Ukrainian cyberpolice liquidated a bank fraud

In Ukraine, a boiler house built by a 25-year-old resident of Kharkiv Oblast has been closed. The hired operators used advanced social engineering techniques to extort the data needed to clean the victims’ accounts.

Scammers attacked people from Ukraine and Russia, and other countries of the former Soviet Union. The scam had several stages. It started with a call from a fake bank employee who reported a suspicious transaction using the victim’s credit card or receiving a request to change the client’s account number. Then other call center operators took over the call, who disclosed further details related to the case. They also assured that it had been reported to the local police.

At the very end, the victim was called by a “policeman”. Thanks to the use of SIP-telephony, fraudsters could replace the telephone numbers visible to recipients. In this way, their victims were reassured that they were talking to a genuine bank helpline or a real policeman. The pseudo-officer swindled the last data needed to finish the fraud, including the SMS code to approve the transaction being processed. The end was the theft of money from the victim’s bank card.

Victims the criminals called were not selected randomly. The organizer of the scam participated in hacking forums where he bought customer databases of various banks.

Ukrainian police operation

Officers from the cybercrime investigation department of Kharkiv Oblast and the local regiment for special tasks searched the accused’s apartments and the building where the call center was located. Police secured 70 computers and telephones. The total number of victims and the amount for which they have been defrauded is currently being determined.

The investigation is still ongoing, but all indications are that the persons involved in the “boiler room” operation will be held liable under the paragraph on fraud. They face up to 8 years in prison.

The police action record: