“It only takes 5 minutes to buy thousands of bank card information, passwords and other information online.” CCTV recently exposed the black market of bank card information trading, which attracted wide attention. The reporter learned that the new types of illegal crimes in the telecommunication network have become more and more prominent in our province. The data shows that from November 2015 to the end of February 2016, in just four months, the bank in the province cooperated with the police to inquire about the total amount of the case of nearly 0.9 billion yuan.
So, how did information such as the citizen’s bank card number be disclosed? Even if the scammer gets the card number, how did he get the password? Haidu reporter interviewed QQ group of personal information transactions yesterday and interviewed bankers to find out the loopholes in information leakage.
A seller sent a screenshot saying that on the 10th day, he collected nearly 20,000 personal bank card information.
Fake customer service phone number, fake APP “fishing”
“Basically, I can receive ‘points Redemption ‘and ‘Charging calls’ messages from major banks and operators every day.” Ms. Xu, a citizen, said that her personal information seemed to have been “shared” by the fraudsters, so she sent her “fishing text messages” in turn “.
So, how did the information leak? Ms. Xu couldn’t understand. In fact, in addition to “being fished”, that is, clicking the above text message to enter the page to fill in personal information and submit it to the swindler, over-shipment an APP on the mobile phone, and the information may also be stolen.
However, some fake base stations send fake bank customers’ phone calls and text messages, which also make citizens fall for it.
According to the survey report on mobile phone application piracy in Android 2015 released by Internet security company 360, there are 954986 pirated apps corresponding to 10305 genuine apps in the mobile assistant market. “That is to say, there are 92 Li ghosts behind a Li Ji.” Pei Zhiyong, chief anti-fraud expert of 360 company, said.
Pirated apps enter mobile phones with the ultimate goal of targeting users’ wallets. “The most” following the rules “fake apps, such as flashlights, also require information such as contacts, text messages, and locations to be packaged and sent to the back-end servers.” An industry insider said that because of these “big data”, after installation, the light will be harassed by spam messages and advertisements, and the heavy will lead to privacy leakage. The report shows that 42 percent of pirated apps have privacy theft.
The reporter secretly visited the personal information transaction group, and the depositor information was sold by category.
Once personal information is disclosed, it will become a profitable product for criminals. Yesterday, the reporter searched for the keyword “data” in QQ group. The system showed that there were dozens of active QQ groups. From the group profile, we can see that most of them are personal information trading groups. After the reporter randomly joined a group with nearly 2,000 members, he saw people publishing various advertisements selling personal information.
Later, the reporter added QQ of several sellers. The seller’s integrity data said that he still has millions of customer data from banks across the country. According to the opening time, the price of each information ranges from 5 to 3 yuan, in order to confirm that there is indeed “goods in hand”, he also took screenshots of the reporter, showing that nearly 20,000 bank cards entered the background only one day before.
“This information is mainly obtained through the express ticket when the bank sends the card to the customer.” The seller “Kaka merchant” said that if they get the basic information, they will know the card number, password, balance, etc.
The seller “all kinds of data (fidelity)” said that he only sold “first-hand” information, that is, new information that has never been sold, 4 yuan per piece. The reporter asked for inspection. He sent a screenshot of dozens of bank card information, including name, bank, address, phone number, etc. He said that as long as you pay for the purchase, you can also see the balance in the card and the card password. “some VIP customers of banks, such as gold cards and Platinum cardholders, also have information, it costs seven or eight yuan for one piece.”
There are two possibilities for password leakage: “phishing SMS” and “database collision”
“Even if my mobile phone communication record is stolen, only I know the bank card password.” Mr. Wang, who had stolen 20,000 yuan, said that it was indeed possible for personal information to be leaked and resold in the Internet era, but he couldn’t figure out why he even matched the password.
“If your mobile phone application needs to log in, and the login password is the same as the bank card password, then it is likely to be” successful ‘.” Mr. Ren, a banker, said that there were two major possibilities for password leakage. One was to send “phishing text messages” through pseudo base stations. After citizens clicked on the link, they entered a false page and all the input information would be recorded.
The second is to “hit the library”. “The so-called database collision means that when the swindler has mastered the user’s bank card number and some other login password, he uses this password to enter the user’s online banking to try to log in and pay, ‘Bumping ‘is right, you can do Anti Theft.”
In addition, in addition to using phishing websites to obtain personal information, criminals will also use free WIFI, modify POS machines, install cameras on ATM machines and other aspects to obtain information such as citizens’ bank card numbers and passwords.
Do not use the same username and password to avoid the hidden danger of “database collision”.
On April 10, the Ministry of Public Security issued an A- level arrest warrant to publicly wanted ten outstanding telecom network fraud criminals, two of whom were Fujian membership men. Anti theft chaos is also a concern of our provincial people’s congress representatives. This year’s provincial two sessions, some representatives put forward suggestions to strengthen the fight against network information fraud crimes.
In this regard, Fujian Banking Regulatory Bureau said in the co-organized opinion that it would vigorously urge the banks in the jurisdiction to further promote the work of cracking down on new illegal crimes in the telecom network. It is understood that from November 2015 to the end of February 2016, banks in the province cooperated with the police to query 4579 cases with an amount of 0.89 billion yuan.
People from the banking regulatory bureau reminded the public that the website domain name should be carefully identified for mobile phone messages with URL links from 955 × ×, and information such as electronic bank login password and dynamic password should not be entered on non-bank websites. At the same time, do not set the password of online banking and mobile banking to be the same as that of other websites. (Haidu reporter Zheng Liang)