As swindlers catch users of "Schoolmates" and "VKontakte"

Online: {{ reading || 0 }}Read:{{ views || 8521 }}Comments:{{ comments || 0 }}    Rating:(5112)         

To you messages from friends in "Schoolmates" or "VKontakte" with a request didn't arrive yet to send the SMS, to borrow money or to share number of the mobile mutual friend? Carefully: it can be and not friends - breaking and further use of personal pages on social networks for quite some time now became a new pot of gold for speculators.

Pleasant man's voice: "Hello, it is engineering service of your mobile network operator. We recustomize a network. To stay in touch, you need to gather... Write down... " Similar calls for the last some months arrived to thousands to users of cell phones.

The pleasant man's voice patiently dictated a set of letters and figures. As a result, after a set of the specified combination 300 rub were charged off an account (or 600 - at those to whom "the service engineer" instructed "gather authorization for fidelity twice"). Actually, the entered combination was not than other, as paid sending the SMS for short number. That is simply SMS payment in favor of the swindler.

"This scheme of fraud which we call a pseudo-call from technical service of the operator, today one of the most widespread, - the head of department of corporate social responsibility of management of JSC Vympelcom public relations Anna Samokhvalova makes comments. - It is necessary to remember that the communications operator has million subscribers, and settings for networks are made so that to be imperceptible to users".

It is only one of the roguish receptions, which purpose - to force the user to send SMS payment to short number. And still can call from "radio station" - to report that on "your number dropped out a prize", but for its receiving it is necessary to be registered, having sent the SMS - is allegedly free.

We will notice that простофиль a personal call swindlers use distributing rather seldom where into accounts of speculators SMS spam when enticing messages are dispatched on million phones automatically gives a big share of SMS payments. The contents can be most different:from "send the SMS - receive a bonus" to "take part in a lottery - send the SMS worth 10 rub and win Mercedes". Naturally, the cost of the message sent on short numbers specified by swindlers, usually is not less than 200 rub

"For mailing of SMS spam speculators usually use special GPRS-connected to the computer modems on some SIM-of cards which on a database will dispatch to 100 messages a second. For an hour will dispatch to hundred thousands of subscribers, - Vyacheslav Varlamov, the general director tells a content - Xi Em Xi Billingg provider.- The most dangerous that used programmatically - hardware allow to substitute sender number in the message that is forbidden by operators. That is, it is possible to send the SMS on behalf of the most mobile network operator or anyone".

We will notice, on the Internet there is a heap of the services giving to everyone for a symbolical payment opportunity of sending the SMS with false number or a name of the sender.

However even if the user of phone essentially doesn't participate in lotteries and advertizing campaigns, doesn't vote sending the SMS, it at all doesn't mean that it in safety. As Vyacheslav Varlamov speaks, downloading for the phone any software from the Internet, for example game, it is possible to receive together with it and certain java-the appendix which will periodically dispatch SMS messages on number of swindlers without the knowledge of the owner of phone. Moreover, the cunning aaplet after each sending covers up tracks - erases the corresponding entry in the Sent folder.

Such victims give to speculators the lion's share of the income. It is amusing, what even after the swindler pressed, the translation to him money from a content - provider stopped, on short numbers from infected phones the SMS and money for them at the subscriber continue to arrive, respectively, the operator writes off.

Number was successful

The huge part of "distributings" on SMS payment is made by advertizing and the offer of services on the Internet. Sending the SMS for short number can suggest to pay as access to pornoarchive or downloading of piracy software, and quite plausible services, like receiving result of the IQ test or a personal horoscope. Usually the cost of the SMS appears 300 rub, instead of declared 30-50 rub. Thus the unlucky user doesn't receive anything for the payment. Moreover, sometimes to it the notice comes: pier, it is necessary to send one more "free to the SMS with additional confirmation" etc. indefinitely.

Very interesting reception started being applied approximately a year ago: the virus picked up in a network when opening any Internet - pages filled screen about a quarter with a window with a porno which wasn't cleaned by any actions. In the separate line the pornoinformer maliciously thanked for trust and suggested to send the SMS with a code to number 3649 for the removal and refusal of a pornovideo subscription. Those who decided to send the SMS, instead of a code of removal received the response message - the offer to send one more SMS for removal confirmation.

