CCTV reveals bank card stealing black industry chain
"The card is on the body, and the money has been transferred inexplicably." Many people will say that this is impossible. But this incredible scene happened to Mr. Wu. Shortly after Mr. Wu was stolen, the reporter received a report from a person who claimed to be old Xu. Lao Xu said that there is a large black industrial chain that steals bank cards in the cyberspace. Under his guidance, after more than three months, the reporter finally figured out the method of “cutting†and “washing materials†in the black industrial chain and stealing funds from the customer card.
According to CCTV
In December last year, Mr. Wu received a text message from a strange number. The text message says his name. Mr. Wu thought that it was sent by a friend who did not have a number, and clicked on the picture in the text message.
Since there was no abnormality in the mobile phone, Mr. Wu did not care too much. After a week, the bank suddenly sent a text message, and originally had a bank card with more than 50,000 yuan. The balance was only 300 yuan.
Mr. Wu inquired that his bank card was gradually transferring money in the past week, but he did not receive more than a dozen text messages from the bank. Mr. Wu took the mobile phone to the customer service check and was told that his mobile phone had a Trojan virus. He lost the function of receiving text messages within one week. After one week, the Trojan virus failed and the SMS function was restored.
The bank card is always on his own, and the password is only known to him. Mr. Wu is puzzling: Why is there no money in the bank card?
Shortly after Mr. Wu was stolen, the reporter received a report from a person who claimed to be old Xu. Lao Xu said that there is a large black industrial chain that steals bank cards in the cyberspace.
"Information like Lao Wu is very easy to get in the black market. I can get 1000 such information in 5 minutes, including the card owner's name, card number, ID card, phone number, and his bank password. As long as 1000 minutes in 5 minutes, there is no problem."
In order to verify what he said, Lao Xu opened several QQ groups, and in less than 5 minutes, he sent a 33-page document to the reporter. More than 1,000 bank card information is recorded in this document. Each message has the name of the card owner, the bank card number, the ID number, the bank reserved mobile number and the bank password.
The reporter randomly selected information from 70 different provinces for verification. Among them, the identity information and phone number are all correct, except for the 5 bank password errors, the remaining 65 bank card passwords are all correct.
So, where is the secret information of so many secrets in this black market? With the help of Lao Xu, the reporter conducted a survey of the black market for more than three months.
The first step: cutting
Three methods of stealing bank card information
If you want to transfer money from your bank card, it is usually not done by one or two criminals. They need to build a complete industrial chain. Criminals with different divisions of labor on this chain usually communicate and trade with QQ groups that only add acquaintances. With the help of “Xu Xuâ€, the reporter entered this kind of QQ group. In the group, criminals refer to the bank card information as “materialsâ€, and those who collect bank card information are called “cutting peopleâ€, and the bank card money The person who turns away is called "washing person." Buying "materials" from the "cutting person" is the first step in the whole crime. So, how did the “materials†of these “cutting people†come from?
Method 1: The pseudo base station sends a phishing message
Dozens of victims who have stolen bank cards have received so-called text messages from telecom operators or banks. 360 chief anti-fraud expert Qi Zhiyong pointed out that these are actually text messages containing phishing websites sent by criminals after they have been "packaged" by pseudo base stations. On the fake pages of these phishing websites, after logging in, users will be asked to enter information such as account number, password, name, ID number, bank reservation mobile number.
Method 2: Free WIFI steals personal information
In addition to using phishing websites to obtain personal information, the reporter found that criminals also use free WIFI to steal personal information. Qi Zhiyong said that the security of a WIFI depends mainly on who its erector is. If it is a scammer or a hacker set up a free WIFI, once the user accesses, all Internet data can be intercepted or stolen by hackers.
Method 3: Modify the pos machine to steal information
In the black market, the information extracted by the POS machine is called “track materialâ€, which is much smaller than the information extracted from the phishing website. However, the selling price is very high, and the information with a large balance can even be sold for several thousand dollars. For this information, criminals usually wait for more than half a year to sell the information, in order to allow consumers to accumulate a large number of POS machine consumption records, so the police can not trace which POS machine extracted the bank card information.
Bank card was stolen and swiftly done like this
Freeze the card to prevent the loss from continuing to expand - call the customer service to report the loss or operate it through the mobile banking. Most banks have a “lost card guarantee†service, and the stolen brush that occurs 48 or 72 hours before the loss can be paid.
Report the case immediately, and the receipt of the case must be preserved – so that it is well documented when claiming rights from the bank.
Evidence of evidence – the correct way to do this is to immediately cash out at a nearby bank and print the voucher. This is done to prove that the bank card is in your hands, and the transactions that take place elsewhere are fake cards.
After completing the “cutting†work, in the black industry chain, the next step is to transfer the money from the victim’s bank card, and the criminals refer to this step as “washingâ€. This is also the most puzzling place for many victims - why is my money not? In the QQ group, there are many people who send advertisements for “washing and intercepting materials†every day. These people are called “washers†and they can transfer the money from the victim's bank card to the card number specified by the “owner†to get a 30% to 50% commission. And their main concern is the user SMS verification code.
The second step: washing the material
Stealing the code
method one:
Let the phone poisoning intercept the verification code
The verification code is a one-time password sent by the financial institution to the user when the user performs operations such as changing the password, transferring money, etc., and the transfer cannot be performed without the verification code. To get a verification code, the most common means for criminals is to send a Trojan to the target phone. Mr. Wu at the beginning of the article is the victim of the mobile Trojan.
As long as the victim clicks on the Trojan, the SMS content will be intercepted by criminals. The criminals bind the bank card to a third-party payment platform through the personal information of the bank card master in advance, and then transfer the money away. At this time, the victim's mobile phone received neither the consumer reminder nor the verification code, and the money in the card was transferred away.
Method Two:
Interference mobile phone signal interception verification code
Making viruses in mobile phones is the most common way to block verification codes, but it is not the only way. The reporter found that in the black market, someone who does not need a Trojan virus can intercept the verification code. Their method is to interfere with the cell phone signal through special modified equipment, but this method has a limitation, that is, the device must be within one kilometer of the target mobile phone. Therefore, the use of this interception must be close to the victim.
So, how do criminals determine the location of the target? "In fact, this is very simple. The general way is to call that target and say that you are sending the courier. Your address is not very clear. Let him repeat the address. If he says the address, we can Intercepting the verification code of his bank card within one kilometer." Lao Xu said.
Choicy is aesthetic device manufacturer professional producing and selling dermaroller, the cartridges for dermaroller, the pins for dermaroller, the accessories for dermaroller. To view the full range of laser machines that we have available, you are welcome to contact us to have a video online meeting to see the machines up close and personal. Also, please send your requirements with a detailed list including the style/item and quantity you require. We will then send our best prices to you. Manufacturers Machine Operation training is included with all machines and no previous experience is required.
Application area
Dermaroller
Micro-Needling Derma Pen,Micro-Needling Derma Pen Accessories,Micro Needling Derma Pen,Derma Roller Accessories
Choicy , https://www.choicygroup.com