure your account for paying for communications by declaring your intention to open a separate content account to cover the costs of mobile subscriptions and SMS from short numbers. If it is exhausted, funds intended for regular conversations and SMS will not be affected.
For telecom operators Beeline and TELE2, this action is automated and is carried out by sending a USSD request, *110*5062# and *160#, respectively. Sets of commands are also provided for replenishment and checking the balance.
Megafon and MTS require a personal appearance at the office and presentation of a passport, and one must understand that regardless of the method of expression of will, the very fact of opening an account confirms voluntary consent to receive content services, and strictly speaking makes it unnecessary to inform about the details (in including price) of the same mobile subscription.
Known scams with number 7878
There are several known ways to steal funds from Beeline subscriber accounts using the number 7878. The most common algorithm is the following:
- On Avito or another resource where users' contact information is indicated, scammers find a phone number and send an SMS to it with a lucrative offer - usually an exchange with an additional payment .
- The subscriber clicks on the link contained in the message, and thereby installs a virus on the phone, which gives attackers access to funds transfer services, payment for cellular communications, activation of automatic payments, and so on.
- Fraudsters send SMS messages to 7878 containing requests to transfer funds, and the subscriber may not immediately notice where the money is spent, since the details will show the costs of mobile commerce.
A special case of this type of fraud is the use of a mobile bank from Sberbank.
It will not be easy to recognize this method of stealing money, especially if a small amount is withdrawn per day.
Mobile subscription to number 8464
If it happened that money began to be debited from the account regularly, daily and in equal amounts, and the owner of the phone, it would seem, did nothing specifically for this, most likely a paid mobile subscription was issued to his number - read what this is below
Its essence is that the cellular user has somehow agreed to receive regular information for a fee, for example, you received an SMS on your phone from the above number with the text: “send SMS...”. At the same time, information such as: what kind of service, what kind of subscription, what kind of website, the cost of the subscription, how to delete a subscription or how to disable it is often not directly shown.
Someone, a partner of your operator, called a content provider in professional slang, supplies you with content for a fee:
- provides information
- provides a service by providing access to an online game, website, program, etc.
The operator finds himself on the sidelines, as he publicly warns on his website that yes, there is paid content, that it is provided by third-party organizations to which the operator itself has no connection.
No, except that he debits money from the subscriber’s account and he also provides the short number to the content provider.
In most cases, the short four-digit number 8464 is rented out by the mobile operator (Megafon, MTS, Beeline, Tele2), receiving a fee for it, and, as a rule, a percentage of the amounts paid by the owner of the phone in favor of the provider.
Remember all.
On Saturday morning, Murmurys received a call on his mobile phone.
I listen out of the corner of my ear and understand that the bazaar is absolutely crazy. I try to intervene a couple of times, but Murys won’t let me. But then he says, “I’m sick of this Bilayniy, talk to them yourself - maybe you’ll be able to understand what they want.”
At the same time, it should be noted that Murys constantly gets calls from Beeline - either they wrote off more money for services than necessary, or some other crap. They never called me, but they called her quite often. That's why she communicates with her interlocutor, and doesn't send him to hell.
So, I intercepted the conversation - a guy from Beeline, they had problems there at Beeline, they flew off. TARIFF PLANS, BILLING, and other bullshit. I’m not fully awake yet - but the autopilot does the first right thing - it makes the asshole on the other end of the line introduce himself.
The asshole reads the text so colorfully that it’s somehow impossible to doubt the authenticity of the character. Well, God bless you, you are a Beeline support engineer. What exactly do you want at such and such an early hour?
Again the song is about the fact that everything is broken and if we don’t fix everything urgently, the phone won’t work. To hell with you - let's fix it.
What follows is a lengthy verbal diarrhea, the main purpose of which is to get me to send a text message. The text of the SMS is strange, the number is even stranger.
The number from which the asshole is calling is completely left-handed - code 912 - what is this anyway.
I’m trying to clarify what we can fix with this SMS? The answer is to change the SMS center number.
Ok, I say, let's change it.
But Murys’s smartphone strongly resists this storm - if the phone was locked during a call, then only the dialer is available - other applications, including SMS, are inaccessible. And to unlock the phone, you must first end the conversation. I try several times and it doesn’t work. I'm overloaded - it doesn't help.
As a result, the asshole calls me back on my phone, which has no such problems, but by this moment the asshole has blown my mind so much that I completely wake up.
And I understand that all this is somehow wrong - the asshole is too persistent, although I clearly and repeatedly sent him with his technical problems - he persistently called back. In general, such problems are dealt with by the customer service, and not by technical support engineers.
Looks a lot like a divorce. I wonder what will happen next? Or maybe this isn’t a scam at all?
So, you need to send a strange SMS. I dynamite, ask stupid questions. I don’t see any crime yet, so I’m sending it. But I’m already at the computer and dialing the number to which I want to send an SMS. The picture that emerges is that the number is somehow strange.
At this moment, the thought comes to mind that it is impossible to change the SMS center number using SMS - this setting is changed in the subscriber’s phone.
The asshole, without giving time to think, says that he needs to send another SMS with the number 1 to a short number.
And then the autopilot turns on the stop valve.
I will never send 1 to a short number in my life. NEVER. Until I know exactly what I am agreeing to. It's taboo. Many years of communication with Beeline developed this habit and brought it to automaticity.
Fuck you, I'm sending an asshole in plain text. And then he screwed up. He raised his voice a little and began to put pressure on me.
If we do not complete the operation, the phone will not work in 15 minutes. Ha - surprised the hedgehog with his bare ass. I definitely have a dozen Beeline SIM cards and a couple of MTS SIM cards.
No, the bastard insists, we will call you anyway.
And at that moment I exploded. I poured such a choice curse on him that I had not uttered out loud for a very long time. I WILL CALL YOU TO COURT IF THERE IS THE SMALLEST PROBLEM WITH COMMUNICATIONS. AND I WILL PERSONALLY RIP YOUR ASSHOLE TO THE BRITISH FLAG, AS WELL AS ALL YOUR TECH SUPPORT.
While I was scrutinizing the phone, answers came - the number corresponded to the mobile payment service (number 8464) - I had never used it before, therefore the number was unknown. And I received an SMS on my phone with an explanation: I ordered a top-up of my Bee Wi-Fi account for 650 rubles. — do you confirm the payment or what?
I had no more strength to swear and I stupidly cut off the conversation.
But the bastard didn’t give up - he called back again and said that I definitely needed to come to some service there on March 8th. I, in turn, politely, without swearing, asked him to stay in place - they had already left for him. Gandon hung up.
I immediately called back to the customer service, clarified that this clown was definitely not from technical support, and transferred all the known information - about his phone number and Bee Wi-Fi account to the security service. I hope they cut off the asshole’s phone and won’t let him take away what he stole.
In the end, because of this asshole, I was forced to drink iced tea.