"Pogugliv, I learned that number 3649 is used everywhere where only it is possible, - the businessman Sergey which accountant suffered a year ago from such virus tells. - From spam - mailings "Number 3649 if to send to it, you will receive 35 free SMS", "access to an unreal sensuality", "receive a key on Kaspersky" to the offer "download cribs on physics". For obtaining the password it is necessary to send the SMS message of TTHOM".

According to Sergey, any a time ago number 3649 (in using at "The first alternative a content - provider") temporarily closed. Then, probably, having dealt with speculators, it again opened. During preparation of this material we made experiment. Sergey again sent the TTHOM code on 3649 (advertizing in a network still turns), 300 rub were regularly written off, but instead of the password of access to cribs on physics the answer came: "Specify SMS text. Questions:".

Having carried out simple search to networks, we found out that practically on all expensive (with the cost of sending the SMS of 200-300 rub) short numbers are complaints of users. So why mobile network operators don't close them? About it is a little lower.

We are familiar?

The greatest danger to the user is constituted by personal letters or personified spam. For example, to our colleague such message came to the Schoolmates networks from an account of one of friends: hi!!! I almost win in competition the best photo by May 9, less than a percent doesn't suffice... The first prize - the smartphone honor mine... Lena, you can help me? It is necessary to send SMS, the text "num777 170". Competition "6008" number, without quotes. If it isn't heavy, vote for me, I will return the favor! Certainly, if one and a half rubles aren't a pity; - ) Thanks in advance! "

It appeared that such messages were received by all who was in lists of friends of the page of the sender. Thus the owner of an account at all didn't know that from his name something was dispatched.Similar swindles were turned and in a network of "VKontakte". Apparently, swindlers manage to get in any way access to accounts of users. It is remarkable that some time ago in a network the base containing data, including access passwords, approximately 40 thousand accounts of "VKontakte" was laid out.

To make comments as such it is possible, the administration of the Schoolmates and VKontakte resources refused, and we addressed to third-party experts. "By our estimates, these data weren't stolen from servers of the company, and gathered by a phishing, - the senior anti-virus expert of "Kaspersky Lab" Vitaly Kamlyuk makes comments. - The analysis of that 40-thousand base showed that passwords of users only a few months" gathered.

Phishing - from the English phishing, derivative of password - the password and fishing - fishing. Version the Internet - the frauds, which purpose - to take control of confidential data of the user (the password, a credit card number, PIN-a code and so forth) by means of this or that smart way, with application of social engineering.

And Vyacheslav Varlamov has other assumption: "It is possible to find the program in the Internet - the robot who will creep on "VKontakte" and one for another to hack pages of users. The same robot can make at once mailing on behalf of the owner of an account. Thus earlier it managed also at once to erase mailing traces, having cleaned the Sent folder; now "VKontakte" it any more doesn't allow. "Schoolmates" are protected better - their such robot you won't get".

Nevertheless the usual phishing too gives mad effect. Let's say to the user the letter comes to e-mail: "Hello, watch what excellent pictures I uploaded on the page in VKontakte. Masha". "Who such Masha? I will come I learn, maybe, and the truth familiar", - the recipient thinks or doesn't think at all, and simply clicks automatically enclosed link and gets on the phishing site which design is copied from the original. But to reach "Masha's" page it is necessary to become authorized, that is to enter the login and the password.

As Vitaly Kamlyuk told, it is possible to get on a phishing site and without any viruses - the trojans substituting a false page, or spam stains. Any person, hammering the site address in a line of the browser, can allow a typographical error. Swindlers, finding the most probable options of typographical errors, register the corresponding sites. As a result, having gathered instead of (the address of the present of "Vkontakte.Ru"), you get on page almost identical externally. Insignificant differences from the original in design of this phishing site (and similar can be much) is explained only by laziness of speculators - they didn't update after real "VKontakte" once the copied main page.

After receiving login and the password the phishing site most often gives out an error message or will readdress you on the real resource so you can not notice at all that came where - that still. To secure users, owners of popular resources try to register on themselves domains on which come in connection with typical typographical errors. For example, (from one S) - a resource not phishing, belongs to "Schoolmates" and will readdress you in the real social network.

