María saw how her savings and her pension slipped out of her hands in 15 minutes. She was the victim of bank fraud. Wanting to take more, the scammers decided to leave Maria credit debt in her name. Within a few hours, she lost more than 200,000 pesos, or around $10,000 dollars. Just for answering a call.
“They told me that I had some transactions that I needed to verify, they spoke to me by my full name, they gave me various information, everything seemed very real,” says the 60-year-old woman. “I did not have the bank application installed on this phone, they were the ones who downloaded it as if it were me, they emptied my accounts and took out several credits,” she recalls. Although she has already formally proceeded with a complaint with her bank and before the National Commission for the Protection and Defense of Users of Financial Services (Condusef), six weeks have passed and she has had no response.
Bank fraud is an ordeal experienced every day by users of financial services in the country. However, fraud through banking applications is a crime that is growing alarmingly in Mexico. This week, a case of theft with this method went viral on social networks. The actress Verónica Bravo denounced on her Twitter account that she was robbed of her savings by losing her cell phone. “They did not steal my card, nor my wallet, only my cell phone and I did not have the passwords saved, I did not have a photo of my INE, I had absolutely nothing, however, those who stole my cell phone were able to access my BBVA Bancomer application and they stole all my money”, she exposes in a video.
Her case has become a trend on social networks since the weekend and continues to be at the center of the debate until now. There are two possible paths to committing fraud through bank mobile applications: when the user delivers, through trickery or other means, their personal data or passwords, or when the user does not participate directly, but in the end becomes a victim of theft.
In the case of Maria, it was part of a fraud that can be called “traditional”, as explained in an interview by Óscar Rosado, president of the Condusef.
“In the pandemic, fraud moved from face-to-face to remote, through applications where they pretend to be financial institutions, put data and names that lead to user error, obtain data via applications or by telephone that are then used,” he says.
This crime is growing as fast as technology itself. Between 2020 and 2021, virtual robberies of mobile banking users have grown more than 52% with 16,036 complaints in 2020 compared to 24,442 filed in 2021. Although complaints have slowed down, they maintain growth in the first half of 2022 of 5.8% according to the latest data from Condusef.
The modus operandi of fraudsters is simple but very efficient. They pose as a bank executive, give personal details and the last four digits of a card obtained illegally through databases obtained on the black market. “There are mechanisms for purging and using algorithms so that these databases, even if they come from a commercial world, can be useful for using social engineering in the financial world,” says Rosado. They then start asking questions and invite the user to open their app, perform specific tasks or give other data.
In this way, first by phone or through text messages or WhatsApp , fraudsters can have remote access to the user’s mobile application. For Maria who was not a regular user of her mobile app, that spelled bankruptcy for her. “The one who spoke to me seemed like a bank employee, he told me exactly what things to do, where to look. Then I found out that that’s why they were able to enter as if it were me from another phone”, she said.
However, the level of security of banking applications continues to give bank customers much to be desired, who often are not a conscious part of the embezzlement, as in the case of actress Bravo, who only lost her cell phone.
According to the report “Mobile banking robberies: The global economic threat”, by the cybersecurity firm Zimperium, the BBVA Mexico application, with more than 10 million downloads, is one of the applications most attacked by cybercriminals in the world.
Although there may be user participation in these embezzlements, many of the applications suffer from vulnerabilities. The analysis “Vulnerabilities and threats in mobile banking ” prepared by Positive Technologies, reports that at least half of the banks worldwide have some flaw in their security levels, and 76% of all these problems could be exploited by scammers without the need for physical access to the device.
While financial institutions make adjustments to their mobile systems, the director of Condusef advises bank users to avoid falling for false calls, messages, or emails.
María saw how her savings and her pension slipped out of her hands in 15 minutes. She was the victim of bank fraud . . .
