Editorial note: Sergey Dolya, the author of this post is one of the most popular Russian bloggers. This story has happened recently with one of his friends. As it turned out after Sergey have published his original post, the victim was Katya Turtseva, high-ranking employee of international IT company.
Recently a friend of mine has had her Skype account hacked. Scammers decided to use this opportunity to trick people from her contact list out of their money. And in just one hour they received more than 100,000 rubles (about $1,500)!
There was a lot of people in her contact list: about 300 of them. Scammers decided to ask her friends’ to borrow relatively small sums of money, 15,000 rubles (about $250) ’till tomorrow’. This is the maximum amount Yandex Money (a popular Russian payment system) allows to transfer at a time.
The idea was simple: ‘Katya’ wanted to buy some goods online but had no money on her Yandex Money account. This bite-sized approach had credibility and made her friends believe that they were speaking with the victim. They decided to transfer money without a call to their friend; some of them even sent money twice.
This is one of the conversations fraudsters (F) made with of victim’s friends (V):
- F: OK. Get straight to the point: I need your help.
- V: What’s happened? Spill it! And send me a photo.
- F: I wanted to borrow money till tomorrow)
- V: How much? I can send you money, if I have enough on my account.
- F: 15 thousands)
- V: OK, sure. Where to send?
- F: Thanks)
- V: Tell me how to send?
- F: I need to pay with a card but mine is empty. Can you pay?
- V: No problem
- F: http.yandex…. (the link to payment page)
- V: I need a recipient’s bank account
- F: hey! where are you?
- V: changed nappy
- F: oh)) here it is: (number of fraudsters’ account)
- V: I’ll take a photo of invoice and lull Vanya asleep. He is crying.
- F: OK, I’ll be online
- V: OK
- F: Oh, Lena, coming to think of it. Do you have another 15,000? If not, it’s OK you’ve already helped a lot! But if you have, I’ll send you back 30,000 tomorrow + commission at my expense
After the dust had settled, it turned out there was little they people could do to get their money back.
A few days were spent communicating with Skype support service trying to get to the bottom of the problem, however employees needed more than 24 hours to understand what had happened. When they figured out that Katya’s account had been hacked, they sent a link to a password recovery form, without realising that the hackers had changed the email address that was associated with the account.
Onwards, support service asked Katya to fill in the verification form, twice. After three days, the scammers were still sending requests to people on Katya’s friends list. Support service refused to block Katya’s account until they had clarified the situation.
Katya correctly answered all questions from verification form except one: when was your Skype account created. The support service decided that the whole situation is too complicated and recommended her to create another account! By this time, fraudsters had already walked away with around $5,000.
Sergey Dolya @dolyasergey tells how his friend had her #Skype hacked and used for money scammingTweet
Meanwhile, one of Katya’s friends tried to get refund: she blocked her card and asked that her bank cancel the payment. Her request was accepted. The bank confirmed that she had never worked with this shop before and asked her to file a complaint at the local police department. Her bank requested a copy of this complaint to initiate the investigation of this case.
The police sent her back to the bank: apart from the ordinary documents that were normally needed, they needed a document from her bank stating that an ‘investigation’ had been launched. She found herself bouncing between the police and the bank, with no real end in sight. Eventually, the police told her the best thing to do was to call the Moscow police, to see if they could assist.
After that Katya’s friend called her bank again. Her card was blocked as well as the money transfer, and it would remain tied-up until the merchant applies for it. Then the bank would transfer the money. So it seems that the money is stuck in no-man’s-land…
When other users tried writing to fraudsters, they didn’t get much luck in appealing to their altruistic side: the fraudsters did not believe that police would do anything substantial on this case and they obviously understood that the Russian legal system combined with Skype security policy made most attempts at resolution moot:
— ***, guys, give us an interview, at least in chat
— ***, f*** off, don’t f*** my brain)
— Common, we do wonder. Katya says you’ve already gathered 100,000 rubles
— Say her go to police. And let the God bless her there… and I’m blessed with my anonymity :C
— It’s unlikely that I can break your anonymity by chat
— You’re just disturbing me
It seems that the only one thing that you can do in this case is to secure your accounts. Here are a few tips for you to follow:
— Don’t use the same password for different accounts. If you do, there’s a chance you can lose all your accounts.
— Use two-factor authentication to protect your accounts. In this case you’ll receive a short code via SMS or e-mail and use it as a second password.
— Don’t click suspicious links: there are a lot of pages in the web that steal your data. It’s called phishing.