Certainly, elementary automatic protection to the user is provided also by services. For example, post. "The noticeable number of roguish messages to us manages to be blocked as spam, - Anna Artamonova, vice-the president of Mail.Ru speaks. - But here it is important to understand that such letters extremely seldom happen mass mailings - most often they go manually, with the personal address, etc. so they can't almost be distinguished from legitimate correspondence". More special anti-phishing protection can secure against a phishing. According to Vitaly Kamlyuk, the last versions of personal products of "Kaspersky Lab" contain constantly updated database of phishing sites at which visit the automatic prevention is issued.

Meanwhile there is the way guaranteeing access to an interesting account. "My bride suspected that I go to the page "being" in "Schoolmates", - Vyacheslav, the owner of a site of board games on Internet tells. - To check it, it used the friendly relations with one of moderators of "Schoolmates" - received the password from it".

Actually the greatest danger is constituted by the malefactors using data from social networks not for distributings on a trifle, for 300 rub, and for more serious swindles. For example, to the woman to phone send MMS with the photo of the husband in bruises, like "yours sits in a cop shop, bear repayment of $2 thousand". As it became clear, the photo was taken from a site "Schoolmates" and corrected in Photoshop, phone of the spouse in any way got. Perhaps, as in the following history?

Elena O. tells:"In "Schoolmates" the message comes from there is nobody Kolya Solovyov: "Flax! Hi! This is Kolya Solovyov. Give, please, Petya Ivanov mob. Phone". I know Petya Ivanov, he, by the way, at me in "Schoolmates" is registered in friends, and here I hear about Kolya Solovyov for the first time... " Such letter is probably designed for the inattentive recipient, but also such there is a lot of. And here if swindlers hacked an account someone from Elena's acquaintances and wrote the similar letter from his name, the necessary number would get for certain.

Call me, call!

Besides distributings on SMS payment, there are some more types of the swindles focused on users of mobile phones. Classics of a genre - obtaining the SMS it seems "I stand on the road to road accident, urgently put rubles 200 on this number. Sasha". Calling when the user receives the SMS notice about allegedly arrived into the account of its number payment is very widespread. Later the call is distributed or comes to return the SMS with a request the translation to a certain subscriber put not on that number money.

If attentively to look at the automatic signature of the sender, there, as a rule, usual (though sometimes "beautiful") at ten-digit number. However, the swindlers having systems of automatic mailing and opportunities to change the signature, don't like to contact such swindles - to cash run on SIM-the card the large sums not so simply. According to the representative of management "K" of the Ministry of Internal Affairs of the Russian Federation, prisoners in prison often are engaged in such distributings - recharge for own conversations.

"The main thing for the subscriber - not to solve a problem most, and to send calling to communications operator which has procedures of correction of mistakenly enlisted payments", - Kirill Puzyrev, the leading expert of analytical department of management on safety of JSC "Megafon" recommends. More rare, but it happens when the call is distributed: "Urgently call back" - and at once a release. Or the SMS with the similar text comes. Why for swindlers it is necessary that to them called? Perhaps it is "zavlekalka" on paid telephone service with time wage, like sex by phone? Yes, and such happens.

"We collect claims of subscribers on such facts and we form a black list of paid numbers (as a rule, foreign) which are used in the roguish purposes, - Kirill Puzyrev speaks. - Dialing on numbers from a black list after their check regarding fraud is blocked for all subscribers of our network for the purpose of their protection against financial losses".

There are also absolutely interesting situations."Mobile network operators have tariffs on which for each entering call the bonus is charged, - Vyacheslav Varlamov tells. - Such tariffs or actions badly studied for many regional operators, and as a result the bonus for an entering call on mobile appeared more, than cost proceeding from city number. Many sat down and for hours kept ringing to itself, accumulating money for SIM-to the card. To me once there came the person, suggesting to buy the card on which it gathered in any way 600 thousand rubles"

with SIM-discount

Write letters

According to Anton Veremyanin, the editor-in-chief of a portal of, the volume of the Russian market SMS of payments its participants estimate at $160-200 million in 2008, the forecast on 2009-й - $300 million. "According to our data, a share of roguish receipts here - less than 1%,-Veremyanin speaks. - As for SMS payments for counterfeit / the forbidden content (for example, a pornography, piracy software), can be and 30%".

As Vyacheslav Varlamov told, in noticeable number of swindle with SMS payments began to carry out about four years ago when a content - providers gave to natural persons opportunity to receive payment for the services on short numbers. Today this scheme looks so. The mobile network operator leases short number a content - to provider (aggregator), determines the fixed cost sent to it the SMS.

