They demand to show the screen to a “robotic system for diagnosing the account”
Sber announced the emergence of a new fraudulent scheme that uses the function of broadcasting the screen during a video call, this feature is available in some popular instant messengers. First, the fraudster creates an account in the messenger that allegedly belongs to Sber; the account name imitates the 900 number and includes the bank’s logo. The first call is made from this profile, the cybercriminal introduces himself as a bank employee and asks the potential victim if he has recently updated the banking mobile application. If the answer is no, then the «bank employee» says that another specialist will call soon to help update the application.
Another attacker usually calls from another account or even in another messenger, where there is a function for broadcasting the screen during a video call. Confusion with different specialists is needed to disorient a person and force him to follow the commands of cybercriminals. The second «bank employee» states that he is making a video call to identify the client using biometrics, and asks to turn on the screen sharing mode in order to connect a «robotic system for account diagnostics».
The user is then asked to log into the bank's mobile application, with the scammer claiming that it is completely safe since only the robot will see the screen. In fact, screen broadcasting allows an attacker to see card numbers, account amounts, and SMS codes from the bank. All this data allows you to gain access to the client’s personal account and steal his money or convince him to transfer his funds to a “safe account”. Sber emphasized that you cannot show the screen of your device to strangers via video link, even if they introduced themselves as bank employees, and the robotic system for diagnosing an account — this is fiction.