Cybersecurity in Ukraine: how to protect your funds from fraudsters?
Kyiv • UNN
The number of cyber frauds is increasing in Ukraine. Experts advise to be vigilant, not to follow suspicious links and to use reliable antivirus programs to protect your finances.
In today's digital world, the issue of cybersecurity is becoming increasingly relevant. Every day, users risk encountering financial fraud, personal data breaches, or becoming victims of cyberattacks that can lead to serious losses. Attackers use a variety of methods, from phishing emails to complex schemes for withdrawing funds from bank cards. Often, victims learn about the crime too late, and getting the money back becomes a difficult task. That is why it is important to know how to protect your finances, and in case of fraud, act quickly to minimize risks.
UNN found out what types of fraud are the most common and how Ukrainians can protect themselves from financial losses today.
Just recently, journalist Oksana Torop on her Facebook page told about how fraudsters stole a significant amount of funds from her bank accounts. And this story is amazing, because the woman managed to return the lost money on her own.
In the morning, I received a message from the bank that there was one very strange transaction, and therefore my account was blocked. The transaction was for $15. Well, I immediately called the bank with the thought: "Oh, what a great bank, it blocked my funds and saved them
However, as it turned out, it was already the 65th transaction on the account and only it turned out to be unsuccessful, so the bank blocked the card. As Torop herself explained, what was strange was that the bank usually requires confirmation of the transaction even for some minimum amount, but in this case she did not receive any notifications.
On the same day, Torop went to the bank, where she wrote an appeal and was promised that they would conduct an internal investigation, which would last up to six months, but the return of funds was not guaranteed.
That is, that's how they set me up. And of course, in such situations, they said to contact the cyber police, which I did. I immediately wrote an appeal, then went and wrote a statement, and at the same time asked how it usually happens in such situations, whether the bank returns money to people. To which I was told that there are not many cases when the bank returns money. Therefore, I decided to start acting on my own in this situation
First, the woman ordered an extract from the bank in Ukrainian, in which she discovered that the funds went to the account of a fairly well-known American video game development company. On specialized banking fraud sites, she learned that in similar situations, people simply contact the companies to whose accounts the funds went, provide them with proof of transactions, and thus return the stolen money.
"I went to the website of this company, looked, read about them, read what to do in such situations, if you saw some unauthorized transaction, what documents are needed from the bank, details, proof that the funds were actually transferred. Therefore, I then ordered an extract from the bank in English", - Torop said.
Next, according to her, she wrote a letter to the company, in which she explained the whole situation and attached an extract from the bank. And after a few hours, Torop received a reply letter in which the company found out that the transactions were not authorized. In particular, the woman was promised a refund within 3 to 10 days.
"I was lucky, they returned within a day," Torop added.
When asked what Torop could advise people who find themselves in a similar situation, she replied that the best solution is to rely on their own strength.
The bank immediately starts blaming the client for giving someone their data, the children were playing, or something else. And when you are sure that none of this happened, you did not follow any strange links, and so on, then, well, just fight for your own, find out as many details about all this as possible. A bank statement is the easiest way. If there is a company name there, it is easier
What fraudulent methods are most popular today?
Cybersecurity expert Kostyantyn Korsun told the UNN journalist that the use of the latest IT solutions is changing the nature of cyber threats today, but the essence of fraudulent methods remains unchanged. Technologies such as artificial intelligence allow attackers to forge voices or even videos. However, such methods are still exotic and less popular among fraudsters. According to him, malicious links sent through messengers, in particular Telegram, are used en masse.
Fraudsters use the topics that are relevant to people, what people are afraid of, or what people expect the most. That is, different informational reasons are used. If no world events are happening, then the topic is exploited there: "vote for my child", "your number was chosen among many others", "you have won some significant amount or some property, apartment, car, trip". Well, that is, they play on people's emotions, on the desire to get something for free without putting effort into it, on fears, on expectations
In addition, according to the expert, banks do not always take care of the cybersecurity of their clients.
"Banking systems must have powerful protection systems, serious, professional, so to speak. But not all banks equally understand the sufficiency of these efforts. Not all banks hire professional specialists. Not everyone thinks that security is something that should be given serious attention. Therefore, leaks from banks happen", - Korsun added.
As he explained, sometimes people in low positions work in banks who are willing to sell information about clients, which can lead to data leaks and security breaches.
How critical is the cybersecurity situation in Ukraine?
Kostyantyn Korsun emphasized that the cybersecurity situation in Ukraine is significantly inferior to that of Western European countries, where there is a clear European legislation that regulates this area.
"If we are talking about Ukrainian banks, then there is also quite strict regulation, in particular, from Mastercard, from Visa, which, in case of non-compliance with minimum cybersecurity requirements, can simply stop cooperation with such a bank, and this means the collapse of the bank", - the expert said.
In particular, he notes that once a year, domestic banks must undergo a security audit, in particular according to the PCI DSS standard. However, these requirements are often of a framework nature and do not always ensure an adequate level of protection. He also noted the insufficient development of Ukrainian legislation in the field of cybersecurity. According to him, the absence of a single body responsible for cybersecurity at the national level only worsens the situation. At the same time, the situation in the countries of the European Union is much better thanks to strict legislation, in particular on the protection of personal data, which is regulated by the General Data Protection Regulation (GDPR). This is an important component of cybersecurity, because attackers often try to gain access to users' personal data.
"Also, the European Union has ENISA, the European Agency for Cybersecurity, a fairly powerful and well-funded organization. Each country has some cybersecurity authorities. We in Ukraine do not have, unfortunately, a single cybersecurity authority. We have the so-called main subjects of cybersecurity, of which there are currently 11", - the expert explained.
How to protect yourself from similar situations
The head of the ESET SOC team, Nikita Veselkov, shared with the UNN journalist that in order to protect your data, you should only download verified programs from official stores and not follow unknown links in social networks or e-mails, as phishing remains one of the most common methods of stealing personal data.
"Remember, banks will never send messages to confirm the authenticity of passwords or other personal data, and also ask to provide this information supposedly to update their program", - the expert explained.
You should also avoid storing card data on the websites of online stores and other resources, even if it helps save time. This will reduce the likelihood that your card information will be stolen in the event of a company data leak or a hack of your account.
In addition, you should avoid making payments on the Internet while connected to public Wi-Fi without using a VPN, because your data can be intercepted due to the unreliability of such networks.
"You should also not forget that using multi-factor authentication in addition to a password will reduce the chances of hackers hacking your Internet banking profiles and stealing financial data. While installed antivirus programs will help protect against various malware and phishing", - Veselkov summarized.