And a content - the provider hands over number in sublease to partners - direct suppliers of services or a content. Thus partners on one short number hundreds can sit, and each of them provides tens services. Respectively, the address of the recipient and concrete service is defined by a so-called prefix - the code sent to notorious short number. Thus, it is clear why operators can't take and close just like that number with tarnished reputation.

When obtaining the complaint of the subscriber (the appeal to office or to the contact center) trial is carried out, and at confirmation of the fact of fraud and the proof of guilt of provider to the subscriber return the spent means. Besides, the mobile network operator largely fines a content - provider (and even breaks off the relations with it), well and that, respectively, closes the prefixes registered on swindlers. However on this case speculators register at provider at once a heap of prefixes: as soon as one close as unfair, they switch a flow of the SMS to another.

"As a rule, swindlers who specialize on such swindles, are school students and students, - Vyacheslav Varlamov tells. - Thus the income at them it is far not nurseries: I know 13 - the summer boy who received in a month 200-300 thousand rubles".

On assurances a press - services "big cellular three", all of them constantly conduct explanatory work and inform subscribers on possible swindles. However if about it not to know and not to look for this information specially, just like that on sites of operators you won't come across it.

Usually the majority of the deceived subscribers are limited to only angry calls to call-the center of the operator where boys - girls politely throw a switch on a content - provider: pier, here to you its phone, and we here at anything. Conversation about a content - provider is simply senseless, the complaint from the victim for it - only an occasion to reflection and information on the partner.

Quite another matter - to send the operator the written statement. "Nobody reads the contract which signs upon purchase of SIM-of the card, and in vain, - Vyacheslav Varlamov speaks. - Though the operator mediates as though between the subscriber and the producer of service on short number, but number - that is provided by the operator, money is raised initially by it, and the legal accountability before the subscriber is born by it. So to demand the money it is necessary from mobile network operator".

According to Varlamov, in the presence of the reasonable written statement the operator is obliged to return money. As proofs it is possible to attach the link to advertizing in the press, in the networks, the received text of the SMS etc.

Apparently, it works. The author of article knows one victim "a pseudo-call from technical service of the operator", the pensioner who wasn't too lazy to come to office of "Beeline" and to write the application, 300 rub returned to it.

Zhzhivy opinion

And you tried to swindle through mobile communication?


Very often SMS come: number such - that asks you to call back to it. If you remember all numbers, you won't get if isn't present, periodically you call to check, whether there is this number in a notebook. Then it becomes clear that isn't present, and money runs away. And the most favourite and popular method is, of course, "VKontakte": "Mischa, visit the website, vote for me, plz". You come on ignorance according to the link, here to you block contact and write: "Pay money, and your account will unblock".


To mother SMS came to the mobile phone allegedly from "The Russian radio" supposedly send us reciprocal SMS and receive the laptop. In general, even the wisest of us can make a mistake: any can get. Receptions heap now: SMS, calls, electronic letters, counterfeit receipts.


Only today the wife receives SMS on the mobile phone: "Mummy, don't call on this to THESE - the card, phone stole. Urgently put 900 rubles on this phone number". The call was not from phone number of the daughter. The wife was already ready to regret "daughter". It was necessary to convince that it is divorce that the daughter always calls her "mummy", instead of "mummy". Besides, the daughter never would began to ask money as they with the husband are rather provided. You think, to me at once believed? As though not so! Inventing of any options of type began: let's call on this number from your phone, let me call from the. I'm saying: "And you don't want to call the daughter? " Answer: "So she asked not to call on that to THESE - the card". Bright! ! ! Well here that with such wives to do? It is good that the daughter had to call itself through an hour and a half. Hardly I persuaded to wait. They also count on such compassionate suckers.


I had a night call and minutes two dialogue: "And you who? And what you wanted? " - and it to me addressed. Generally, drew 600 rub from account. So I now if do attempts a vyyasnyalok, interrupt conversation.


Call by landline telephones to elderly people and tell that their grandson (granddaughter) brought down someone and urgently money on отмаз is required, is the phenomenon universal. In our case surprised that knew a name of the grandson, number of its car and in general... as - that knew much.


As - that time on the way home met to me one person. I approached, it was presented by the employee of the cellular company "Tele2" and I suggested to consult concerning communication. I thought that, probably, the companion conducts any survey, and generally - that was ready to answer questions, anywhere especially didn't hurry. Here he offered unique chance: to be connected to "Tele2" right now provided that I with itself have a passport. The offer seemed to me suspicious: giving to the first comer full passport data, you risk in few months to receive "the happiness letter" from any bank with the requirement to extinguish arrears.Having been refused, the person was excused for troubling and went to look for the following victim. And I went home in thoughts, whether really it there was "Tele2" or fraud attempt...

One and a half years ago I decided to make banal a phishing - a page with a muzzle of "Schoolmates", for fishing of passwords. Not for the sake of a profit, and for the sake of training, interest, and also to revenge one person. I at all the programmer and it isn't necessary to be him for creation of a similar phishing. First of all it was necessary to register the domain similar to, but in domain зоне.ru it wasn't simple as quirky cybersquatters and hackers occupied long ago everything for a parking and a phishing.

I registered in the, having decided that for a naked eye can quite give a ride and instead of odnoklassniki it was necessary to register odHoklassniki as everything was occupied. I placed in advance downloaded main page of "Schoolmates" on the created domain further - the login entered there and the password came to me to mail (I will repeat, I am not a programmer, the preschool child can copy a code of any page on the Internet, and the designer of a form for sending data for e-mail I found in the Internet).

Further there was a question how to entice the victim on this page? We with the friend thought out many options: and "come to disconnect a photo moderation", and "come to have new opportunities"... I worked the simplest way: "You are so similar (жа) to my brother (sister), as like as two peas... come and compare... " Then each questionnaire in "Schoolmates" had the address, and the counterfeit page easily masked under the questionnaire. I started testing system, sending links by everything, including and to friends, convicting them of a carelessness. And here interesting facts. 80% didn't notice address forgery, came and entered passwords! Thus I assume that from other 20% at a half at work access to the was closed, and some simply didn't know how to copy and where to insert the address. Experienced Internet surfers and system administrators, and here what seemed "stupid blondes" were conducted generally, at once me caught.

On my supervision, the most ingenious ways of obtaining passwords, they and the simplest. Keep in mind that your password is most of all necessary to your acquaintances (the wife, the husband, colleagues, friends (enemies)), and they can receive it most simply than the others.For example, the spouse, colleagues at work can put on your computer a keyloger - the program which remembers not only sequence of pressed keys, but also places where you press them (sites, ICQ, social networks etc.). Then they will read all data in the file which will simply come them to mail.

As I am not a hooligan and to earn, selling passwords, I didn't want, I decided to earn by means of advertizing on the page / where placed article about theft of passwords with a bright example of the phishing - pages. I hoped that all will share with each other this information - to transfer each other the link. But passed a little time and to me so many real logins began to come to mail and passwords that any malefactor would envy. I at first decided that lamers don't get a grasp of the text, and, going to the counterfeit page, accept it for real and enter passwords.

But then I understood, in what business. I guessed how inattentive people come across on a phishing. The matter is that founders of popular browsers, facilitating life to users, bring in memory all opened pages. That is, the user, wishing to come in "Schoolmates", enters an initial letter of a site - "o" into an address line of the browser, and the field with sites on the letter "about" which it visited recently down runs out...

Including a phishing - page. Well and why to them, users to type so difficult text when they can click with a mouse on already offered site further. Further open a counterfeit site and try to come on 10 times in the course of the day, without understanding that occurs and why they can't come, and to me the lot of passwords which they touch comes, thinking that forgot.

I understood that thus it is possible to receive passwords to any resources. For example, the page like on which any interesting information, like a positive page with beautiful pictures and wishes which users will scatter each other with the purpose to please takes place becomes. In couple of days information on this page changes on a phishing the page with design of (for similarity the description and a site icon is entered). After that users will open it in the above way (according to the browser offer) and to enter there the passwords which will fall into hands of malefactors.

If someone nevertheless wants to earn not too artfully on collected base of passwords, in my opinion, on behalf of users it is necessary to advertize something - from pizza delivery before construction services. After all if to publish advertizing in group on the website "Schoolmates" from dear participant or the moderator, many will listen.

Alexey Boyarsky, The businessman - Money


Комментариев: {{total}}